SlideShare a Scribd company logo

Deploying E.L.K stack w Puppet

Download as PPTX, PDF
Colin Brown
Colin Brown

Deploy an ElasticSearch/Logstash/Kibana cluster with Puppet!

Technology
1 of 37
Deploying E.L.K. with Puppets
Colin Brown @colinreidbrown cobrown@homeaway.com
The ELK Stack - What is it ? ElasticSearch….for Storage, Indexing & Search Logstash... For Logs & Filtering Kibana…. for DataViz & this guy
What you’ll need….
What You’ll Also Need... Load Balancer
These too…. elastic/puppet-elasticsearch elastic/puppet-logstash puppetlabs/puppetlabs-vcsrepo puppetlabs/puppetlabs-git puppetlabs/puppetlabs-concat puppetlabs/puppetlabs-stdlib
1st Prep a Base Image Save yourself some headache and just prep an empty image that sets puppet master in /etc/hosts [ec2-user@ip-172-30-0-118 ~]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain 172.30.0.41 puppet
Prepare your nodes... Use at minimum a medium instance for the elasticsearch nodes...
Prep your Load Balancer
The ElasticSearch Config node 'ip-172-30-0-189.ec2.internal', 'ip-172-30-0-190.ec2.internal','ip-172-30-0-160.ec2.internal','ip-172-30-0-159.ec2.internal','ip-172-30-0-4.ec2.internal' { class { 'elasticsearch': ensure => 'present', package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install => true, config => { 'cluster.name' => 'cluster-name-goeshere-cluster', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, …….
package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install => true, config => { 'cluster.name' => 'Frederick-Von-Clusterberg', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } } exec{'export ES_HEAP_SIZ=2g':} The ElasticSearch Package you want to use Give your cluster a name
'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', tag your elasticsearch instances the SAME groups are your security group ID’s
Node Discovery... 'discovery.type' => 'ec2',
Except it Doesn’t work. 'discovery.type' => 'ec2', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } }
CORS… you needs it 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://my.kibanabox.whatevs', Otherwise this happens...
Make your Heap Size Bigger exec{'export ES_HEAP_SIZ=2g':} The default is 1GB of Memory, but apparently ElasticSearch needs 2GB
You need to declare an instance!!!! elasticsearch::instance { 'es1': }
Now add some Plugins!! elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.4.1': module_dir => 'cloud-aws', instances => ['es1'], } elasticsearch::plugin { 'mobz/elasticsearch-head': module_dir => 'head', instances => ['es1'], } elasticsearch::plugin { 'lmenezes/elasticsearch-kopf': module_dir => 'kopf', instances => ['es1'], } elasticsearch::plugin { 'lukas-vlcek/bigdesk': module_dir => 'bigdesk', instances => ['es1'], } } And Make Sure to add your instance Name
We’re almost done...
Not Really…. That was just the ElasticSearch Part.
Logstash raw logs go in pretty formatted logs come out
Now for Logstash... node 'ip-172-30-0-144.ec2.internal' { class { 'logstash': ensure => 'present', package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-1.4.2- 1_2c0f5a1.noarch.rpm', install_contrib => true, contrib_package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-contrib-1.4.2- 1_efd53ef.noarch.rpm', java_install => true, exec{ ‘openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt - days 365’} } logstash::configfile { ‘somename’: content => template('files/logstash.conf') } }
the Logstash config file input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } this is called logstash-forwarder now, but in logstash config its still called lumberjack...just so you know.
the Logstash config file input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } These need to be placed on the servers sending the logs !
Filters…. filter { grok { type => "apache-access" match => { message => "%{COMBINEDAPACHELOG}" } } date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } geoip { source => clientip } }
Outputs... output { elasticsearch { host => 'LoadBalancer.us-east-1.elb.amazonaws.com' cluster => 'Frederick-Von-Clusterberg' protocol => 'http' } Send logs to your Load Balancer make sure to give it the cluster name...or don’t, you didn’t really need those logs anyway. Set The “elasticsearch” output
Are we there yet ?
And Now for Kibana…. elastic doesn’t provide a kibana module
so use this guy’s echocat/puppet-kibana4 it does the job.
the only config value you need is…. class kibana4 ( $version = '4.0.0-linux-x64', $download_path = 'http://download.elasticsearch.org/kibana/kibana', $install_dir = '/opt', $running = true, $enabled = true, $port = 5601, $host = '0.0.0.0', $elasticsearch_url = 'http://your.fancy.loadbalancerurl:9200', $elasticsearch_preserve_host = true, $kibana_index = '.kibana', $kibana_elasticsearch_username = '', $kibana_elasticsearch_password = '', $default_app_id = 'discover', $request_timeout = 300000, $shard_timeout = 0, $verify_ssl = true, $ca = '', $ssl_key_file = '', $ssl_cert_file = '', $pid_file = '/var/run/kibana.pid', This one right here
And Now You Have an ELK Stack!
You Still have to configure your Log Shipper
you need to prepare a few things
like go, the keys you made earlier, logstash forwarder... { "network": { "servers": [ "ip-172-30-0-144:1234" ], "ssl key":"/root/.logstash/logstash-forwarder.key", "ssl ca": "/root/.logstash/logstash-forwarder.crt", "timeout": 120 }, "files": [ { "paths": [ "/home/logdir/access*[^.][^g][^z]" ], "start_position": "beginning", "fields": { "type": "apache-access" } } ] }
Just Use This. elastic/logstash-forwarder
Thanks !

