Elk

From bibbleWiki
Jump to navigation Jump to search

Gotchas

Running logstash 

cd /usr/share/logstash
sudo bin/logstash --path.settings /etc/logstash --config.reload.automatic

Running filebeat 

sudo filebeat -e -c /etc/filebeat/filebeat.yml -d "publish"

Turn off elasticsearch or it fails to start 

/etc/filebeat/filebeat.yml

#output.elasticsearch:
 # Array of hosts to connect to.
 #  hosts: ["localhost:9200"]

Enable inputs (turn off by default) 

 filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true
Retrieved from ‘https://www.bibble.co.nz/mediawiki/index.php?title=Elk&oldid=314