- Run the script.
sudo chmod +x ELK.sh
./ELK.sh
- Setup beat clients (eg. Filebeat) to your application server.
sudo chmod +x filebeat.sh
./filebeat.sh
- Configure beat clients (eg. filebeat) output as logstash.
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
- Create
filebeat-*index pattern in kibana dashboard.
- Up the stack using
docker-composecommand.docker-compose up -d - Setup beat clients (eg. Filebeat) to your application server.
sudo chmod +x filebeat.sh
./filebeat.sh
- Configure beat clients (eg. filebeat) output as logstash.
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
- Create
filebeat-*index pattern in kibana dashboard.
To protect the kibana dashboard you can use the htpasswd in nginx.
Disallow to access directly the port 9200, 5601, 5044 and use ssl authentication while communicating with logstash.
Delete indices from Elasticsearch
curl -XDELETE 'http://localhost:9200/filebeat-*'
Check the space usage in Elasticsearch
curl -XGET 'http://localhost:9200/_cat/indices?v'
curl -XGET 'http://localhost:9200/_cat/allocation?v'
This project is licensed under the MIT License - see the License File for details