ELK server is up, now how do I use it.

MattSpeller

@Dashrender said:

RTFM?

Blasphemy

scottalanmiller

You have to select FileBeat and set it to be the default. It won't let you do anything till you do that. Once you do that you can go to the Discover page. At least in theory.

If that works (it should be blank) then we can start sending in logs. I've got that on the list to get documented. Haven't had a spare moment today but will have that soon(ish).

JaredBusch

@scottalanmiller said:

You have to select FileBeat and set it to be the default. It won't let you do anything till you do that. Once you do that you can go to the Discover page. At least in theory.

If that works (it should be blank) then we can start sending in logs. I've got that on the list to get documented. Haven't had a spare moment today but will have that soon(ish).

Well, I can also read up on that myself now that I know what it is.

scottalanmiller

I've got a working filebeat and topbeat process. I'll try to get it up tonight, hopefully.

Alex Sage

@scottalanmiller said:

I'll try to get it up tonight, hopefully.

Make sure this doesn't get taken out of context, it has a complete different meaning that way.

coliver

@JaredBusch did you ever get your machines logging to the ELK stack?

JaredBusch

@coliver said in ELK server is up, now how do I use it.:

@JaredBusch did you ever get your machines logging to the ELK stack?

No. I have some half baked setup. I need to spend time on that project.

MattSpeller

@JaredBusch said in ELK server is up, now how do I use it.:

@coliver said in ELK server is up, now how do I use it.:

@JaredBusch did you ever get your machines logging to the ELK stack?

No. I have some half baked setup. I need to spend time on that project.

I'm going to have to tackle something very similar later this summer / fall - would highly appreciate any notes or thoughts you have on your journey.

Like yourself, I can (probably) follow all SAM's steps to make it chooch but after that I'm a bit lost... I can direct my firewalls to spew logs at it but how do I search them? Make them pretty? Setup alerts for important things?

scottalanmiller

Searching... that is a MAJOR undertaking in any of these systems. It is exhausting.

BRRABill

I was playing a little bit with LOGG.LY today and I think I fried my brain.

I'm trying to get my logs off my XS USB boot device see it doesn't get its brain fried.

I'll be watching this ELK discussion to see how everyone does.