This page details how to add Elasticsearch, Logstash and Kibana
Add a new platform for Elasticsearch using the ‘Elasticsearch with LB’ pack.
If required, edit the configuration under the Elasticsearch component. For example, change the number of shards or replicas used or other parameters as desired.
Commit the design changes and deploy the new platform.
Once Elasticsearch deployed successfully, you can access the user interface at http://ipaddress:9200
Add a new platform for Kibana and a dependency to the Elasticsearch platform.
Configure the Kibana component pointing to the Elasticsearch component deployed above.
Commit the design changes and deploy Kibana.
Verify Kibana by accessing the user interface at http://ipaddress:5601/app/kibana
The following steps are an example on how to configure Logstash to collect the Tomcat access log.
Add a Logstash component under the Tomcat platform.
Edit the inputs, filters and outputs options as required. Here is an input example:
Inputs : file {path => "/opt/tomcat7/logs/access*.log" sincedb_path => "/opt/logstash/sincedb-access" }
Deploy the Logstash component.
Verify Logstash started successfully without errors by inspecting the log on the VM running Tomcat and Logstash.
After the Logstash deployment, verify that indices are created on Elasticsearch at http://ipaddress:9200/_cat/indices and that the status is green.
Now that logs are parsed and stored in Elasticsearch, you can configure Kibana to generate reports as required and detailed in the Kibana documentation.
© oneops.com All Rights Reserved.