How to open my cluster

Nada_I · January 2, 2018, 2:01pm

Hi,

I have these questions:

-How can I monitor my network on Elasticsearch ?

-What is the difference between Elasticsearch and Kibana ?

-When I insert the username and the password In Kibana it doesn't work what is the reason?

Thanks in advance

A_B · January 2, 2018, 2:21pm

Hi @Nada_I,

How can I monitor my network on Elasticsearch?

Could you give some more info on what exactly you want to do? Do you want to monitor your entire network using Elasticsearch or monitor network usage of Elasticsearch? *

What is the difference between Elasticsearch and Kibana?

Elasticsearch is a storage backend for JSON documents based on Lucine.

Kibana is a GUI or dashboard for Elasticsearch, where you can search Elasticsearch and visualise you data.

When I insert the username and the password In Kibana it doesn't work what is the reason?

I guess you have installed X-pack for Kibana if you have a login prompt. What credentials are you trying to use?

'* As such, for question 1, you can't directly monitor your network using just Elasticsearch. You can store the monitoring data in Elasticsearch by using packetbeat and then using Kibana as the dashboard.
If you want to monitor Elasticsearch you can use X-pack for that.

Nada_I · January 3, 2018, 10:06am

-i want to know how i can integrate it in the network to collect “, organize and search Log data and systems events for errors, security breaches..... etc.

so i should install packetbeat then kibana then x-pack and then elasticsearch right?

A_B · January 3, 2018, 10:56am

Ok then you will need

A log shipper, e.g. filebeat or winlogbeat fi you ship logs from Windows servers. Check out the rest of the beats family as well.

The log shipper can ship logs directly to Elasticsearch but if you want to be able to modify or enrich the logs before they get to Elasticsearch, you can output to Logstash first and have Logstash ship to Elasticsearch.

Kibana is your dashboard where you can search and visualise your logs.

X-pack extends the features of Logstash, Elasticsearch and Kibana. You do not necessarily need it. I use x.pack for Kibana because it gives me a monitoring dashboard for the Elasticsearch cluster health.

Hope that helps.

Nada_I · January 3, 2018, 12:05pm

i'm trying a free trial but i can't open kibana gui aslo
and every software doesn't install easily as its intsallation video doesn't clear
can you tell me how i can install elasticsearch,x-pack and kibana

Nada_I · January 3, 2018, 12:15pm

and how i can create username and password in packetbeat to use it in kibana?

A_B · January 3, 2018, 2:23pm

What operating system do you work on?

I would leave out x-pack for now. If you don't use x-pack, there should be no authentication anywhere.

And packetbeat is for monitoring of network packages. You probably want to start with filebeat for system logs.

Nada_I · January 4, 2018, 9:32am

windows 10

ok I'm trying filebeat now

A_B · January 4, 2018, 10:33am

I haven't use beats for Windows but as far as I know you would need to use https://www.elastic.co/products/beats/winlogbeat

Nada_I · January 4, 2018, 11:21am

filebeat or winlogbeat or both?

A_B · January 4, 2018, 11:29am

It's a looong time since I've done anything on Windows... And I have not used beats on Windows ever.

Winlogbeat is for "Windows Event Logs"
Filebeat is for plain text log files

So, I guess it depends on what logs you want to ship

Nada_I · January 4, 2018, 12:29pm

ok thanks alot

system · February 1, 2018, 12:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.