1. Troubleshooting Guide
  2. Troubleshooting Technical Flows
  3. Troubleshooting Logs using ELK Stack
  4. Set Up ELK

1.5.1 Set Up ELK

You need to set up ELK for troubleshooting the logs using ELK stack.

The prerequisites are as follows:
  1. Download the Elastic search from https://www.elastic.co/downloads/elasticsearch.
  2. Download the Kibana from https://www.elastic.co/downloads/kibana.
  3. Download the Logstash from https://www.elastic.co/downloads/logstash.

Figure 1-17 ELK Setup


Description of Figure 1-17 follows
Description of "Figure 1-17 ELK Setup"

Note:

The default ports are as follows:

  • Elastic search - 9200

  • Kibana - 5601

To run the ELK:
  1. Run the elasticsearch.sh file present in the folder path /scratch/software/ELK/elasticsearch-6.5.1/bin.
  2. Configure Kibana to point the running instance of elastic search in the kibana.yml file.
  3. Configure Logstash. For more information on configurations, refer to the table below.

    Table 1-1 Configurations for Logstash

    Configuration Description

    Input

    This configuration is required to provide the log file location for the Logstash to read from.

    Filter

    Filters in Logstash are used to control or format the read operation (Line by line or Bulk read).

    Output

    In this section, provide the running elastic search instance to send the data for persisting.

    Figure 1-18 Logstash Configuration


    Description of Figure 1-18 follows
    Description of "Figure 1-18 Logstash Configuration"

Parent topic: Troubleshooting Logs using ELK Stack