Single build template for multiple beats (for example: Filebeat + MetricBeat + AuditBeat into single package)

We have been looking into vast estate of Linux clients and the project scope is looking for data for Operational data (filebeat) and (metrics-beat) && Security/complicance (Auditbeat) etc. The original plan was to install the relevant beats individually which I feel is bit awkward. Since most of the libraries are repeated in these beats, Is there a way to build the above 3 beats into a single package?

or better still, is there a template so we can build any relevant combination of such beats into single package and configure them remotely? [Single build template for multiple beats (Filebeat + MetricBeat + AuditBeat etc.)]

You would have to script this yourself. I have done similar with a bash script and an Aws S3 bucket to pull down the relevant beat. Automation tools such as Ansible would allow you to deploy to the relevant devices based on tag, hostnames etc...

I agree to the scripting side, but if you see the libraries && core-code is repeated in each beats. It won't be a nice idea to do scripting into the core-code piece, but rather best done at a source-code level or template such builds at core-code level.

I believe there is a plan soon to release a single master beat install that will cover all types with a single install.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.