... | ... | @@ -138,3 +138,10 @@ Elastic stack (ELK stack) is a group of products from [Elastic](https://www.elas |
|
|
We should start by installing `Kibana` and `Elasticsearch` resources as these require little to none configuration, we only need to set the `elasticsearchRef` attribute correctly in the Kibana deployment.
|
|
|
Next we will deploy Filebeat, which collects log from logfiles. We configure it to look at files at `/var/lib/containers/` directory which is where k8s stores logs from its containers and then we send the output to Logstash service on port 5044. Since Filebeat needs to read files on all pods across all nodes on our cluster, we need it give it elevated privileges using `ClusterRole` and `ClusterRoleBinding`.
|
|
|
Lastly, we need to configure Logstash. Unfortunately, Logstash is not part of the ECK platform, which complicates its deployment slightly, but there is an official [recipe](https://github.com/elastic/cloud-on-k8s/tree/main/config/recipes/logstash) to include it in ECK. Logstash pipeline is used to transform logs using [grok](https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html) filter.
|
|
|
|
|
|
#### Preview
|
|
|
|
|
|
![image](uploads/3a49a894b3dd223234fe0dabc5d959a1/image.png)
|
|
|
*Kibana dashboard*
|
|
|
![image](uploads/7386e0f5d4bfa90ff8d9222a62505d2a/image.png)
|
|
|
*Raw contents of logfile (Message) and attributes parsed from it* |
|
|
\ No newline at end of file |