Hi buddy,
I'm very very confused and try to clear the flow of Elasticsearch - Logstash - Kibana .
Now , this is my situation : I wanna monitoring my Kafka server by ELK and i found the way ; use ELK . And this is my thinking flow
on kafka server : setup filebeat/metricbeat , beat will send log to logstash:5044
Logstash config input from beat > 5044 & output to Elasticsearch:9200
Kibana visualize the metric on Elasticsearch on Dashboard with Kibana:5601
but when i follow the offical Document of Filebeat :
/etc/filebeat/filebeat.yml
after that , Kibana index have 2 file with format :
logstash-datetime-0001
filebeat-datetime-0001
1- Is this correct ? , how can i know which index is send by logstash , is it logstash.....0001, and i can delete filebeat....0001 ?
In Logstash config :
i just follow example :
input {
tcp {
port => 5044
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
}
}
2 - How can i use filter - if i use filter , the index in Elasticsearch and Kibana still is filebeat.... or logstash.... or any new index ?, Do you have any example filter for Kafka?
quite simple : for the setup just ignore logstash and do a metricbeat setup -E setup.kibana.host=your_kibana_host :5601 -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["your_elasticsearchhost:9200"]'
same with filebeat , both on the command line of the host you have the beat installed.
But make sure that you call the setup BEFORE you start the metricbeat or filebeat services for the first time, in other words: before you put any data to logstash->elasticsearch.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.