ELK: Difference between revisions

From air
Jump to navigation Jump to search
No edit summary
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
ELK = [[Elastic Search]] + [[Logstash]] + [[Kibana]]
ELK = [[Elastic Search]] + [[Logstash]] + [[Kibana]]

https://www.linuxfestnorthwest.org/sites/default/files/slides/Log%20Analysis%20with%20the%20ELK%20Stack.pdf

https://www.logstashbook.com/TheLogstashBook_sample.pdf



Check the Logstash configuration
<pre>
/opt/logstash/bin/logstash agent -f logstash.conf --configtest
</pre>

Check if Elasticsearch is running
<pre>
curl http://localhost:9200/_status?pretty=true
</pre>

Check to see if Logstash is getting events to Elasticsearch
<pre>
curl "http://localhost:9200/_search q=type:syslog&pretty=true"
</pre>

Add entry in [[syslog]]
<pre>
logger -i "Test message"
</pre>

Latest revision as of 08:08, 24 May 2016

ELK = Elastic Search + Logstash + Kibana

https://www.linuxfestnorthwest.org/sites/default/files/slides/Log%20Analysis%20with%20the%20ELK%20Stack.pdf

https://www.logstashbook.com/TheLogstashBook_sample.pdf


Check the Logstash configuration 

/opt/logstash/bin/logstash agent -f logstash.conf --configtest

Check if Elasticsearch is running 

curl http://localhost:9200/_status?pretty=true

Check to see if Logstash is getting events to Elasticsearch 

curl "http://localhost:9200/_search q=type:syslog&pretty=true"

Add entry in syslog 

logger -i "Test message"
Retrieved from "https://air.imag.fr/index.php?title=ELK&oldid=30146"