# ELK ## Deploy Elasticsearch ### Setup the host node The `vm.max_map_count` kernel setting needs to be set to at least 262144 for production use. Make sure the node(s) that will host Elasticsearch have the following config: ```bash sysctl -w vm.max_map_count=262144 ``` Create the data dir: ```bash mkdir /storage/storage-001/mnt-elasticsearch chown nobody:nogroup /storage/storage-001/mnt-elasticsearch/ ``` ### Create the namespace Connect to your kubectl workstation and create the namespace: ```bash kubectl create namespace elk ``` ### Create the ConfigMap Create Elasticsearch config file: ```bash cat <>elasticsearch.yml cluster.name: "docker-cluster" network.host: 0.0.0.0 discovery.zen.minimum_master_nodes: 1 discovery.type: single-node EOF ``` Create its `ConfigMap`: ```bash kubectl -n elk \ create configmap cm-elasticsearch \ --from-file=elasticsearch.yml \ -o yaml --dry-run | kubectl apply -f - ``` {% hint style="info" %} If you need to update the `ConfigMap`, run: ```bash kubectl -n elk \ create configmap cm-elasticsearch \ --from-file=elasticsearch.yml \ -o yaml --dry-run | kubectl apply -f - ``` Then run: ``` kubectl -n elk scale deployment/elasticsearch --replicas=0 kubectl -n elk scale deployment/elasticsearch --replicas=1 ``` {% endhint %} ### Deploy Elasticsearch Run: ```bash kubectl create -f - < and here {% endhint %} ### Create Elasticsearch service Run: ```bash kubectl create -f - <:/YOUR-INDEX/YOUR-TYPE/optionalUniqueId" -d "{ \"field\" : \"value\"}" ``` Another example of post: ```bash curl -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "user" : "Arun Thundyill Saseendran", "post_date" : "2009-03-23T12:30:00", "message" : "trying out Elasticsearch" }' "http://:/sampleindex/sampletype/" ``` ## Deploy Logstash ### Create the ConfigMap (config file) Create the config file: ```bash cat <>logstash.yml http.host: "0.0.0.0" path.config: /usr/share/logstash/pipeline EOF ``` Create its `ConfigMap`: ```bash kubectl -n elk \ create configmap cm-config-logstash \ --from-file=logstash.yml \ -o yaml --dry-run | kubectl apply -f - ``` {% hint style="info" %} If you need to update the `ConfigMap`, run: ```bash kubectl -n elk \ create configmap cm-config-logstash \ --from-file=logstash.yml \ -o yaml --dry-run | kubectl apply -f - ``` Then run: ``` kubectl -n elk scale deployment/logstash --replicas=0 kubectl -n elk scale deployment/logstash --replicas=1 ``` {% endhint %} ### Create the ConfigMap (pipeline) Create the config file: ```bash cat <>logstash.conf #input { # tcp { # port => 5959 # } #} input { http { port => 5959 response_headers => { "Access-Control-Allow-Origin" => "*" "Content-Type" => "application/json" "Access-Control-Allow-Headers" => "Origin, X-Requested-With, Content-Type, Accept" } } } ## Add your filters / logstash plugins configuration here output { elasticsearch { hosts => "PUT-YOUR-HOST-HERE:PUT-YOUR-PORT-HERE" } } EOF ``` {% hint style="info" %} Replace `output.elasticsearch.hosts` with your Elasticsearch host and port. {% endhint %} Create its `ConfigMap`: ```bash kubectl -n elk \ create configmap cm-pipeline-logstash \ --from-file=logstash.conf \ -o yaml --dry-run | kubectl apply -f - ``` {% hint style="info" %} If you need to update the `ConfigMap`, run: ```bash kubectl -n elk \ create configmap cm-pipeline-logstash \ --from-file=logstash.conf \ -o yaml --dry-run | kubectl apply -f - ``` Then run: ``` kubectl -n elk scale deployment/logstash --replicas=0 kubectl -n elk scale deployment/logstash --replicas=1 ``` {% endhint %} ### Deploy **Connect to your node** and create the data dir: ```bash mkdir -p /storage/storage-001/mnt-logstash chown nobody:nogroup /storage/storage-001/mnt-logstash ``` **Connect to your kubectl workstation and** run: ```bash kubectl create -f - < and here {% endhint %} ### Create service Run: ```bash kubectl create -f - <>kibana.yml server.name: kibana server.host: "0" elasticsearch.hosts: [ "http://PUT-YOUR-HOST-HERE:30920" ] xpack.monitoring.ui.container.elasticsearch.enabled: true EOF ``` {% hint style="info" %} Replace `elasticsearch.hosts` with your Elasticsearch host and port. {% endhint %} Create its `ConfigMap`: ```bash kubectl -n elk \ create configmap cm-kibana \ --from-file=kibana.yml \ -o yaml --dry-run | kubectl apply -f - ``` {% hint style="info" %} If you need to update the `ConfigMap`, run: ```bash kubectl -n elk \ create configmap cm-kibana \ --from-file=kibana.yml \ -o yaml --dry-run | kubectl apply -f - ``` Then run: ``` kubectl -n elk scale deployment/kibana --replicas=0 kubectl -n elk scale deployment/kibana --replicas=1 ``` {% endhint %} ### Deploy **Connect to your node** and create the data dir: ```bash mkdir /storage/storage-001/mnt-kibana chown nobody:nogroup /storage/storage-001/mnt-kibana/ ``` **Connect to your kubectl workstation and** run: ```bash kubectl create -f - < and here {% endhint %} ### Create service Run: ```bash kubectl create -f - <>filebeat.docker.yml filebeat: config: modules: path: ${path.config}/modules.d/*.yml reload.enabled: false autodiscover: providers: - type: docker hints.enabled: true prospectors: - input_type: log paths: - /elk/*.log #output.logstash: # hosts: ["PUT-YOUR-IP-HERE:30595"] output.elasticsearch: hosts: ["http://PUT-YOUR-IP-HERE:30920"] #index: "filebeat-%{[beat.version]}-%{+yyyy.MM.dd}" #index: "test-filebeat" logging: files: rotateeverybytes: 10485760 # = 10MB EOF ``` Text: ```bash docker run -tid \ --name=filebeat \ --user=root \ --volume="$(pwd)/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro" \ --volume="/elk:/elk:ro" \ --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" \ --volume="/var/run/docker.sock:/var/run/docker.sock:ro" \ docker.elastic.co/beats/filebeat:6.7.0 filebeat ``` Text: ```bash command ``` Text: ```bash command ``` Text: ```bash command ``` Text: ```bash command ``` Text: ```bash command ```