Filebeat for binary files?

rahin88 · April 6, 2016, 6:50am

Hello Folks,

I am new to whole Logstash/ELK. But I am wondering if I can use filebeat for streaming binary data to network ?
Here is what I am trying to do.

Multiple processes (in hundreds) have lib in them to encode data and write to corresponding "logs files"(binary encoded files to save space) of the processes. If we want to read them "log files" in human readable format we can to by running it them a decoder I have.

Now what I want to do is stream the "log files" to a remote location via filebeat and run my decoder there. So is this possible via logstash or filebeat ?

This is my firstpost and any help is much appreciated. Thanks.

P.S. I can run my decoder where the "log files" are being generated and feed the output location to filebeat but It kills both my cpu and network. So i want to stream the encoded files incrementally and use my decoder on the cloud.

Christian_Dahlqvist · April 6, 2016, 6:54am

Filebeat is designed to process text based logs line by line, and as far as I know it is not able to handle binary logs.

steffens · April 6, 2016, 10:59am

filebeat currently tails text files only looking for newlines (even removing newlin characters). You don't want to run this on binary files as a random sequence of '\r\n' in binary and just '\n' in binary you wont be able distinguish in your decoder (if any '\n' is missing you will never see your content).

There have been ideas to make filebeat prospectors more plugin-like for improved extensiblity, but this is not possible to date.

rahin88 · April 7, 2016, 9:54am

Thanks Steffen and Christian,

What do you guys suggest I do. Now I am planning on getting to write my own plugin for logstash or are there any plugins that do this already ? I'll post the same in logstash forum.

steffens · April 7, 2016, 11:45am

Binary encoded files... is a very very generic statement. Dealing with binary (and sometimes ascii ) content one needs specialised parsers being able to extract content. Dealing with text based log files is fortunately relatively straight forward as using newlines to separate log entries is a very commonly accepted habit.

You can check logstash input/filter/codec plugins for any support.

veeragadag · June 9, 2017, 11:14am

Hi Christian,

I am facing a similar problem: sending hexdump file from client running filebeat to server running logstash.
Since this was discussed almost a year ago, is there any plugin available now to filebeat to send hexdump / binary files?

Also is it possible to transfer files from client to server as is, that is without filebeat interpreting the content of file?

Thanks & Best wishes,
Veera

ruflin · June 13, 2017, 6:51am

This is currently not possible.

bonsshah · April 8, 2019, 3:48pm

Is there any support now for binary files from Filebeat ?

Christian_Dahlqvist · April 8, 2019, 5:15pm

No, not that I am aware of. What kind of binary files are you looking to process?

pdegran · September 17, 2020, 6:52pm

Is there a way/option to "exclude" non-string data? I have log files which provides failing data records where sometime the SOH (x01) STX (x02) and ETX (x03) is part of the reported failing data.

Topic		Replies	Views
Filebeat supports binary log file input? Beats filebeat	2	1538	July 24, 2017
Binary logs parsing Logstash sent via filebeat? Logstash	2	257	November 23, 2022
Filebeat as a log parser for random text log Beats filebeat	2	380	October 12, 2019
Parsing-log-files-with-filebeat-and-sending-them-to-elasticsearch Beats filebeat	2	10054	February 9, 2018
Custom beat - re-use Filebeat log readers? Beats beats-development	4	1328	July 5, 2017

Filebeat for binary files?

Related topics