From the Italian FreeBSD Users Group, this tutorial series shows you how to get ELK stack up on FreeBSD. Elk is a combination of the open source software Elastic, Logstash, and Kibana, designed to help analyze data in real time. View the links below for the full instructions.

elkstack

ELK is the new black, it seems, so let’s give it a try.

Suppose that we have a bunch of servers where a simple application ir running smoothly:

operator@srv1 $ /usr/local/bin/myapp -c /usr/local/etc/myapp.cfg --log /var/log/myapp.log

I know, myapp is completely uncool (and boring), so let’s make some noise.

Suppose that we want a dashboard to inspect /var/log/myapp.log coming from all servers so basically we need:

  • to search within logfiles;
  • to filter per host/datetime/colour_of_my_tshirt;
  • to create some nice dashboard to see how our new iMac 5k will render it.

You have basically two choices:

  1. convince your colleagues to help you logging on each server, learn to regexp and to dashboard ( then you’ll spend a lot of money in beer for your colleagues), or
  2. use an ELK stack (and buy beers only for yourself).

We will follow the second approach, because a real sysadmin doesn’t have colleagues, only enemies.

ELK stands for ElasticSearch/Logstash/Kibana because well, we will need all of them.

1. ELK First part

2. ELK Stack (Elasticsearch, Logstash and Kibana) on FreeBSD – Part 2

3. ELK Stack (Elasticsearch, Logstash and Kibana) on FreeBSD – Part 3