Hi, Newbie here... I would appreciate it if someone could assist. I watched about two hours of videos this morning but I have questions.
Basically, I want to test by installing your open source elastic stack with Elasticsearch, kibana, logstash, Beats to do real-time monitoring of workstations, servers and other devices. For the test I want to be able to test 5 windows workstations and 2 windows servers. If possible some to-link WiFi routers.
If I install all the above on a new hyperV server with say windows server 2012 for the server. For the workstations (nodes) can I install just Beats directly on the workstation or do I ‘push’ from the new elasticstack server I just installed? Also how do I tell it to push data to server?
As for the logstash, I am assuming Beats again will push those to the elasticstack server??
Oh, and I spoke to sales but they referred me to this site.
Generally, you install the Beats that you want to use (Metricbeat, Packetbeat, ...) on all servers that you want to monitor. Each beat can be configured with an output, where you specify the hostnames and port of your Elasticsearch nodes. The Beat will then push the data to the Elasticsearch cluster that those nodes belong to.
For example, for Metricbeat, you will find a metricbeat.yml configuration file (in /etc/metricbeat if you installed via RPM/DEB, or in the same directory as the binaries if you went with a TAR or ZIP file). This configuration file contains an output section. What you will probably want to do is send the data directly to Elasticsearch, so you will configure the output.elasticsearch section. Change localhost into the actual hostname of your Elasticsearch node, or configure an array of hostnames if you have multiple nodes.
I'm not sure you actually need Logstash. For common monitoring use cases, Beats can send data directly to Elasticsearch without having to go through Logstash. Only if you have specific data transformation needs would you send data through Logstash. In that case, you would set up each Beat to send the data to Logstash by configuring output.logstash with the hostname of your Logstash server, instead of output.elasticsearch. Next you would configure a Logstash elasticsearchoutput to write to Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.