Setup the main ELK Stack on a linux server using the shell script.
sudo chmod +x ELK.sh
./ELK.sh
Once, you've done the setup of ELK Stack you should setup the beat clients eg. filebeat, metricbeat on the different server.
sudo chmod +x filebeat.sh
./filebeat.sh
sudo chmod +x metricbeat.sh
./metricbeat.sh
Now set the output of filebeat, metricbeat as logstash.
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
- Up the stack using
docker-composecommanddocker-compose up -d - Setup the beat clients (filebeat, metricbeat) as needed
- Import the Kibana dashboard
Go to
http://localhost:5601/then, clickManagement->Saved Objects->Importand import from the kibana/dashboard.json file - Create index pattern as
filebeat-*&metricbeat-*
To protect the kibana dashboard you can use the htpasswd in nginx.
Disallow to access directly the port 9200, 5601, 5044 over the web and use SSL certificates for the ELK & beat communication.
Delete indices from Elasticsearch
curl -XDELETE 'http://localhost:9200/filebeat-*'
Check the space usage in Elasticsearch
curl -XGET 'http://localhost:9200/_cat/indices?v'
curl -XGET 'http://localhost:9200/_cat/allocation?v'
This project is licensed under the MIT License - see the License File for details