Elastic Stack Guide Part — 1

Overview :

Architechture :

Usage Elastic Stack :

Elastic Search Installation :

Commands to install Elastic Search :

curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-x86_64.rpm
sudo rpm -i elasticsearch-7.14.0-x86_64.rpm
sudo service elasticsearch start

How to check if Elastic Search is running :

[root@localhost elk]# curl http://127.0.0.1:9200 { "name" : "localhost.localdomain", "cluster_name" : "elasticsearch", "cluster_uuid" : "MxKYDoJAQRG9D6krdFThsQ", "version" : { "number" : "7.14.0", "build_flavor" : "default", "build_type" : "rpm", "build_hash" : "dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1", "build_date" : "2021-07-29T20:49:32.864135063Z", "build_snapshot" : false, "lucene_version" : "8.9.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }

Kibana :

Commands to install kibana :

curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-linux-x86_64.tar.gz 
tar xzvf kibana-7.14.0-linux-x86_64.tar.gz
cd kibana-7.14.0-linux-x86_64/
./bin/kibana

Beats

Enabling Metric Beat :

curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.14.0-x86_64.rpm 
sudo rpm -vi metricbeat-7.14.0-x86_64.rpm
sudo metricbeat modules enable system 
sudo metricbeat setup -e
sudo service metricbeat start
  1. Size information of all partitions
  2. Read/Write Performance of Hardisk
  3. InboundOutBound Traffic analysis per Ethernet Port
  4. Load Avergae analysis of system
  5. Top Proesses consuming High CPU and RAM

Enabling FileBeat

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.14.0-x86_64.rpm 
rpm -ivh filebeat-7.14.0-x86_64.rpm
filebeat modules enable system (for system logs if we want to set custom paths : edit the file /etc/filebeat/modules.d/system.yml) -- Generally no need to change these config in all cases filebeat setup -e 
sudo service filebeat start

Configure filebeat for custom log files :

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store