nativeInstallerelk

Get started

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.

To get started with Bitnami ELK Stack, we suggest the following example to read the Apache access_log and check the requests per minute to the ELK server:

Step 1: Configure Logstash

  • Load the ELK environment before starting the configuration of Logstash:

    $ sudo installdir/use_elk
    
  • Stop the Logstash service:

    $ sudo installdir/ctlscript.sh stop logstash
    
  • Create the file installdir/logstash/conf/access-log.conf as below:

    input {
        file {
            path => "installdir/apache2/logs/access_log"
            start_position => beginning
        }
    }
    
    filter {
        grok {
            match => { "message" => "COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}" }
        }
        date {
            match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
       }
    }
    
    output {
        elasticsearch {
            hosts => [ "127.0.0.1:9200" ]
        }
    }
    
  • Check the configuration is OK. You should see an output message like below:

    $ installdir/logstash/bin/logstash -f installdir/logstash/conf/ --config.test_and_exit
    Configuration OK
    
  • Start the Logstash service:

    $ sudo installdir/ctlscript.sh start logstash
    

Step 2: Check Elasticsearch

  • Access your server via browser in order to generate data (http://localhost/).
  • Check Elasticsearch is receiving data. You should see an index called logstash-DATE:

    $ curl 'localhost:9200/_cat/indices?v'
    
    health status index               pri rep docs.count docs.deleted store.size pri.store.size
    green  open   .kibana               1   0          1            0      3.1kb          3.1kb
    yellow open   logstash-2017.02.21   5   1          1            2     11.2kb         11.2kb
    

Step 3: Configure Kibana pattern

  • Access the Kibana app via browser (http://localhost/elk/app/kibana), and use your user/password to pass the basic HTTP authentication.
  • Specify a timestamp by entering this value to the “Available Fields -> @timestamp” field.
  • Click the “Create” green button.
  • On the left bar, click the “Discover” menu item. You should see something like the screenshot below:

    ELK data

Step 4: Create a Kibana dashboard

  • On the left bar, click “Visualize” menu item.
  • Select the “Vertical bar chart -> From a new search” menu options.
  • Select “logstash-*” index.
  • Click the “X-Axis -> Aggregation -> Date Histogram” button sequence.
  • Select “Minute” in the “Interval” field, and click “Apply changes” button.

    ELK visualization

  • Save the visualization.

  • On the left bar, click “Dashboard” menu item.

  • Click the “Add” button, select the previous visualization and save the dashboard.

    ELK dashboard

Last modification September 4, 2018