需求：Windows dhcp日志需要实时传输到elk或者其他告警平台。

1、filebeat下载地址：https://www.elastic.co/cn/downloads/beats/filebeat

2、下载后解压后配置filebeat.yml文件，

3、README.md文件中有运行的操作方法：cmd上进入filebeat的目录下执行filebeat -c filebeat.yml -e即可运行。

# Welcome to Filebeat 8.10.3

Filebeat sends log files to Logstash or directly to Elasticsearch.

## Getting Started

To get started with Filebeat, you need to set up Elasticsearch on
your localhost first. After that, start Filebeat with:

     ./filebeat -c filebeat.yml -e

This will start Filebeat and send the data to your Elasticsearch
instance. To load the dashboards for Filebeat into Kibana, run:

    ./filebeat setup -e

For further steps visit the
[Quick start](https://www.elastic.co/guide/en/beats/filebeat/8.10/filebeat-installation-configuration.html) guide.

## Documentation

Visit [Elastic.co Docs](https://www.elastic.co/guide/en/beats/filebeat/8.10/index.html)
for the full Filebeat documentation.

## Release notes

https://www.elastic.co/guide/en/beats/libbeat/8.10/release-notes-8.10.3.html

#备注：遇到gbk的文件，在centos上乱码，可以filebeat转一下

filebeat.inputs:
- type: log
  encoding: GB2312