Colin Brown, profile picture
Uploaded byColin Brown
PPTX, PDF8,092 views

Deploying E.L.K stack w Puppet

This document provides instructions for deploying an ELK (Elasticsearch, Logstash, Kibana) stack using Puppet. It discusses setting up Elasticsearch on EC2 instances using Puppet modules, configuring Logstash to accept logs and send them to Elasticsearch, and installing Kibana for visualization. The key steps are preparing base EC2 images, configuring Elasticsearch for clustering and plugins, defining the Logstash input, filters and Elasticsearch output, and installing Kibana using a Puppet module to configure it to connect to Elasticsearch.

Embed presentation

Downloaded 81 times
Deploying E.L.K. with Puppets
Colin Brown @colinreidbrown cobrown@homeaway.com
The ELK Stack - What is it ? ElasticSearch….for Storage, Indexing & Search Logstash... For Logs & Filtering Kibana…. for DataViz & this guy
What you’ll need….
What You’ll Also Need... Load Balancer
These too…. elastic/puppet-elasticsearch elastic/puppet-logstash puppetlabs/puppetlabs-vcsrepo puppetlabs/puppetlabs-git puppetlabs/puppetlabs-concat puppetlabs/puppetlabs-stdlib
1st Prep a Base Image Save yourself some headache and just prep an empty image that sets puppet master in /etc/hosts [ec2-user@ip-172-30-0-118 ~]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain 172.30.0.41 puppet
Prepare your nodes... Use at minimum a medium instance for the elasticsearch nodes...
Prep your Load Balancer
The ElasticSearch Config node 'ip-172-30-0-189.ec2.internal', 'ip-172-30-0-190.ec2.internal','ip-172-30-0-160.ec2.internal','ip-172-30-0-159.ec2.internal','ip-172-30-0-4.ec2.internal' { class { 'elasticsearch': ensure => 'present', package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install => true, config => { 'cluster.name' => 'cluster-name-goeshere-cluster', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, …….
package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install => true, config => { 'cluster.name' => 'Frederick-Von-Clusterberg', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } } exec{'export ES_HEAP_SIZ=2g':} The ElasticSearch Package you want to use Give your cluster a name
'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', tag your elasticsearch instances the SAME groups are your security group ID’s
Node Discovery... 'discovery.type' => 'ec2',
Except it Doesn’t work. 'discovery.type' => 'ec2', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } }
CORS… you needs it 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://my.kibanabox.whatevs', Otherwise this happens...
Make your Heap Size Bigger exec{'export ES_HEAP_SIZ=2g':} The default is 1GB of Memory, but apparently ElasticSearch needs 2GB
You need to declare an instance!!!! elasticsearch::instance { 'es1': }
Now add some Plugins!! elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.4.1': module_dir => 'cloud-aws', instances => ['es1'], } elasticsearch::plugin { 'mobz/elasticsearch-head': module_dir => 'head', instances => ['es1'], } elasticsearch::plugin { 'lmenezes/elasticsearch-kopf': module_dir => 'kopf', instances => ['es1'], } elasticsearch::plugin { 'lukas-vlcek/bigdesk': module_dir => 'bigdesk', instances => ['es1'], } } And Make Sure to add your instance Name
We’re almost done...
Not Really…. That was just the ElasticSearch Part.
Logstash raw logs go in pretty formatted logs come out
Now for Logstash... node 'ip-172-30-0-144.ec2.internal' { class { 'logstash': ensure => 'present', package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-1.4.2- 1_2c0f5a1.noarch.rpm', install_contrib => true, contrib_package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-contrib-1.4.2- 1_efd53ef.noarch.rpm', java_install => true, exec{ ‘openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt - days 365’} } logstash::configfile { ‘somename’: content => template('files/logstash.conf') } }
the Logstash config file input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } this is called logstash-forwarder now, but in logstash config its still called lumberjack...just so you know.
the Logstash config file input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } These need to be placed on the servers sending the logs !
Filters…. filter { grok { type => "apache-access" match => { message => "%{COMBINEDAPACHELOG}" } } date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } geoip { source => clientip } }
Outputs... output { elasticsearch { host => 'LoadBalancer.us-east-1.elb.amazonaws.com' cluster => 'Frederick-Von-Clusterberg' protocol => 'http' } Send logs to your Load Balancer make sure to give it the cluster name...or don’t, you didn’t really need those logs anyway. Set The “elasticsearch” output
Are we there yet ?
And Now for Kibana…. elastic doesn’t provide a kibana module
so use this guy’s echocat/puppet-kibana4 it does the job.
the only config value you need is…. class kibana4 ( $version = '4.0.0-linux-x64', $download_path = 'http://download.elasticsearch.org/kibana/kibana', $install_dir = '/opt', $running = true, $enabled = true, $port = 5601, $host = '0.0.0.0', $elasticsearch_url = 'http://your.fancy.loadbalancerurl:9200', $elasticsearch_preserve_host = true, $kibana_index = '.kibana', $kibana_elasticsearch_username = '', $kibana_elasticsearch_password = '', $default_app_id = 'discover', $request_timeout = 300000, $shard_timeout = 0, $verify_ssl = true, $ca = '', $ssl_key_file = '', $ssl_cert_file = '', $pid_file = '/var/run/kibana.pid', This one right here
And Now You Have an ELK Stack!
You Still have to configure your Log Shipper
you need to prepare a few things
like go, the keys you made earlier, logstash forwarder... { "network": { "servers": [ "ip-172-30-0-144:1234" ], "ssl key":"/root/.logstash/logstash-forwarder.key", "ssl ca": "/root/.logstash/logstash-forwarder.crt", "timeout": 120 }, "files": [ { "paths": [ "/home/logdir/access*[^.][^g][^z]" ], "start_position": "beginning", "fields": { "type": "apache-access" } } ] }
Just Use This. elastic/logstash-forwarder
Thanks !

