1.5.1 Set Up ELK

This topic provides the links to setup ELK for troubleshooting the logs using ELK stack.

The prerequisites are as follows:

• Download the Elastic search from https://www.elastic.co/downloads/elasticsearch.
• Download the Kibana from https://www.elastic.co/downloads/kibana.
• Download the Logstash from https://www.elastic.co/downloads/logstash.

Figure 1-16 ELK Setup

Description of "Figure 1-16 ELK Setup"

Note:

The default ports are as follows:

• Elastic search - 9200

• Kibana - 5601

To run the ELK:

1. Run the elasticsearch.sh file present in the folder path /scratch/software/ELK/elasticsearch-6.5.1/bin.
   • Edit network.host to localhost and port if necessary. This should be enough for it to run.
   • Start: nohup bin/elasticsearch &
2. Configure the Kibana to point the running instance of elastic search in the kibana.yml file.
3. Configure the Logstash.
   For more information on configurations, refer to the table below.

   Table 1-1 Configurations for Logstash

   Configuration	Description
   Input	This configuration is required to provide the log file location for the Logstash to read from.
   Filter	Filters in Logstash is basically used to control or format the read operation (Line by line or Bulk read).
   Output	This provides the running elastic search instance to send the data for persisting.

   Figure 1-17 Logstash Configuration

   
   

   
   Description of "Figure 1-17 Logstash Configuration"

   
   

   Figure 1-18 Elasticsearch

   
   

   
   Description of "Figure 1-18 Elasticsearch"