Recommended

Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Puppet
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnasAlexander Szalonnas
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et KibanaJournée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et KibanaPublicis Sapient Engineering
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Prajal Kulkarni
 
Apache Cassandra and Go
Apache Cassandra and GoApache Cassandra and Go
Apache Cassandra and GoDataStax Academy
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 
Elk scilifelab
Elk scilifelabElk scilifelab
Elk scilifelabGuillermo Carrasco Hernández
 

Recommended

Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Puppet
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnasAlexander Szalonnas
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et KibanaJournée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et KibanaPublicis Sapient Engineering
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Prajal Kulkarni
 
Apache Cassandra and Go
Apache Cassandra and GoApache Cassandra and Go
Apache Cassandra and GoDataStax Academy
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 
Elk scilifelab
Elk scilifelabElk scilifelab
Elk scilifelabGuillermo Carrasco Hernández
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring WebinarSematext Group, Inc.
 
The tale of 100 cve's
The tale of 100 cve'sThe tale of 100 cve's
The tale of 100 cve'sPrajal Kulkarni
 
Regex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadRegex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadAll Things Open
 
ElasticSearch
ElasticSearchElasticSearch
ElasticSearchLuiz Rocha
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Steve Howe
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK hypto
 
Javascript - The Stack and Beyond
Javascript - The Stack and BeyondJavascript - The Stack and Beyond
Javascript - The Stack and BeyondAll Things Open
 
LogStash in action
LogStash in actionLogStash in action
LogStash in actionManuj Aggarwal
 
Application Logging With The ELK Stack
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stackbenwaine
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...Oleksiy Panchenko
 
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - KibanaMonitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - KibanaWaldemar Neto
 
{{more}} Kibana4
{{more}} Kibana4{{more}} Kibana4
{{more}} Kibana4琛琳 饶
 
Elasticsearch for Logs & Metrics - a deep dive
Elasticsearch for Logs & Metrics - a deep diveElasticsearch for Logs & Metrics - a deep dive
Elasticsearch for Logs & Metrics - a deep diveSematext Group, Inc.
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibanainovex GmbH
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introductionOwen Wu
 
Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELKDaniel Berman
 
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMRAmazon Web Services
 
PuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppet
 

More Related Content

What's hot

Regex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadRegex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadAll Things Open
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Steve Howe
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK hypto
 
Javascript - The Stack and Beyond
Javascript - The Stack and BeyondJavascript - The Stack and Beyond
Javascript - The Stack and BeyondAll Things Open
 
Application Logging With The ELK Stack
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stackbenwaine
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...Oleksiy Panchenko
 
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - KibanaMonitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - KibanaWaldemar Neto
 
