elk and redis installation and configuration

ATTENSION

• attention the version of all software(use the latest)

node1

installed logstash, httpd

• systemctl start httpd
• vim /etc/logstash/httpd.conf

input {
    file {
        path => ["/var/log/httpd/access_log"]
        type => "httpd_log"
        start_position => ["beginning"]
    }
}

output {
    redis {
        host => ["node2"]
        key => "logstash-httpd"
        data_type => "list"
    }
}

+ logstash -f /etc/logstash/httpd.conf 

node2

installed redis

• vim /etc/redis.conf
• find protected_mode, set default value to no
• find the bind keyword, comment that line
• systemctl start redis

node3

installed logstash, elasticsearch

• vim /etc/logstash/httpd.conf

input {
    redis {
        data_type => "list"
        key => "logstash-httpd"
        host => "node2" # NOTE!! it's string not array
    }
}

output {
    elasticsearch {
        hosts => ["node4:9200"]
        index => "logstash-%{+YYYY.MM.dd}"
    }
}

• vim /etc/elasticsearch/elasticsearch.yml
• set cluster name and node name
• systemctl start elasticsearch
• logstash -f /etc/logstash/httpd.conf

node4

installed kibana

• see official website how to install and configura it
• hint: configure kibana through web