Showing posts from August, 2015

Notes on setting up an ELK stack and logstash-forwarder

I set up the ELK stack a while ago and I want to jot down some notes on installing and configuring it.  I was going to write "before I forget how to do it", but that's not true anymore, because I have ansible playbooks and roles for this setup. As I said before, using ansible as executable documentation has been working really well for me. I still need to write this blog post though just so I refresh my memory about the bigger picture of ELK when I revisit it next.

Some notes:

Used Jeff Geerling's ansible-role-logstash for the main setup of the ELK server I haveUsed logstash-forwarder (used to be called lumberjack) on all servers that need to send their logs to the ELK serverWrapped the installation and configuration of logstash-forwarder into a simple ansible role which installs the .deb file for this package and copies over a templatized logstash-forwarder.conf file; here is my ansible template for this fileCustomized the lumberjack input config file on the ELK serv…