Elasticsearch Filebeat - Learn more about the Elasticsearch Filebeat custom collector (standard data source) in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

Elasticsearch Filebeat - Learn more about the Elasticsearch Filebeat custom collector (standard data source) in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-04

Note

You can configure collecting container logs from Google Kubernetes Engine using Elasticsearch Filebeat with a Custom - Filebeat based Collector or with a content pack Integration. For more information, see Google Kubernetes Engine.

You can ingest logs related to file activity on your endpoints and servers without using the Cortex XDR agent by installing Elasticsearch Filebeat as a system logger and then forward those logs to Cortex XDR using a Custom - Filebeat based Collector.

Elasticsearch Filebeat vendor	Description
Custom - Filebeat based Collector (standard data source) overview	Forward logs from Elasticsearch Filebeat to Cortex XDR using the Custom - Filebeat based Collector data source.
Link to custom - Filebeat based Collector (standard data source) instructions	Ingest logs from Elasticsearch Filebeat