{{more}} Kibana4
{{more}} Kibana4{{more}} Kibana4
{{more}} Kibana4琛琳 饶
 
Elasticsearch for Logs & Metrics - a deep dive
Elasticsearch for Logs & Metrics - a deep diveElasticsearch for Logs & Metrics - a deep dive
Elasticsearch for Logs & Metrics - a deep diveSematext Group, Inc.
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibanainovex GmbH
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introductionOwen Wu
 
Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELKDaniel Berman
 

What's hot (20)

Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
 
The tale of 100 cve's
The tale of 100 cve'sThe tale of 100 cve's
The tale of 100 cve's
 
Regex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadRegex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language Instead
 
ElasticSearch
ElasticSearchElasticSearch
ElasticSearch
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Elk stack
Elk stackElk stack
Elk stack
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK
 
Javascript - The Stack and Beyond
Javascript - The Stack and BeyondJavascript - The Stack and Beyond
Javascript - The Stack and Beyond
 
LogStash in action
LogStash in actionLogStash in action
LogStash in action
 
Application Logging With The ELK Stack
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stack
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life
 
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
 
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - KibanaMonitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
 
{{more}} Kibana4
{{more}} Kibana4{{more}} Kibana4
{{more}} Kibana4
 
Elasticsearch for Logs & Metrics - a deep dive
Elasticsearch for Logs & Metrics - a deep diveElasticsearch for Logs & Metrics - a deep dive
Elasticsearch for Logs & Metrics - a deep dive
 
ELK Stack
ELK StackELK Stack
ELK Stack
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibana
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introduction
 
Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELK
 

Viewers also liked

(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMRAmazon Web Services
 
PuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppet
 
Elk devops
Elk devopsElk devops
Elk devopsIdeato
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSAmazon Web Services
 
How to measure everything - a million metrics per second with minimal develop...
How to measure everything - a million metrics per second with minimal develop...How to measure everything - a million metrics per second with minimal develop...
How to measure everything - a million metrics per second with minimal develop...Jos Boumans
 
My Bro The ELK
My Bro The ELKMy Bro The ELK
My Bro The ELKTripwire
 
Elasticsearch in Netflix
Elasticsearch in NetflixElasticsearch in Netflix
Elasticsearch in NetflixDanny Yuan
 
DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats Outlyer
 
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learnedELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learnedTin Le
 
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and KibanaPuppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibanapkill
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Impetus Technologies
 
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜Taiji Tsuchiya
 
Key Account Management
Key Account ManagementKey Account Management
Key Account Managementguest177ff19
 

Viewers also liked (16)

(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
 
PuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbquery
 
All about elasticsearch language clients
All about elasticsearch language clientsAll about elasticsearch language clients
All about elasticsearch language clients
 
Elk devops
Elk devopsElk devops
Elk devops
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
 
How to measure everything - a million metrics per second with minimal develop...
How to measure everything - a million metrics per second with minimal develop...How to measure everything - a million metrics per second with minimal develop...
How to measure everything - a million metrics per second with minimal develop...
 
My Bro The ELK
My Bro The ELKMy Bro The ELK
My Bro The ELK
 
Elasticsearch in Netflix
Elasticsearch in NetflixElasticsearch in Netflix
Elasticsearch in Netflix
 
DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats
 
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learnedELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
 
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and KibanaPuppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
 
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜
 
Fluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log ManagementFluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log Management
 
Key Account Management
Key Account ManagementKey Account Management
Key Account Management
 
Puppet slides
Puppet slidesPuppet slides
Puppet slides
 

Similar to Deploying E.L.K stack w Puppet

Puppet and Apache CloudStack
Puppet and Apache CloudStackPuppet and Apache CloudStack
Puppet and Apache CloudStackPuppet
 
Infrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStackInfrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStackke4qqq
 
Puppet and CloudStack
Puppet and CloudStackPuppet and CloudStack
Puppet and CloudStackke4qqq
 
Complex Made Simple: Sleep Better with TorqueBox
Complex Made Simple: Sleep Better with TorqueBoxComplex Made Simple: Sleep Better with TorqueBox
Complex Made Simple: Sleep Better with TorqueBoxbobmcwhirter
 
