Need advice for ELK

Hello, I just installed ELK on my server by following the tutorial https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-18-04 and I have some questions:

• what is the difference between the command :

# sudo metricbeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
# sudo metricbeat setup -e -E output.logstash.enabled=false -E output.elasticsearch.hosts=['localhost:9200'] -E setup.kibana.host=localhost:5601

and

# metricbeat setup -e

• if I monitor multiple servers, how does it work ? Should you create multiple indexes ?

Only just started experimenting with metricbeat so in no way an expert

Starting metricbeat without any arguments means it uses defaults for Kibana host and output (which I think is Elasticsearch). The assumption is that both Kibana and Elasticsearch is on the same host (localhost) and are listening on their default ports.

When you monitor several machines with metricbeat you are probably sending the metrics to a central Elastic Stack setup. This means you have to change localhost in the metricbeat config to wherever Kibana and Elasticsearch is.

You should be able to use a shared index for all metricbeat metrics. Usually you would have a rotating daily index. This is the default and metricbeatwill do that by default if it connects directly to Elasticsearch. If you go through Logstash, you might have to configure it separately.

Hope that helps.

Thanks for these informations. I did not manage to monitor other servers. I opened 2 new questions :

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.