Ingest journald logs with filebeat

Detlef · July 14, 2025, 12:52pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch: 2.17
Opensearch Dashboards: 2.17
Server OS: RHEL 9.6
Browser: Google Chrome 137.0.7151.69
Filebeat OSS 7.12.1

Describe the issue:
Hi !

How do I ingest messages from journald logs into Opensearch using filebeat oss 7.12.1 ?
What do I have to configure in the filebeat.yaml ?

The journald logs are written by a container running as non-root user.

Is there a better ingestion tool ?

Thnx for any help !

Best regards, Detlef

pablo · July 14, 2025, 2:15pm

@Detlef You could use Journald input in Filebeat, but that’s available in version 7.16
What is your workflow? Do you use Logstash or ingest directly to OS?

Detlef · July 14, 2025, 3:20pm

@pablo: I ingest directly to OS. Journald input is not available in the filebeat version 7.12.1. I got the information about the filebeat version to use from Agents and ingestion tools - OpenSearch documentation .

pablo · July 14, 2025, 7:17pm

@Detlef That is correct, but you could use Logstash with OpenSearch Output plugin and then switch to the newer version of the Filebeat.

Topic		Replies	Views
Which beats for ingesting logs from Linux server into Opensearch 3.1 OpenSearch configure , install	1	10	July 17, 2025
Sending logs to opensearch via filebeat Open Source Elasticsearch and Kibana discuss	2	530	November 2, 2024
Configuration Filebeat integrate with opensearch dashboard OpenSearch Dashboards troubleshoot , configure	7	1871	May 2, 2024
Filebeat 7.17 not connecting to OpenSearch OpenSearch	4	1056	October 6, 2023
Take data from filebeat to opensearch to see all in opensearch-dashboards OpenSearch	5	6861	May 9, 2023

Ingest journald logs with filebeat

Related topics