How To Install Logstash ELK Stack Using Repo

How To Install Logstash, That’s an Open Source server-side data processing pipeline that allows you to collect, process and load data into Elasticsearch.

Check Out: Error Can’t Run Elasticsearch As a Root User In Linux

Logstash collects the logs and converts them into JSON documents then stores them in Elasticsearch. Once the inputs have collected the data it can be processed by any numbers of filter which modify the data.  

Step 1: yum install logstash-7.0.0.rpm -y

Step 2: Now you have to add SSL Certificates based on IP address of ELK in /etc/pki/tls/openssl.cnf

Find [v3_ca] and put these line subjectAltName = IP:

Now Create a Self-Sign Certificate

openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

Check Out: Configuration of Metricbeat For MySQL Server Monitoring

Step 3: Configuration Logstash

Create a Input file under the directory /etc/logstash/conf.d/

vim logstash_input.conf

Create a Output file under the directory /etc/logstash/conf.d/

vim logstash_output.conf

Check Out: Install Open Source Kibana For Data Visualisation In Linux

Create a filter file under the directory /etc/logstash/conf.d/

vim logstash_filter.conf

Now load the daemon, Start the Service and enable at boot time.

systemctl daemon-reload && systemctl start logstash && systemctl enable logstash

Step 4: Add Logstash port in firewall

firewall-cmd –permanent –add-port=5044/tcp

firewall-cmd –reload

Now Check all the ports of Elasticsearch, Kibana & Logstash should be listening.

netstat -tnlp | grep java

Check Out: Configuration of Filebeat For Elasticsearch

Step 5: Log File Location of Logstash is /var/log/logstash

You can also verify Logstah configuration settings by

service logstash configtest

You’re done

Rate this article

Leave a Reply

Notify of