ELK stack setup

girija · December 9, 2021, 6:04am

Hello

I am new to the ELK world and find myself confused. Although my stack is working fine and I am able to get the logs I want, I am not sure about what all is really required for correct setup and if I have anything extra.

I have fluent bit installed with output config in yml as below:
output-Elasticsearch.conf: |
[OUTPUT]
Name es
Match *
Host ${FLUENT_ELASTICSEARCH_HOST}
Port ${FLUENT_ELASTICSEARCH_PORT}
HTTP_User user
HTTP_Passwd djdk
Logstash_Format On
Replace_Dots On
Retry_Limit False

I also have logstash , Elasticsearch and kibana installed.

Now when I get the logs in Kibana, I see the indexes as logstash in snapshot below:

So fluent-bit is sending to logstash , which then sends it to elastic? Or I can remove my logstash and it will all still work fine?

What is reading the pod logs in kubernetes? if I understand correct, it is fluent-bit and not logstash.

Appreciate some guidance. Thank you.

Yosri_Samaali · December 9, 2021, 8:46am

Fluent-bit has not an output for Logstash. It sends data directly to Elasticsearch. The cause behind the format logtash-yyyy-MM-dd is that you're enabling the option:

Logstash_Format On

girija · December 9, 2021, 9:20am

Thank you. That clarifies things for me.

system · January 6, 2022, 9:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.