Search code examples
azureelasticsearchlogstashazure-virtual-machinelogstash-configuration

ElasticSearch on Azure - How to Logstash and install plugins?

We are trying to develop a PoC for ElasticSearch on Azure Cloud

We installed the Elastic template from Azure Marketplace, selected 3 nodes and now we have following configuration: 1 Kibana VM 3 Data VM 3 Master VM

What we can do so far:

Connect and log in to Kibana (create simple index pattern from console) Connect to VMs via bash ssh What is still open and we desperately look for clear documentation:

On which VM runs logstash?

How to start logstash?

Where to store the config files (for logstash but also if using jdbc plugin)?

Installation of Kibana plugins: when trying to install for example https://github.com/Nico-DF/kibana-plugin-traffic-sg I always get 'operation not permitted' even if I am logged in as the owner of the directory Is it impossible to install extra plugins on VMs?

Installation of ES plugings like like https://github.com/Azure/azure-diagnostics-tools/tree/master/Logstash/logstash-input-azurewadtable or https://github.com/Azure/azure-diagnostics-tools/tree/master/Logstash/logstash-input-azureblob On which VM it should be installed? Master-0 I assume? But then under which directory?

Can anyone direct us to some comprehensive (for dummies) guidelines/tutorial Or at least reply to our questions?

thx a lot

Solution

  • You can deploy Elasticsearch, Logstash, and Kibana, on an Ubuntu VM in Azure.

    Start Logstash with the following command:

    sudo systemctl start logstash.service

    Test Logstash in interactive mode to make sure it's working correctly:

    sudo /usr/share/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'

    Start Kibana and visualize the data in Elasticsearch:

    Edit /etc/kibana/kibana.yml and change the IP address Kibana listens on so you can access it from your web browser. server.host:"0.0.0.0"

    Start Kibana with the following command:

    sudo systemctl start kibana.service

    Open port 5601 from the Azure CLI to allow remote access to the Kibana console:

    az vm open-port --port 5601 --resource-group myResourceGroup --name myVM

    Refer the below article for more information: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-elasticsearch#start-logstash-and-add-data-to-elasticsearch