elk-workshop

A logging workshop backed by the ELK Trio.

Presentation

a workshop.html is supplied backed by reveal.js It is also available at http://slides.com/nir0s/elk-workshop#/

Requirements

• Virtualbox
• Vagrant

Vagrant

Provisioner

The vagrant directory contains a Vagrantfile that provisions a machine with:

• Elasticsearch
• Elasticsearch-head plugin
• Elasticsearch-kopf plugin
• Elasticsearch-bigdesk plugin
• Logstash
• Kibana
• feeder
• Nginx
• RabbitMQ

Box

The Vagrantfile in the root directory will load a box created from the above provisioned machine.

To get started run:

vagrant box add <box_url> --name elk
# then, from the same dir
vagrant up
# and then
vagrant ssh

Resources

The resources directory contains:

• An extended apache dashboard for Kibana. Link
• A logstash configuration file.
• An Nginx config file which exposes Kibana in port 3000 and ES in 9200.

Running logstash

~/elk/logstash/bin/logstash -f ~/elk-workshop/resources/logstash.conf

alternatively, run:

~/elk-workshop/runls.sh

Generating Logs during the workshop

feeder generates random logs which you can use during the workshop.

For instance, from the ~/elk-workshop directory, run:

mouth feed -f ApacheAccessEx -t File -m 1000 -g 0.001

This will write Apache Extended Access logs to a file called generated.log in the current directory.

Please refer to the documentation to understand how to use feeder.

Web Access

• To access the Kibana dashboard, please go to http://11.0.1.7:3000/index.html#/dashboard/file/logstash.json.
• To access the Head dashboard, please go to http://11.0.1.7:9200/_plugin/head.
• To access the Kopf dashboard, please go to http://11.0.1.7:9200/_plugin/kopf.
• To access the BigDesk dashboard, please go to http://11.0.1.7:9200/_plugin/bigdesk.