In a previous blog, we saw together the difference between Filebeat and Logstash, we said also that both can cooperate together in some cases. In this blog series we will deep into a use case: send logs using filebeat, transform it using Logstash, then send it to Elasticsearch, view it from Kibana.
Let’s start by the first step, which is the installation of all components (Filebeat, Logstash, Elasticsearch, and Kibana). For that I will use an environment with 3 VMs as following:
Filebeat Installation
Let’s install Filebeat on the server we want to monitor (vmelastic1).
To download and install Filebeat, you can use tar package (other options are available here):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [elastic@vmelastic1 app]# curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.8.1-linux-x86_64.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 41.3M 100 41.3M 0 0 317k 0 0:02:13 0:02:13 --:--:-- 8579k[elastic@vmelastic1 app]# tar xzvf filebeat-8.8.1-linux-x86_64.tar.gzfilebeat-8.8.1-linux-x86_64/filebeatfilebeat-8.8.1-linux-x86_64/fields.yml...[elastic@vmelastic1 app]# ls -rtl filebeat-8.8.1-linux-x86_64total 140532-rw-r--r-- 1 elastic elastic 2647144 Jun 5 21:56 NOTICE.txt-rw-r--r-- 1 elastic elastic 13675 Jun 5 21:56 LICENSE.txtdrwxr-xr-x 4 elastic elastic 24 Jun 5 22:26 kibana-rw------- 1 elastic elastic 8622 Jun 5 22:26 filebeat.yml-rw-r--r-- 1 elastic elastic 177676 Jun 5 22:26 filebeat.reference.yml-rw-r--r-- 1 elastic elastic 3745648 Jun 5 22:26 fields.ymldrwxr-xr-x 2 elastic elastic 4096 Jun 5 22:26 modules.ddrwxr-xr-x 71 elastic elastic 4096 Jun 5 22:26 module-rwxr-xr-x 1 elastic elastic 137281944 Jun 5 22:36 filebeat-rw-r--r-- 1 elastic elastic 809 Jun 5 22:36 README.md |
We will configure Filebeat in a next step.
Logstash Installation
Now, we will install Logstash on a separate server (vmelastic2).
To download and install Logstash, you can use tar package (other options are available here):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | [elastic@vmelastic2 app]# curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-8.8.1-linux-x86_64.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 327M 100 327M 0 0 2399k 0 0:02:19 0:02:19 --:--:-- 25.8M[elastic@vmelastic2 app]# tar xvf logstash-8.8.1-linux-x86_64.tar.gz...logstash-8.8.1/jdk/releaselogstash-8.8.1/LICENSE.txtlogstash-8.8.1/logstash-core/lib/logstash/build.rb[elastic@vmelastic2 app]# ls -rtl logstash-8.8.1total 664-rw-r--r-- 1 elastic wheel 606491 Jun 2 19:42 NOTICE.TXT-rw-r--r-- 1 elastic wheel 13675 Jun 2 19:42 LICENSE.txt-rw-r--r-- 1 elastic wheel 16 Jun 2 19:42 JDK_VERSION-rw-r--r-- 1 elastic wheel 30037 Jun 2 19:42 Gemfile.lock-rw-r--r-- 1 elastic wheel 4101 Jun 2 19:42 Gemfiledrwxr-xr-x 2 elastic wheel 6 Jun 2 19:42 data-rw-r--r-- 1 elastic wheel 2276 Jun 2 19:42 CONTRIBUTORSdrwxr-xr-x 2 elastic elastic 4096 Jun 27 15:34 bindrwxr-xr-x 2 elastic elastic 142 Jun 27 15:34 configdrwxr-xr-x 4 elastic elastic 55 Jun 27 15:34 modulesdrwxr-xr-x 6 elastic elastic 84 Jun 27 15:34 libdrwxr-xr-x 3 elastic elastic 30 Jun 27 15:34 toolsdrwxr-xr-x 3 elastic elastic 86 Jun 27 15:34 logstash-core-plugin-apidrwxr-xr-x 4 elastic elastic 90 Jun 27 15:34 logstash-coredrwxr-xr-x 4 elastic elastic 33 Jun 27 15:34 vendordrwxr-xr-x 9 elastic elastic 193 Jun 27 15:34 x-packdrwxr-xr-x 9 elastic elastic 121 Jun 27 15:35 jdk |
Logstash configuration will be done later.
