ELK

From air
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

ELK = Elastic Search + Logstash + Kibana

https://www.linuxfestnorthwest.org/sites/default/files/slides/Log%20Analysis%20with%20the%20ELK%20Stack.pdf

https://www.logstashbook.com/TheLogstashBook_sample.pdf


Check the Logstash configuration 

/opt/logstash/bin/logstash agent -f logstash.conf --configtest

Check if Elasticsearch is running 

curl http://localhost:9200/_status?pretty=true

Check to see if Logstash is getting events to Elasticsearch 

curl "http://localhost:9200/_search q=type:syslog&pretty=true"

Add entry in syslog 

logger -i "Test message"
Retrieved from "https://air.imag.fr/index.php?title=ELK&oldid=30146"