Elk

From bibbleWiki
Revision as of 06:19, 21 May 2020 by Iwiseman (talk | contribs) (Created page with "=Gotchas= Running logstash cd /usr/share/logstash sudo bin/logstash --path.settings /etc/logstash --config.reload.automatic Running filebeat sudo filebeat -e -c /etc/fileb...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Gotchas

Running logstash 

cd /usr/share/logstash
sudo bin/logstash --path.settings /etc/logstash --config.reload.automatic

Running filebeat 

sudo filebeat -e -c /etc/filebeat/filebeat.yml -d "publish"

Turn off elasticsearch or it fails to start 

/etc/filebeat/filebeat.yml

#output.elasticsearch:
 # Array of hosts to connect to.
 #  hosts: ["localhost:9200"]

Enable inputs (turn off by default) 

 filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true
Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=Elk&oldid=313"