Elasticsearch Installation
It is time to install Elasticsearch on a separate server (vmelastic3).
To download and install Elasticsearch, you can use tar package (other options are available here):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [elastic@vmelastic3 app]# curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.1-linux-x86_64.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 569M 100 569M 0 0 3927k 0 0:02:28 0:02:28 --:--:-- 27.7M[elastic@vmelastic3 app]# tar xvf elasticsearch-8.8.1-linux-x86_64.tar.gzelasticsearch-8.8.1/elasticsearch-8.8.1/lib/...[elastic@vmelastic3 app]# ls -rtl elasticsearch-8.8.1/total 2224-rw-r--r-- 1 elastic elastic 8106 Jun 5 23:31 README.asciidoc-rw-r--r-- 1 elastic elastic 3860 Jun 5 23:31 LICENSE.txtdrwxr-xr-x 2 elastic elastic 6 Jun 5 23:33 pluginsdrwxr-xr-x 2 elastic elastic 6 Jun 5 23:33 logs-rw-r--r-- 1 elastic elastic 2251526 Jun 5 23:33 NOTICE.txtdrwxr-xr-x 5 elastic elastic 4096 Jun 5 23:37 libdrwxr-xr-x 8 elastic elastic 96 Jun 5 23:37 jdkdrwxr-xr-x 2 elastic elastic 4096 Jun 5 23:37 bindrwxr-xr-x 74 elastic elastic 4096 Jun 5 23:37 modulesdrwxr-xr-x 3 elastic elastic 210 Jun 27 16:05 config |
Elasticsearch configuration will be done later.
Kibana Installation
The last one is Kibana, will be installed on the same server as Elasticsearch (vmelastic3).
To download and install Elasticsearch, you can use tar package (other options are available here):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [elastic@vmelastic3 app]# curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-8.8.1-linux-x86_64.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 263M 100 263M 0 0 1705k 0 0:02:38 0:02:38 --:--:-- 7537kkibana-8.8.1/x-pack/plugins/fleet/target/kibana-8.8.1/x-pack/plugins/fleet/target/agent_versions_list.json[elastic@vmelastic3 app]# ls -rtl kibana-8.8.1total 1388drwxr-xr-x 4 elastic elastic 95 Jun 6 00:19 x-packdrwxr-xr-x 11 elastic elastic 191 Jun 6 00:19 src-rw-r--r-- 1 elastic elastic 3966 Jun 6 00:19 README.txtdrwxr-xr-x 2 elastic elastic 6 Jun 6 00:19 pluginsdrwxr-xr-x 5 elastic elastic 52 Jun 6 00:19 packages-rw-r--r-- 1 elastic elastic 738 Jun 6 00:19 package.json-rw-r--r-- 1 elastic elastic 1370699 Jun 6 00:19 NOTICE.txtdrwxr-xr-x 693 elastic elastic 20480 Jun 6 00:19 node_modulesdrwxr-xr-x 2 elastic elastic 6 Jun 6 00:19 logs-rw-r--r-- 1 elastic elastic 3860 Jun 6 00:19 LICENSE.txtdrwxr-xr-x 2 elastic elastic 6 Jun 6 00:19 datadrwxr-xr-x 2 elastic elastic 44 Jun 6 00:19 configdrwxr-xr-x 6 elastic elastic 71 Jun 6 00:19 nodedrwxr-xr-x 2 elastic elastic 175 Jun 6 00:19 bin |
Next steps
In a next blog, I will configure all these components to push logs from Filebeat to Logstash, make some transformation in Logstash, then send data to Elasticsearch, and see data from Kibana.
Stay connected 
![Thumbnail [60x60]](https://www.dbi-services.com/blog/wp-content/uploads/2022/09/DDI_web-min-scaled.jpg)
![Thumbnail [90x90]](https://www.dbi-services.com/blog/wp-content/uploads/2022/08/HER_web-min-scaled.jpg)
![Thumbnail [90x90]](https://www.dbi-services.com/blog/wp-content/uploads/2022/08/GRE_web-min-scaled.jpg)
![Thumbnail [90x90]](https://www.dbi-services.com/blog/wp-content/uploads/2022/08/DWE_web-min-scaled.jpg)
