Downlaod below for mac with all compatible versions each other:
1.filebeat
2. logstash
3. elastic search
4. kibana
Enable some modules in filebeat to check default logs:
filebeat.yml config:
enable below to send logs via logstash:
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
enable below to send logs without logstash:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
add below to integrate new log file in filebeat:
- type: log
enabled: true
paths:
- /Users/...../logs/kibana_log.log
./filebeat modules list
./filebeat modules enable nginx
./filebeat modules enable mysql
sudo chown root filebeat.yml
sudo chown root modules.d/nginx.yml
sudo chown root modules.d/mysql.yml
./filebeat setup -e
sudo ./filebeat -e -c filebeat.yml -strict.perms=false
logstash:
create a sample file in logstash
logstash-simple.conf
input {
beats {
host => "localhost"
port => "5044"
ssl => false
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "app_service"
}
stdout { codec => rubydebug }
}
command to start:
logstash -f logstash-simple.conf
elastic
./elasticsearch
kibana
./kibana
create index pattern in kibana:
stackmanegement--> kibana--> dataview--> create dataview-> add name--> choose timestamp if we have.
after created we can see in discover.
