Hi Community,
I'm a newbie at all this with ELK and am easily confused by the technical terms used in the videos and the pages of really useful but baffling tutorials.
What I have been unable to fathom is how, if at all, I can monitor several servers at once using Kibana dashboard. Ideally, I'd like one screen showing CPU, Apache, MySQL stats, uptime and attack alerts for up to 15 CentOS web servers that we manage for customers.
Where do I start? I have Elastic Search and Kibana set up on my local Ubuntu PC and it happily measures CPU and other metrics (I have installed filebeat and metricbeat and configured them for local monitoring).
I have set up a Droplet with a small website on it as well as Webmin and would like, for a start, to monitor that but I can't see how to do it, what to ingest and how.
Can anyone give me a fairly straight guide on getting this done, please?
Thanks!
Hey FT_Support,
Thanks for checking things out!
The beats can be installed on as many machines as your elasticsearch cluster's hardware can handle. If you setup the Kibana dashboards that come with they'll give you overviews on all the server's sending data, https://www.elastic.co/guide/en/beats/metricbeat/current/load-kibana-dashboards.html.
My order of operations would roughly be
- Setup centralized Elasticsearch cluster. You'll need a public IP that all your servers can connect to, which may be blocked by your firewall if you're running locally.
- Install and configure metricbeat, filebeat, and packetbeat on every machine you want to monitor and connect them to your cluster
- Import the standard metricbeat and packetbeat dashboards into Kibana
After that it gets more complex. We're working on specific solutions, but at this time Elasticsearch is very general purpose. You may have to parse log files out using features like ingest node in elasticsearch, and create your own dashboards to fit your needs.
I'm not sure of any guides that fit your exact scenario, hopefully someone else can chime in.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.