How to create kibana Dashboard from client machine through Logstash

Hi elastic team ,

I am new in ELK, I am trying to implement ELK on production environment. I have configured Elasticsearch,kibana and logstash..

host1 - elasticsearch,kibana ,logstash with nginx proxy
host2- Clientmachine installed with beats

here is the host1 machine configuration(ELK server)

Elasticsearch Configuration
vi /etc/elasticsearch/elasticsearch.yml
network.host: localhost
http.port: 9200

Kibana Dashboard Configuration
vi /etc/kibana/kibana.yml
server.port: 5601
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9200"]

Nginx Configuration:

server {
listen 80;

server_name 172.xx.xx.xx;

auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.kibana-user;

location / {
    proxy_pass http://localhost:5601;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

}

Logstash Configuration

cat /etc/logstash/conf.d# cat 02-beats-input.conf
input {
beats {
port => 5044
}
}

I have configured filtersection too..

cat /etc/logstash/conf.d# cat 30-elasticsearch-output.conf
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}

On Host2 (Client server) Beat configuration

Auditbeat configuration:

cat /etc/auditbeat/auditbeat.yml

output.logstash:
#the logstash hosts
hosts: ["172.xx.xx.xx:5044"]

above is my Elk server and Client server Configuration.

here, i am not sure how to load auditbeat index/dashboard in kibana. When i try to setup kibana dashboard for auditbeat, i got following error.

[root@Elk-Client1 ~]# auditbeat setup
Exiting: Index management requested but the Elasticsearch output is not configured/enabled

I don't want to configure beat output directly to elasticsearch for security purpose.

Can you give some suggestion to sort this issue ?

Note: My goal is ships logs through logstash and visible to kibana dashboard.

Thanks

Is there a reason you are using nginx auth rather than the free and built-in Security functionality?

Hi warkolm,

I am using nginx auth for additional security. Even if i not use ngnix authentication, i would like to restirct my elasticsearch port access only localhost using basic nginx.

Thanks

HI Guys,

Anybody gives hints to setup ELK for my requirements ?

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.