Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modernize ELK example with latest versions of everything #31

Closed
geerlingguy opened this issue Sep 3, 2016 · 3 comments
Closed

Modernize ELK example with latest versions of everything #31

geerlingguy opened this issue Sep 3, 2016 · 3 comments

Comments

@geerlingguy
Copy link
Owner

There are a few bits of the ELK stack that have radically changed in the past year—Kibana 4 is an entirely different beast, and Logstash Forwarder is now Filebeat... and the entire architecture seems to have evolved quite a bit.

I just finished porting the Kibana role to 4, in the 2.0.0 version (see: geerlingguy/ansible-role-kibana#5), but I pinned this repo's ELK example to the role's 1.0.8 version, which installs Kibana 3...

Need to test out some other bits and pieces, also rename things like logs server to something more logical (see closed issue #25).
@geerlingguy geerlingguy mentioned this issue Sep 3, 2016
Closed
geerlingguy added a commit that referenced this issue Sep 3, 2016
@geerlingguy
Issue #31: Make ELK example more stable by pinning versions.
e4ff773
geerlingguy added a commit that referenced this issue Sep 5, 2016
@geerlingguy
Issue #31: Initial work to update Kibana and use Filebeat.
169b21c
This was referenced Sep 11, 2016
Closed
Closed
@geerlingguy
Copy link
Owner Author

geerlingguy commented Sep 12, 2016
edited
Loading

Some debugging tricks:

  • Check ES index status: curl http://localhost:9200/_cat/indices?v
  • Check ES cluster status: curl -XGET http://localhost:9200/_cluster/health?pretty
  • Start Filebeat to monitor: sudo filebeat -e -v -c /etc/filebeat/filebeat.yml (make sure to stop filebeat service first)
  • Start Logstash to monitor: sudo /opt/logstash/bin/logstash --verbose -f /etc/logstash/conf.d/ (or --debug instead of --verbose if you wanna go crazy)

I'm almost there, but am hitting a quirk where the filebeat index generated through filebeat->logstash->ES is stuck in red status, and I'm not sure why. It was working yesterday, go figure.

geerlingguy added a commit that referenced this issue Sep 12, 2016
@geerlingguy
Issue #31: Modernize ELK example.
f7ef0bb
@geerlingguy
Copy link
Owner Author

Committed what I had so far.

Everything works... but when it all boots up, I have to first delete the auto-generated filebeats-[date] index in ES with curl -XDELETE 'http://localhost:9200/[index-name-here]/', then restart logstash and filebeat, and everything starts flowing through.

For some reason, on first start, the index created for filebeat through logstash gets stuck in a red/uninitialized state :/

@geerlingguy geerlingguy changed the title Modernize ELK example - ES 2, Kibana 4, etc. Modernize ELK example with latest versions of everything Jan 22, 2019
@geerlingguy
Copy link
Owner Author

Moving this to geerlingguy/ansible-for-devops#196 for more thorough fixing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@geerlingguy