Wednesday, September 5, 2018

ELK - Elastic Stack - Logstash - Kibana - Beats

E  - Elastic Search
L - Logstash
K - Kibana

Brief info on Elastic Search,  Kibana, Logstash  and  Elastic STack  Utilities


  • Installation and configuring
  • Deploy to Windows and Linux
  • Realtime Log  and resource Data  -  
  • Event alerting system via email.



Centralized Logging with the Elastic Stack



  • What is the Elastic Stack ?

                   The Elastic Stack is a suite of tools developed by the  Elastic company, best known for 
                    the distributed NoSQL document database Elasticsearch.

                          Elastic Stack tools  :  -

                                  -   Logstash
                                  -   Kibana
                                  -   The beats Utilities
                                   -  Open Source

               ELK -  Highly  scalable,  built in search, aggregation, and sharding.  
                           Used by Microsoft Azure, Wordpress, and Stack Exchange.


DEVOPS/IT
GLOBOMANTICS  

What is the  LogStash ?

  • Aggregates, filters and supplements log data.
  • Forwards altered logs to Elasticsearch.
  • Sending logs directly to Elasticsearch without Logstash can lead to inconsistent data.
What is the  Kibana

  • Web-based front-end
  • Works easily with Elasticsearch for charts, graphs, and visualizing data.
  • Free from the Elastic company
What is the  Beats?

  • Small, lightweight utilities for reading logs from a variety of sources.  Usually sends data to Logstash.
  • Filebeat :  Text log files.
  • Metricbeat : OS and applications.
  • Packetbeat : Network monitoring
  • Winlogbeat :  Windows Event log
  • Libbeat : Write your own
Configuring Elastic Search
  • Winlogbeat :  Windows Event log

$ cat  /etc/issue.net
$ifconfig
$apt-get install openjdk-8-jre-headless

$ java -version

Install Elastic search

get the package into pkg directory

$mkdir  elkpackage
$cd package
$~/pkg# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.0.0.deb

Install using dpkg tool

$~/pkg# dpkg -i elasticsearch-5.0.0.deb

$nano  /etc/elasticsearch/elasticsearch.yml   or   $ vi  /etc/elasticsearch/elasticsearch.yml

cusster.name :globo-monitoring
network.host : 192.168.0.12

$service elasticsearch start

We can test to make sure the cluster is running by issuing a basic curl command on the listening IP

$ curl http://192.168.0.12:9200

                           


By default  elasticsearch runs on port 9200, so we  append that to any API calls we make, and our result looks great.









at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Hyderabad Trip - Best Places to visit

 Best Places to Visit  in Hyderabad 1.        1. Golconda Fort Maps Link :   https://www.google.com/maps/dir/Aparna+Serene+Park,+Masj...