More Related Content

PDF
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
byPuppet
 
PDF
elk_stack_alexander_szalonnas
byAlexander Szalonnas
 
PPT
Logstash
by琛琳 饶
 
PDF
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
byPublicis Sapient Engineering
 
PDF
Null Bachaav - May 07 Attack Monitoring workshop.
byPrajal Kulkarni
 
PDF
Apache Cassandra and Go
byDataStax Academy
 
PDF
Logstash-Elasticsearch-Kibana
bydknx01
 
PDF
Elk scilifelab
byGuillermo Carrasco Hernández
 
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
byPuppet
 
elk_stack_alexander_szalonnas
byAlexander Szalonnas
 
Logstash
by琛琳 饶
 
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
byPublicis Sapient Engineering
 
Null Bachaav - May 07 Attack Monitoring workshop.
byPrajal Kulkarni
 
Apache Cassandra and Go
byDataStax Academy
 
Logstash-Elasticsearch-Kibana
bydknx01
 
Elk scilifelab
byGuillermo Carrasco Hernández
 

What's hot

PDF
Docker Monitoring Webinar
bySematext Group, Inc.
 
PPTX
The tale of 100 cve's
byPrajal Kulkarni
 
PDF
Regex Considered Harmful: Use Rosie Pattern Language Instead
byAll Things Open
 
PDF
ElasticSearch
byLuiz Rocha
 
PDF
Logging logs with Logstash - Devops MK 10-02-2016
bySteve Howe
 
PDF
Logstash: Get to know your logs
bySmartLogic
 
PPTX
Elk stack
byJilles van Gurp
 
PDF
Machine Learning in a Twitter ETL using ELK
byhypto
 
PPTX
Javascript - The Stack and Beyond
byAll Things Open
 
PDF
LogStash in action
byManuj Aggarwal
 
PDF
Application Logging With The ELK Stack
bybenwaine
 
PPT
How ElasticSearch lives in my DevOps life
by琛琳 饶
 
PPTX
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
byOleksiy Panchenko
 
PDF
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
byWaldemar Neto
 
PPT
{{more}} Kibana4
by琛琳 饶
 
PDF
Elasticsearch for Logs & Metrics - a deep dive
bySematext Group, Inc.
 
PPTX
ELK Stack
byPhuc Nguyen
 
PDF
Mobile Analytics mit Elasticsearch und Kibana
byinovex GmbH
 
PDF
Logstash family introduction
byOwen Wu
 
PPTX
Monitoring Docker with ELK
byDaniel Berman
 
Docker Monitoring Webinar
bySematext Group, Inc.
 
