Series: A newbies guide to ELK

A newbies guide to ELK – Part 1 – Deployment

This entry is part 1 of 4 in the series A newbies guide to ELKThere are many ways to get an ELK (ElasticSearch, Logstash, Kibana) stack up and running – there are a ton of pre-built appliances, docker images, vagrant images, etc…  For this go around, however, I decided to install it piece by piece as I wanted to test some integration with some other visualization products such as Graylog and Grafana.  If you have deployed an elkstack before you know it isn’t that hard – however I figured I’d document my processes here as it’s the first time...

Read More

A newbies guide to ELK – Part 2 – Forwarding logs

This entry is part 2 of 4 in the series A newbies guide to ELKIn part 1 of this series we took a look at how to get all of the components of elkstack up and running, configured, and talking to each other.  Now not to say those aren’t important and necessary steps but having an elk stack up is not even 1/4 the amount of work required and quite honestly useless without any servers actually forwarding us their logs.  So with that said let’s take a look at a few different ways we can forward off some logs...

Read More

A newbies guide to ELK – Part 3 – Logstash Structure & Conditionals

This entry is part 3 of 4 in the series A newbies guide to ELKNow that we have looked at how to get data into our logstash instance it’s time to start exploring how we can interact with all of the information being thrown at us using conditionals.  But, before we get too far into what conditionals are we are best to first have a look at the overall structure of how logstash reads inputs, filters, and outputs from the configuration. We have spoken briefly about our inputs within part 2 of this series – and in that post, we...

Read More

A newbies guide to ELK – Part 4 – Filtering w/ Grok

This entry is part 4 of 4 in the series A newbies guide to ELKAlright!  It’s been a bit of work to finally get here but we are finally at a stage where we can really begin to see some of the power of Logstash and that’s by having a look at some of the filtering plugins that are available.  If we were to simply just syslog our data into Elasticsearch through Logstash as is it would probably seem kind of boring and plain.  Honestly, it’d be the same as any other old syslog application.  Logstash, on the other hand,...

Read More