Scribd
Upload
19 views

ELK stack

Uploaded by

brahimnewghazi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
19 views

ELK stack

Uploaded by

brahimnewghazi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

Elastic Stack demo

Hajar Abu- Rmeileh


Software Engineering Class
Supervisor :Dr. Wesam Herbawi
Jun 2023
Elastic Stack

Centralized logging

ELK
Elastic Stack

is a NoSQL database that is based on


the Lucene search engine.

is a log pipeline tool that accepts


inputs from various sources, and
exports the data to various targets.

is a visualization UI layer that works


on top of Elasticsearch.
Elastic Stack

These three projects are used together for log analysis in various environments.
- Logstash collects and parses logs,
- Elastic search indexes and store this information.
- Kibana provides a UI layer that provide actionable insights.
Elastic Stack

Pull Pull
logs Pull
logs
logs
Elastic Stack
Elastic Stack

a lightweight shipper for forwarding and


centralizing log data.
Elastic Stack

https://github.com/Java-Techie-jt/elk-stack-logging-example
Elastic Stack

Download elastic search


https://www.elastic.co/downloads/elasticsearch

Open elasticsearch.yml
# Enable security features
xpack.security.enabled: false

Run elasticsearch.bat in bin files


elasticsearch.bat

localhost:9200
Elastic Stack

Download Kibana
https://www.elastic.co/downloads/kibana

Run kibana.bat in bin files


kibana.bat

localhost:5601
Elastic Stack

Download logstash
https://www.elastic.co/downloads/logstash
Elastic Stack

Download filebeat
https://www.elastic.co/downloads/beats/filebeat
Elastic Stack

cmd
cmd

Run in bin files:


logstash.bat -e "input { stdin { } } output { stdout
{} }"

https://www.elastic.co/guide/en/logstash/current/first-event.html
Elastic Stack

Create in config files:


cmd-elastic.conf

input {
stdin {

}
}

output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "hellodb"
Run in bin files:
}
}
logstash -f ./config/cmd-elastic.conf --config.reload.automatic
Elastic Stack
Delete registry folder
C:\Users\admin\Downloads\filebeat-8.8.0-windows-x86_64\data\registry

Create in filebeat-8.8.0-windows-x86_64: cmd


Log file filebeat-cmd.yml

filebeat.inputs:
- type: log
paths:
- C:/Users/admin/Downloads/logstash-
tutorial-dataset.txt
output.console:
pretty: true
Run in filebeat-8.8.0-windows-x86_64:
filebeat -e -c filebeat-cmd.yml -d "publish"
Elastic Stack

filebeat-logstash.yml first-pipeline.conf

input {
beats {
filebeat.inputs: port => "5044"
- type: log }
paths: }
- C:/Users/admin/Downloads/logstash- # The filter part of this file is
tutorial-dataset.txt commented out to indicate that it is
output.logstash: # optional.
hosts: ["localhost:5044"] # filter {
#
# }
output {
stdout {}
}
Elastic Stack
Delete registry folder
C:\Users\admin\Downloads\filebeat-8.8.0-windows-x86_64\data\registry

2 1
Filebeat-logstash.yml first-pipeline.conf

logstash -f ./config/first-pipeline.conf --
filebeat -e -c filebeat-logstash.yml -d "publish"
config.reload.automatic

https://www.elastic.co/guide/en/logstash/current/advanced-pipeline.html
Elastic Stack

Run: Delete registry folder


C:\Users\admin\Downloads\filebeat-8.8.0-windows-x86_64\data\registry
1. elasticsearch
2. Kibana
3. Logstash
4. filebeat
Elastic Stack
Filebeat-logstash.yml

logstash-elastic.conf

input {
beats {
port => "5044"
}
}
logstash -f ./config/logstash-elastic.conf --
config.reload.automatic
filebeat -e -c filebeat-logstash.yml -d
"publish"
output {
stdout { codec => rubydebug }

elasticsearch {
hosts => ["http://localhost:9200"]
index => "logdb"
}

}
Elastic Stack

https://github.com/Java-Techie-jt/elk-stack-logging-example

filebeat -e -c filebeat-logstash-real.yml -d logstash -f ./config/logstash-elastic.conf --


"publish" config.reload.automatic
Elastic Stack
http://localhost:9200/_cat/indices
Thanks for listening

Hajar Abu- Rmeileh


Software Engineering Class
Supervisor :Dr. Wesam Herbawi
Jun 2023

You might also like