Facter 3 (cFacter) is recommended, and is the default. The output from Facter 3 is more structured and more stable than that of Facter 2, which makes for a much better experience with Factbeat and Elasticsearch.
If you really want to, you can configure the path to Facter, so you could point Factbeat at Facter 2 instead.
Pre-built binaries are availble for Windows and Linux (x86_64) on the releases page.
The downloads for both platforms contain:
- An example
- The Elasticsearch mapping template:
It's best to install the mapping template before running Factbeat, with something like:
curl -XPUT 'http://elasticsearch:9200/_template/factbeat' -email@example.com
The Windows archive also contains two Powershell scripts, for registering and removing the Factbeat Windows service.
Like all Beats, Factbeat is written in Go. If you are familiar with Go, and have a development environment set up, feel free to build Factbeat like any other Go program.
Containers, containers, containers
Factbeat ships with a fully containerized build and test pipeline. It provides containers that can build the Go source code and run its unit tests. There are also containers that manage acceptance testing using Python and a live Elasticsearch instance.
The containerized build/test sytem requires that you have:
However you don't need to install Go, Elasticsearch, Python etc. They are all packaged for you in Docker containers.
Given the above dependencies, you should be able to simply:
to get a
Though let's not forget:
- Allow blacklist/whitelist of facts.
- Convert percents to beats style ie. "83.3%" -> 0.833
- Consider removing disk stats all together, since Topbeat has them covered.
- Improved mapping template.
- Automate installing the mapping template.
- Your suggestions.