Installasjon (krever Java)

echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
echo "deb http://packages.elastic.co/kibana/4.4/debian stable main" | sudo tee -a /etc/apt/sources.list.d/kibana-4.4.x.list
echo "deb http://packages.elasticsearch.org/logstash/2.2/debian stable main" | sudo tee -a /etc/apt/sources.list
# apt-get install wget
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - 
wget -qO - https://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add -
apt-get update
sudo apt-get -y install elasticsearch
sudo apt-get -y install kibana
sudo apt-get -y install logstash

Konfigurasjon

# apt-get install nano
sudo nano /etc/elasticsearch/elasticsearch.yml
sudo nano /opt/kibana/config/kibana.yml
sudo nano /etc/logstash/conf.d/apache.conf  # alle filer i /etc/logstash/conf.d/ blir lastet av logstash

Start og autostart

# apt-get install curl
sudo service elasticsearch start  # restart, stop
sudo service kibana start
sudo service logstash start


sudo update-rc.d elasticsearch defaults 95 10
sudo update-rc.d kibana defaults 96 9
sudo update-rc.d logstash defaults 97 8

Test

curl localhost:9200  # elasticsearch
curl localhost:5601  # kibana
/opt/logstash/bin/logstash --config /etc/logstash/conf.d/apache.conf < LOGGFIL
curl localhost:9200/_cat/indices/  # elasticsearch - sjekk at "open logstash" er opprettet
curl -XDELETE 'localhost:9200/logstash-*'  # Slette alle logstash- data
curl -XDELETE 'http://localhost:9200/_all'  # Slette alt i ElasticSearch (!!!)

Logstash konfigurasjonseksempel

input {
	stdin { }
}
	
filter {
	grok {
		match => { "message" => "%{COMBINEDAPACHELOG}" }
	}
}
	
output {
	elasticsearch {
	hosts => ["localhost:9200"]
	}
}