Migrate Filebeat to use Elastic Agent as a log conllector

Hi All,

We currently have Filebeat running on our cluster via Helm, and we plan to migrate to Elastic Agent as our log collector. Our goal is to decommission Filebeat once Elastic Agent can fully replicate its log collection capabilities.

My question is: how can we configure the existing Elastic Agent running on our cluster to collect logs with the same functionality as Filebeat?

Additionally, since our deployment is on a Kubernetes cluster, I believe we should be using the Kubernetes integration.

BR,

Hi @M311ow

To migrate from Filebeat to Elastic Agent while maintaining the same log collection functionality, you can follow these steps:

Deploy Elastic Agent on your cluster via Helm or Fleet if not already installed.

Create a Fleet integration policy for log collection, which will serve as a replacement for Filebeat’s inputs.

Map existing Filebeat inputs—including log paths, multiline patterns, and processors—into the corresponding log integration settings within Elastic Agent.

Configure output settings to point to your Elasticsearch cluster, ensuring they match Filebeat’s existing cluster, index, and pipeline configurations.

Deploy the updated Elastic Agent policy across all nodes to collect logs from the same sources as Filebeat.

Validate log ingestion to ensure parsing, multiline handling, and pipelines behave as expected.

Decommission Filebeat once Elastic Agent is confirmed to fully replicate its functionality without any data loss.

This method guarantees a smooth transition and preserves all existing log collection functionality.