Puppetpreso
PuppetpresoPuppetpreso
Puppetpresoke4qqq
 
Ansible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupAnsible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupGreg DeKoenigsberg
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and ContainersRodolfo Carvalho
 
Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2Brian Schott
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
 
Cutting through the fog of cloud
Cutting through the fog of cloudCutting through the fog of cloud
Cutting through the fog of cloudKyle Rames
 
Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013Simon McCartney
 
Javascript Everywhere
Javascript EverywhereJavascript Everywhere
Javascript EverywherePascal Rettig
 
Railsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshareRailsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slidesharetomcopeland
 
Kickin' Ass with Cache-Fu (with notes)
Kickin' Ass with Cache-Fu (with notes)Kickin' Ass with Cache-Fu (with notes)
Kickin' Ass with Cache-Fu (with notes)err
 
Boxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of LaptopsBoxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of LaptopsPuppet
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Carlos Sanchez
 
Ansible inside
Ansible insideAnsible inside
Ansible insideIdeato
 
10 things I learned building Nomad packs
10 things I learned building Nomad packs10 things I learned building Nomad packs
10 things I learned building Nomad packsBram Vogelaar
 

Similar to Deploying E.L.K stack w Puppet (20)

Puppet and Apache CloudStack
Puppet and Apache CloudStackPuppet and Apache CloudStack
Puppet and Apache CloudStack
 
Infrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStackInfrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStack
 
Puppet and CloudStack
Puppet and CloudStackPuppet and CloudStack
Puppet and CloudStack
 
Complex Made Simple: Sleep Better with TorqueBox
Complex Made Simple: Sleep Better with TorqueBoxComplex Made Simple: Sleep Better with TorqueBox
Complex Made Simple: Sleep Better with TorqueBox
 
Puppetpreso
PuppetpresoPuppetpreso
Puppetpreso
 
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
 
Ansible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupAnsible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetup
 
Automation with Ansible and Containers
Automation with Ansible and ContainersAutomation with Ansible and Containers
Automation with Ansible and Containers
 
Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2Using Ansible Dynamic Inventory with Amazon EC2
Using Ansible Dynamic Inventory with Amazon EC2
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptop
 
Cutting through the fog of cloud
Cutting through the fog of cloudCutting through the fog of cloud
Cutting through the fog of cloud
 
Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013Stack kicker devopsdays-london-2013
Stack kicker devopsdays-london-2013
 
Javascript Everywhere
Javascript EverywhereJavascript Everywhere
Javascript Everywhere
 
Railsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshareRailsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshare
 
Kickin' Ass with Cache-Fu (with notes)
Kickin' Ass with Cache-Fu (with notes)Kickin' Ass with Cache-Fu (with notes)
Kickin' Ass with Cache-Fu (with notes)
 
Boxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of LaptopsBoxen: How to Manage an Army of Laptops
Boxen: How to Manage an Army of Laptops
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
 
Puppet
PuppetPuppet
Puppet
 
Ansible inside
Ansible insideAnsible inside
Ansible inside
 
10 things I learned building Nomad packs
10 things I learned building Nomad packs10 things I learned building Nomad packs
10 things I learned building Nomad packs
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Deploying E.L.K stack w Puppet

