Anyone tried ELK stack before ???
-
Hello guys
anyone tried ELK : (elasticsearch+logstash+kibana) stack before ? i have a couple of question ?
-
I've got Graylog running. I've run ELK in my lab previously but prefer Graylog.
-
https://mangolassi.it/topic/8201/building-elk-on-centos-7/2
https://mangolassi.it/topic/5365/setting-up-logstash-for-elk
https://mangolassi.it/topic/3610/problems-setting-up-an-elk-stack/3It's been a couple of years since a lot of discussion and walkthroughs were written on it. Lots, and I forgot a lot of what I did with it.
-
@coliver Hi Sir
the management recommend me to use ELK as SIEM for our logs
the problem is : i get stuck at "Successfully started Logstash API endpoint {:port=>9600}" while trying to ingest txt log file into elasticsearchhere is my config file :
input {
file {
path => "C:\Users\mustapha\Desktop\test.txt"
start_position => "beginning"
}
}
filter {
grok {
match => {"message" => "%{WORD:username} %{WORD:email} %{WORD:hash}" }
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "test"
}
}my log file is :
username email hash
username email hash
username email hash
username email hash
username email hashi cant even get this simple example work, am i missing something ???
-
-
Yup, I've run ELK and it is nice. I've come to prefer Graylog2, though. Although that uses part of the ELK stack, they are highly related.
-
ELK's weakness is security, that traditionally was an add-on that you had to pay for whereas it was part of the free open source product with Graylog.
-
@travisdh1 said in Anyone tried ELK stack before ???:
https://mangolassi.it/topic/8201/building-elk-on-centos-7/2
https://mangolassi.it/topic/5365/setting-up-logstash-for-elk
https://mangolassi.it/topic/3610/problems-setting-up-an-elk-stack/3It's been a couple of years since a lot of discussion and walkthroughs were written on it. Lots, and I forgot a lot of what I did with it.
Tags......
-
Tags added.
