ELK – Elasticsearch + Logstash + Kibana triad is a leading open source log management solution. In the previous post we have installed Logstash, today let’s focus on Elasticsearch (and Kibana). With AWS, ELK deployment is quite simple as Elasticsearch cluster and Kibana are provided by Amazon as a service. Let’s see how it works.
- At AWS console select Analytics -> Elasticsearch service.
- Click “Create new domain” and provide a name for your domain.
- Instance of “micro” type is available with Free Tier. It’s a good choice for testing and small deployments.
- “micro” instance must use EBS storage. Let’s configure it.
- Finally, set access policy. Select “Allow access to the domain from specific IP(s)”. For the testing you may put Logstash server public IP and your IP. You have to put your IP in order to access Kibana. Using proxy server is also an option (especially if you don’t have static IP).
- Confirm the settings and wait – according to Amazon, initialization takes around 10 minutes.
- Congratulations! Your Elasticsearch domain is ready. Now the status is green, but later it is going to change to yellow. Don’t worry – it just indicates no redundancy. That’s fine, because one single node cannot provide it. Click on Kibana link to access Kibana’s web interface. In the next part of this tutorial I am going to show how get logs into Elasticsearch with Logstash.