The ELK Stack: Filebeat ships logs, Logstash transforms them, ES stores them, Kibana visualises.
Kibana and the ELK Stack
- Elasticsearch — stores and indexes log data
- Logstash — collects, transforms, and ships logs to ES
- Kibana — visualise and explore ES data
- Beats — lightweight data shippers (Filebeat for logs, Metricbeat for metrics)
# Filebeat config — ship logs to Elasticsearch
filebeat.inputs:
- type: log
paths: ["/var/log/nginx/*.log"]
output.elasticsearch:
hosts: ["localhost:9200"]
index: "nginx-logs-%{+yyyy.MM.dd}"
# Kibana — create index pattern, build dashboards
# Discover -> search logs
# Visualise -> bar charts, pie charts, maps
# Dashboard -> combine visualisations