diff --git a/backend-api/deployment.yaml b/backend-api/deployment.yaml
index 3f8b435..3b4d1a7 100644
--- a/backend-api/deployment.yaml
+++ b/backend-api/deployment.yaml
@@ -24,7 +24,7 @@ spec:
             - name: BACKEND_API_DB_HOST
               value: "mysql.app-notifications.svc.cluster.local"
             - name: LOG_LEVEL
-              value: "INFO"
+              value: "DEBUG"
           volumeMounts:
             - name: backend-api-secrets
               mountPath: /etc/secrets
diff --git a/filebeat/configmap.yaml b/filebeat/configmap.yaml
new file mode 100644
index 0000000..28d4494
--- /dev/null
+++ b/filebeat/configmap.yaml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: filebeat-config
+  namespace: app-notifications
+data:
+  filebeat.yml: |
+    filebeat.autodiscover:
+      providers:
+        - type: kubernetes
+          node: ${NODE_NAME}
+          hints.enabled: true
+          templates:
+            - condition:
+                equals:
+                  kubernetes.namespace: "app-notifications"
+              config:
+                - type: container
+                  paths:
+                    - /var/log/containers/*_app-notifications_*.log
+
+    processors:
+      - add_kubernetes_metadata:
+          in_cluster: true
+      - drop_event:
+          when:
+            not:
+              or:
+                - regexp:
+                    kubernetes.pod.name: "^backend-.*"
+                - regexp:
+                    kubernetes.pod.name: "^service-.*"
+                - regexp:
+                    kubernetes.pod.name: "^mysql-.*"
+                - regexp:
+                    kubernetes.pod.name: "^rabbitmq-.*"
+
+    logging.level: info
+
+    output.logstash:
+      hosts: ["logstash.app-notifications.svc.cluster.local:5044"]
\ No newline at end of file
diff --git a/filebeat/daemonset.yaml b/filebeat/daemonset.yaml
new file mode 100644
index 0000000..5bb9728
--- /dev/null
+++ b/filebeat/daemonset.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: filebeat
+  namespace: app-notifications
+  labels:
+    app: filebeat
+spec:
+  selector:
+    matchLabels:
+      app: filebeat
+  template:
+    metadata:
+      labels:
+        app: filebeat
+    spec:
+      serviceAccountName: filebeat
+      containers:
+      - name: filebeat
+        image: docker.elastic.co/beats/filebeat:8.12.1
+        args: [
+          "-c", "/usr/share/filebeat/filebeat.yml",
+          "-e"
+        ]
+        env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+        volumeMounts:
+          - name: config
+            mountPath: /usr/share/filebeat/filebeat.yml
+            subPath: filebeat.yml
+          - name: varlog
+            mountPath: /var/log
+          - name: dockersock
+            mountPath: /var/lib/docker/containers
+            readOnly: true
+      volumes:
+        - name: config
+          configMap:
+            name: filebeat-config
+        - name: varlog
+          hostPath:
+            path: /var/log
+        - name: dockersock
+          hostPath:
+            path: /var/lib/docker/containers
diff --git a/filebeat/rbac.yaml b/filebeat/rbac.yaml
new file mode 100644
index 0000000..12c2d51
--- /dev/null
+++ b/filebeat/rbac.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: filebeat
+  namespace: app-notifications
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: filebeat
+  namespace: app-notifications
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "namespaces"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: filebeat
+  namespace: app-notifications
+subjects:
+  - kind: ServiceAccount
+    name: filebeat
+    namespace: app-notifications
+roleRef:
+  kind: Role
+  name: filebeat
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/logstash/configmap.yaml b/logstash/configmap.yaml
new file mode 100644
index 0000000..9a4d84e
--- /dev/null
+++ b/logstash/configmap.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: logstash-config
+  namespace: app-notifications
+data:
+  logstash.conf: |
+    input {
+      beats {
+        port => 5044
+      }
+    }
+      filter {
+         if [level] == "DEBUG" { drop {} }
+      }
+    output {
+      stdout { codec => json }  # for testing
+    }
diff --git a/logstash/deployment.yaml b/logstash/deployment.yaml
new file mode 100644
index 0000000..d448135
--- /dev/null
+++ b/logstash/deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: logstash
+  namespace: app-notifications
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: logstash
+  template:
+    metadata:
+      labels:
+        app: logstash
+    spec:
+      containers:
+      - name: logstash
+        image: docker.elastic.co/logstash/logstash:8.12.1
+        ports:
+        - containerPort: 5044
+        volumeMounts:
+        - name: logstash-config
+          mountPath: /usr/share/logstash/pipeline/logstash.conf
+          subPath: logstash.conf
+      volumes:
+      - name: logstash-config
+        configMap:
+          name: logstash-config
diff --git a/logstash/service.yaml b/logstash/service.yaml
new file mode 100644
index 0000000..090e497
--- /dev/null
+++ b/logstash/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: logstash
+  namespace: app-notifications
+spec:
+  selector:
+    app: logstash
+  ports:
+    - protocol: TCP
+      port: 5044
+      targetPort: 5044