The tale of 100 cve's
byPrajal Kulkarni
 
Regex Considered Harmful: Use Rosie Pattern Language Instead
byAll Things Open
 
ElasticSearch
byLuiz Rocha
 
Logging logs with Logstash - Devops MK 10-02-2016
bySteve Howe
 
Logstash: Get to know your logs
bySmartLogic
 
Elk stack
byJilles van Gurp
 
Machine Learning in a Twitter ETL using ELK
byhypto
 
Javascript - The Stack and Beyond
byAll Things Open
 
LogStash in action
byManuj Aggarwal
 
Application Logging With The ELK Stack
bybenwaine
 
How ElasticSearch lives in my DevOps life
by琛琳 饶
 
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
byOleksiy Panchenko
 
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
byWaldemar Neto
 
{{more}} Kibana4
by琛琳 饶
 
Elasticsearch for Logs & Metrics - a deep dive
bySematext Group, Inc.
 
ELK Stack
byPhuc Nguyen
 
Mobile Analytics mit Elasticsearch und Kibana
byinovex GmbH
 
Logstash family introduction
byOwen Wu
 
Monitoring Docker with ELK
byDaniel Berman
 

Viewers also liked

PDF
PuppetDB, Puppet Explorer and puppetdbquery
byPuppet
 
PDF
All about elasticsearch language clients
byEnterprise Search Warsaw Meetup
 
PDF
Elk devops
byIdeato
 
PDF
How to measure everything - a million metrics per second with minimal develop...
byJos Boumans
 
PPTX
My Bro The ELK
byTripwire
 
PDF
Elasticsearch in Netflix
byDanny Yuan
 
PDF
DOXLON November 2016 - ELK Stack and Beats
byOutlyer
 
PPTX
ELK at LinkedIn - Kafka, scaling, lessons learned
byTin Le
 
PDF
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
bypkill
 
PPT
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
byImpetus Technologies
 
PDF
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜
byTaiji Tsuchiya
 
PDF
Fluentd vs. Logstash for OpenStack Log Management
byNTT Communications Technology Development
 
PPT
Key Account Management
byguest177ff19
 
ODP
Puppet slides
byPierre Mavro
 
PuppetDB, Puppet Explorer and puppetdbquery
byPuppet
 
All about elasticsearch language clients
byEnterprise Search Warsaw Meetup
 
Elk devops
byIdeato
 
How to measure everything - a million metrics per second with minimal develop...
byJos Boumans
 
My Bro The ELK
byTripwire
 
Elasticsearch in Netflix
byDanny Yuan
 
DOXLON November 2016 - ELK Stack and Beats
byOutlyer
 
ELK at LinkedIn - Kafka, scaling, lessons learned
byTin Le
 
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
bypkill
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
byImpetus Technologies
 
ネットワーク運用自動化の実際〜現場で使われているツールを調査してみた〜
byTaiji Tsuchiya
 
Fluentd vs. Logstash for OpenStack Log Management
byNTT Communications Technology Development
 
Key Account Management
byguest177ff19
 
Puppet slides
byPierre Mavro
 

Similar to Deploying E.L.K stack w Puppet

PPTX
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
PDF
The elastic stack on docker
bySmartWave
 
PDF
Mulesoft ELK
byIntegration Assistance
 
PPTX
Elk ruminating on logs
byMathew Beane
 
PPTX
Attack monitoring using ElasticSearch Logstash and Kibana
byPrajal Kulkarni
 
PPTX
Elk
byCaleb Wang
 
PPTX
Mulesoft with ELK (Elastic Search, Log stash, Kibana)
byGaurav Sethi
 
PPTX
Elastic stack Presentation
byAmr Alaa Yassen
 
PDF
Jesse Olson - Nagios Log Server Architecture Overview
byNagios
 
PDF
2015 03-16-elk at-bsides
byJeremy Cohoe
 
PPTX
MySQL Audit using Percona audit plugin and ELK
byYoungHeon (Roy) Kim
 
DOCX
Install elasticsearch, logstash and kibana
byChanaka Lasantha
 
PDF
Log analysis with elastic stack
byBangladesh Network Operators Group
 
PDF
Elastic 101 tutorial - Percona Europe 2018
byAntonios Giannopoulos
 
PDF
Elastic101tutorial Percona Live Europe 2018
byAlex Cercel
 
PDF
Setting ELK in 10 minutes on Windows locally
bySonil Kumar
 
PDF
Log analysis with the elk stack
byVikrant Chauhan
 
PPTX
Installation of Elastic search Blue Teams.pptx
byPhongTrn639136
 
PDF
DIY Netflow Data Analytic with ELK Stack by CL Lee
byMyNOG
 
PPT
Elk presentation1#3
byuzzal basak
 
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
The elastic stack on docker
bySmartWave
 
