ELK – setup and configuration – 01 – basic

0. Introduction
system: [1] windows run filebeat send file content to [2] redis service on [3] centos server which installed elk

1. Configuration 
   [windows client]
   =====FILEBEAT YML============
   filebeat.inputs:
   – type: log
   paths:
   – c:\test\*

   filebeat.config.modules:
   path: ${path.config}/modules.d/*.yml
   reload.enabled: true
   setup.template.settings:
   index.number_of_shards: 3

   setup.kibana:

   output.redis:
   hosts: [“172.17.17.18”]
   password: “pass”
   key: “filebeat”
   db: 0
   timeout: 5

   processors:
   – add_host_metadata: ~
   – add_cloud_metadata: ~
   =====FILEBEAT YML============

   Running filebeat:
   filebeat.exe -c filebeat.yml

   [CENTOST] – elk and redis server

   ===== Redis.conf============
   bind 172.17.17.18
   port 6379
   requirepass pass
   …
   ===== Redis.conf=============

   =====Logstash.conf===========
   input {
   redis {
   host => “172.17.17.18”
   port => 6379
   password => “pass”
   db => 0
   data_type => “list”
   key => “filebeat”
   codec => “json”
   }
   }

   output {
   elasticsearch {
   hosts=>[“localhost:9200”]
   }
   }
   =====Logstash.conf===========

2. Kibana web interface

   // after generate data and create index in management