This Getting Started with ELK example provides sample files to ingest, analyze & visualize NGINX Plus logs obtained from its status API using the ELK stack, i.e. Elasticsearch, Logstash and Kibana. The logs obtained from the status API are in JSON format.
Example has been tested with following versions:
- Elasticsearch 1.7.3
- Logstash 1.5.4
- Kibana 4.1.1
-
Follow the Installation & Setup Guide to install and test the ELK stack (you can skip this step if you have a working installation of the ELK stack,)
-
Run Elasticsearch & Kibana
<path_to_elasticsearch_root_dir>/bin/elasticsearch <path_to_kibana_root_dir>/bin/kibana -
Check that Elasticsearch and Kibana are up and running.
- Open
localhost:9200in web browser -- should return status code 200 - Open
localhost:5601in web browser -- should display Kibana UI.
Note: By default, Elasticsearch runs on port 9200, and Kibana run on ports 5601. If you changed the default ports during/after installation, change the above calls to use appropriate ports.
- Open
Download the following files in this repo to a local directory:
nginxplus_json_logs- sample JSON formatted NGINX Plus logs from its status APInginxplus_json_logstash.conf- Logstash config for ingesting data into Elasticsearchnginxplus_json_template.json- template for custom mapping of fieldsnginxplus_json_kibana.json- config file to load prebuilt Kibana dashboard
Unfortunately, Github does not provide a convenient one-click option to download entire contents of a subfolder in a repo. Use sample code provided below to download the required files to a local directory:
mkdir nginxplus_json_ELK_Example
cd nginxplus_json_ELK_Example
wget https://raw.githubusercontent.com/elastic/examples/master/ELK_nginxplus-json/nginxplus_json_logstash.conf
wget https://raw.githubusercontent.com/elastic/examples/master/ELK_nginxplus-json/nginxplus_json_kibana.json
wget https://raw.githubusercontent.com/elastic/examples/master/ELK_nginxplus-json/nginxplus_json_template.json
wget https://raw.githubusercontent.com/elastic/examples/master/ELK_nginxplus-json/nginxplus_json_logs
** The JSON formatted logs used in this example were created using status API of NGINX Plus. Please refer to Live activity monitoring with NGINX Plus for more information on how to use status API of NGINX Plus
- Execute the following command to load sample logs into Elasticsearch.
cd nginxplus_json_ELK_Example
cat nginxplus_json_logs | <path_to_logstash_root_dir>/bin/logstash -f nginxplus_json_logstash.conf- Verify that data is successfully indexed into Elasticsearch
Running http://localhost:9200/nginxplus_json_elk_example/_count should return a response a "count":500
Note: Included nginxplus_json_logstash.conf configuration file assumes that you are running Elasticsearch on the same host as Logstash and have not changed the defaults. Modify the host and cluster settings in the output { elasticsearch { ... } } section of nginxplus_json_logstash.conf, if needed.
- Access Kibana by going to
http://localhost:5601in a web browser - Connect Kibana to the
nginxplus_json_elk_exampleindex in Elasticsearch (auto-created in step 1)- Click the Settings tab >> Indices tab >> Add New. Specify
nginxplus_json_elk_exampleas the index pattern name and click Create to define the index pattern
- Click the Settings tab >> Indices tab >> Add New. Specify
- Load sample dashboard into Kibana
- Click the Settings tab >> Objects tab >> Import, and select
nginxplus_json_kibana.json<<<<<<< HEAD
- Click the Settings tab >> Objects tab >> Import, and select
- Open dashboard
- Click on Dashboard tab and open
NginxPlus:Sample Dashboarddashboard
- Click on Dashboard tab and open
Voila! You should see the following dashboard. Enjoy!
If you found this example helpful and would like to see more such Getting Started examples for other standard formats, we would love would to hear from you. If you would like to contribute examples to this repo, we'd love that too!