Mulesoft ELK
byIntegration Assistance
 
Elk ruminating on logs
byMathew Beane
 
Attack monitoring using ElasticSearch Logstash and Kibana
byPrajal Kulkarni
 
Elk
byCaleb Wang
 
Mulesoft with ELK (Elastic Search, Log stash, Kibana)
byGaurav Sethi
 
Elastic stack Presentation
byAmr Alaa Yassen
 
Jesse Olson - Nagios Log Server Architecture Overview
byNagios
 
2015 03-16-elk at-bsides
byJeremy Cohoe
 
MySQL Audit using Percona audit plugin and ELK
byYoungHeon (Roy) Kim
 
Install elasticsearch, logstash and kibana
byChanaka Lasantha
 
Log analysis with elastic stack
byBangladesh Network Operators Group
 
Elastic 101 tutorial - Percona Europe 2018
byAntonios Giannopoulos
 
Elastic101tutorial Percona Live Europe 2018
byAlex Cercel
 
Setting ELK in 10 minutes on Windows locally
bySonil Kumar
 
Log analysis with the elk stack
byVikrant Chauhan
 
Installation of Elastic search Blue Teams.pptx
byPhongTrn639136
 
DIY Netflow Data Analytic with ELK Stack by CL Lee
byMyNOG
 
Elk presentation1#3
byuzzal basak
 

Recently uploaded

PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
The year in review - MarvelClient in 2025
bypanagenda
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
AI Technology important knowledge ......
byutkarshj2007
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 