  • 3. The ELK Stack - What is it ? ElasticSearch….for Storage, Indexing & Search Logstash... For Logs & Filtering Kibana…. for DataViz & this guy
  • 5. What You’ll Also Need... Load Balancer
  • 7. 1st Prep a Base Image Save yourself some headache and just prep an empty image that sets puppet master in /etc/hosts [ec2-user@ip-172-30-0-118 ~]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain 172.30.0.41 puppet
  • 8. Prepare your nodes... Use at minimum a medium instance for the elasticsearch nodes...
  • 9. Prep your Load Balancer
  • 10.
  • 11. The ElasticSearch Config node 'ip-172-30-0-189.ec2.internal', 'ip-172-30-0-190.ec2.internal','ip-172-30-0-160.ec2.internal','ip-172-30-0-159.ec2.internal','ip-172-30-0-4.ec2.internal' { class { 'elasticsearch': ensure => 'present', package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install => true, config => { 'cluster.name' => 'cluster-name-goeshere-cluster', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, …….
  • 12. package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install => true, config => { 'cluster.name' => 'Frederick-Von-Clusterberg', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } } exec{'export ES_HEAP_SIZ=2g':} The ElasticSearch Package you want to use Give your cluster a name
  • 13. 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', tag your elasticsearch instances the SAME groups are your security group ID’s
  • 15. Except it Doesn’t work. 'discovery.type' => 'ec2', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } }
  • 16. CORS… you needs it 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://my.kibanabox.whatevs', Otherwise this happens...
  • 17. Make your Heap Size Bigger exec{'export ES_HEAP_SIZ=2g':} The default is 1GB of Memory, but apparently ElasticSearch needs 2GB
  • 18. You need to declare an instance!!!! elasticsearch::instance { 'es1': }
  • 19. Now add some Plugins!! elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.4.1': module_dir => 'cloud-aws', instances => ['es1'], } elasticsearch::plugin { 'mobz/elasticsearch-head': module_dir => 'head', instances => ['es1'], } elasticsearch::plugin { 'lmenezes/elasticsearch-kopf': module_dir => 'kopf', instances => ['es1'], } elasticsearch::plugin { 'lukas-vlcek/bigdesk': module_dir => 'bigdesk', instances => ['es1'], } } And Make Sure to add your instance Name
  • 21. Not Really…. That was just the ElasticSearch Part.
  • 22. Logstash raw logs go in pretty formatted logs come out
  • 23. Now for Logstash... node 'ip-172-30-0-144.ec2.internal' { class { 'logstash': ensure => 'present', package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-1.4.2- 1_2c0f5a1.noarch.rpm', install_contrib => true, contrib_package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-contrib-1.4.2- 1_efd53ef.noarch.rpm', java_install => true, exec{ ‘openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt - days 365’} } logstash::configfile { ‘somename’: content => template('files/logstash.conf') } }
  • 24. the Logstash config file input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } this is called logstash-forwarder now, but in logstash config its still called lumberjack...just so you know.
  • 25. the Logstash config file input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } These need to be placed on the servers sending the logs !
  • 26. Filters…. filter { grok { type => "apache-access" match => { message => "%{COMBINEDAPACHELOG}" } } date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } geoip { source => clientip } }
  • 27. Outputs... output { elasticsearch { host => 'LoadBalancer.us-east-1.elb.amazonaws.com' cluster => 'Frederick-Von-Clusterberg' protocol => 'http' } Send logs to your Load Balancer make sure to give it the cluster name...or don’t, you didn’t really need those logs anyway. Set The “elasticsearch” output
  • 28. Are we there yet ?
  • 29. And Now for Kibana…. elastic doesn’t provide a kibana module
  • 30. so use this guy’s echocat/puppet-kibana4 it does the job.
  • 31. the only config value you need is…. class kibana4 ( $version = '4.0.0-linux-x64', $download_path = 'http://download.elasticsearch.org/kibana/kibana', $install_dir = '/opt', $running = true, $enabled = true, $port = 5601, $host = '0.0.0.0', $elasticsearch_url = 'http://your.fancy.loadbalancerurl:9200', $elasticsearch_preserve_host = true, $kibana_index = '.kibana', $kibana_elasticsearch_username = '', $kibana_elasticsearch_password = '', $default_app_id = 'discover', $request_timeout = 300000, $shard_timeout = 0, $verify_ssl = true, $ca = '', $ssl_key_file = '', $ssl_cert_file = '', $pid_file = '/var/run/kibana.pid', This one right here
  • 32. And Now You Have an ELK Stack!
  • 33. You Still have to configure your Log Shipper
  • 34. you need to prepare a few things
  • 35. like go, the keys you made earlier, logstash forwarder... { "network": { "servers": [ "ip-172-30-0-144:1234" ], "ssl key":"/root/.logstash/logstash-forwarder.key", "ssl ca": "/root/.logstash/logstash-forwarder.crt", "timeout": 120 }, "files": [ { "paths": [ "/home/logdir/access*[^.][^g][^z]" ], "start_position": "beginning", "fields": { "type": "apache-access" } } ] }