Get started
To get started with Bitnami ELK Stack, we suggest the following example to read the Apache access_log and check the requests per minute to the ELK server:
Step 1: Configure Logstash
Stop the Logstash service:
$ sudo /opt/bitnami/ stop logstash
Create the file /opt/bitnami/logstash/pipeline/access-log.conf as below:
input { file { path => "/opt/bitnami/apache/logs/access_log" start_position => beginning } } filter { grok { match => { "message" => "COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}" } } date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } } output { elasticsearch { hosts => [ "" ] } }
Check the configuration is OK. You should see an output message like below:
$ /opt/bitnami/logstash/bin/logstash -f /opt/bitnami/logstash/pipeline/ --config.test_and_exit Configuration OK
Start the Logstash service:
$ sudo /opt/bitnami/ start logstash
Step 2: Check Elasticsearch
Access your server via browser to http://SERVER-IP/ to generate an Apache log entry, so it is read by Logstash and sent to Elasticsearch.
Check Elasticsearch is receiving data. You should see an index called logstash-DATE:
$ curl 'localhost:9200/_cat/indices?v' health status index pri rep docs.count docs.deleted store.size green open .kibana 1 0 1 0 3.1kb 3.1kb yellow open logstash-2017.02.21 5 1 1 2 11.2kb 11.2kb
If you are unable to see the configured logs with the previous command, try stopping and restarting the Logstash service using the following command instead:
$ sudo /opt/bitnami/ stop logstash
$ /opt/bitnami/logstash/bin/logstash -f /opt/bitnami/logstash/pipeline/access-log.conf
Step 3: Configure Kibana pattern
Access the Kibana app via browser (http://SERVER-IP/app/kibana), and use your user/password to pass the basic HTTP authentication.
Specify a timestamp by entering this value to the “Available Fields -> @timestamp” field.
Click the “Create” green button.
On the left bar, click the “Discover” menu item. You should see something like the screenshot below:
Step 4: Create a Kibana dashboard
On the left bar, click “Visualize” menu item.
Select the “Vertical bar chart -> From a new search” menu options.
Select “logstash-*” index.
Click the “X-Axis -> Aggregation -> Date Histogram” button sequence.
Select “Minute” in the “Interval” field, and click “Apply changes” button.
Save the visualization.
On the left bar, click “Dashboard” menu item.
Click the “Add” button, select the previous visualization and save the dashboard.