Deploying E.L.K stack w Puppet

  • 1.
  • 2.
  • 3.
    The ELK Stack- What is it ? ElasticSearch….for Storage, Indexing & Search Logstash... For Logs & Filtering Kibana…. for DataViz & this guy
  • 4.
  • 5.
    What You’ll AlsoNeed... Load Balancer
  • 6.
  • 7.
    1st Prep aBase Image Save yourself some headache and just prep an empty image that sets puppet master in /etc/hosts [ec2-user@ip-172-30-0-118 ~]$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain 172.30.0.41 puppet
  • 8.
    Prepare your nodes... Useat minimum a medium instance for the elasticsearch nodes...
  • 9.
  • 11.
    The ElasticSearch Config node'ip-172-30-0-189.ec2.internal', 'ip-172-30-0-190.ec2.internal','ip-172-30-0-160.ec2.internal','ip-172-30-0-159.ec2.internal','ip-172-30-0-4.ec2.internal' { class { 'elasticsearch': ensure => 'present', package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install => true, config => { 'cluster.name' => 'cluster-name-goeshere-cluster', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, …….
  • 12.
    package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.3.noarch.rpm', java_install=> true, config => { 'cluster.name' => 'Frederick-Von-Clusterberg', 'cloud.aws.access_key' => ‘SDFDSGGSDSDGFSRSGsgfse’, 'cloud.aws.secret_key' => ‘WhaTEVerUrKEYHaPp3n5t0B3ItWoodG0h3R3’, 'cloud.aws.region' => 'us-east', 'cloud.node.auto_attributes' => true, 'discovery.type' => 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } } exec{'export ES_HEAP_SIZ=2g':} The ElasticSearch Package you want to use Give your cluster a name
  • 13.
    'cloud.node.auto_attributes' => true, 'discovery.type'=> 'ec2', 'discovery.ec2.tag.name' => 'elasticsearch', 'discovery.ec2.groups' => 'sg-0d6aaa69', tag your elasticsearch instances the SAME groups are your security group ID’s
  • 14.
  • 15.
    Except it Doesn’twork. 'discovery.type' => 'ec2', 'http.port' => '9200', 'http.enabled' => true, 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://54.152.82.147', 'path.data' => '/opt/elasticsearch/data', 'discovery.zen.ping.multicast.enabled' => false, 'discovery.zen.ping.unicast.hosts' => ["172.30.0.189", "172.30.0.190","172.30.0.159","172.30.0.160","172.30.0.4"], } }
  • 16.
    CORS… you needsit 'http.cors.enabled' => true, 'http.cors.allow-origin' => 'http://my.kibanabox.whatevs', Otherwise this happens...
  • 17.
    Make your HeapSize Bigger exec{'export ES_HEAP_SIZ=2g':} The default is 1GB of Memory, but apparently ElasticSearch needs 2GB
  • 18.
    You need todeclare an instance!!!! elasticsearch::instance { 'es1': }
  • 19.
    Now add somePlugins!! elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.4.1': module_dir => 'cloud-aws', instances => ['es1'], } elasticsearch::plugin { 'mobz/elasticsearch-head': module_dir => 'head', instances => ['es1'], } elasticsearch::plugin { 'lmenezes/elasticsearch-kopf': module_dir => 'kopf', instances => ['es1'], } elasticsearch::plugin { 'lukas-vlcek/bigdesk': module_dir => 'bigdesk', instances => ['es1'], } } And Make Sure to add your instance Name
  • 20.
  • 21.
    Not Really…. That wasjust the ElasticSearch Part.
  • 22.
    Logstash raw logs goin pretty formatted logs come out
  • 23.
    Now for Logstash... node'ip-172-30-0-144.ec2.internal' { class { 'logstash': ensure => 'present', package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-1.4.2- 1_2c0f5a1.noarch.rpm', install_contrib => true, contrib_package_url => 'https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-contrib-1.4.2- 1_efd53ef.noarch.rpm', java_install => true, exec{ ‘openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt - days 365’} } logstash::configfile { ‘somename’: content => template('files/logstash.conf') } }
  • 24.
    the Logstash configfile input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } this is called logstash-forwarder now, but in logstash config its still called lumberjack...just so you know.
  • 25.
    the Logstash configfile input { lumberjack { # The port to listen on port => 1234 # The paths to your ssl cert and key ssl_certificate => "/etc/pki/logstash-forwarder.crt" ssl_key => "/etc/pki/logstash-forwarder.key" # Set this to whatever you want. type => "apache-access" } } These need to be placed on the servers sending the logs !
  • 26.
    Filters…. filter { grok { type=> "apache-access" match => { message => "%{COMBINEDAPACHELOG}" } } date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } geoip { source => clientip } }
  • 27.
    Outputs... output { elasticsearch {host => 'LoadBalancer.us-east-1.elb.amazonaws.com' cluster => 'Frederick-Von-Clusterberg' protocol => 'http' } Send logs to your Load Balancer make sure to give it the cluster name...or don’t, you didn’t really need those logs anyway. Set The “elasticsearch” output
  • 28.
  • 29.
    And Now forKibana…. elastic doesn’t provide a kibana module
  • 30.
    so use thisguy’s echocat/puppet-kibana4 it does the job.
  • 31.
    the only configvalue you need is…. class kibana4 ( $version = '4.0.0-linux-x64', $download_path = 'http://download.elasticsearch.org/kibana/kibana', $install_dir = '/opt', $running = true, $enabled = true, $port = 5601, $host = '0.0.0.0', $elasticsearch_url = 'http://your.fancy.loadbalancerurl:9200', $elasticsearch_preserve_host = true, $kibana_index = '.kibana', $kibana_elasticsearch_username = '', $kibana_elasticsearch_password = '', $default_app_id = 'discover', $request_timeout = 300000, $shard_timeout = 0, $verify_ssl = true, $ca = '', $ssl_key_file = '', $ssl_cert_file = '', $pid_file = '/var/run/kibana.pid', This one right here
  • 32.
    And Now YouHave an ELK Stack!
  • 33.
    You Still haveto configure your Log Shipper
  • 34.
    you need toprepare a few things
  • 35.
    like go, thekeys you made earlier, logstash forwarder... { "network": { "servers": [ "ip-172-30-0-144:1234" ], "ssl key":"/root/.logstash/logstash-forwarder.key", "ssl ca": "/root/.logstash/logstash-forwarder.crt", "timeout": 120 }, "files": [ { "paths": [ "/home/logdir/access*[^.][^g][^z]" ], "start_position": "beginning", "fields": { "type": "apache-access" } } ] }
  • 36.
  • 37.