Elastic Stack

In this tutorial, you will learn how to install ELK stack 8.x on Ubuntu systems. Elastic/ELK stack 8.0 has been released making it another major version release after Elastic 7.0. Elastic 8.0 comes with a lot of improvements including; compatibility with 7.x REST APIsecurity features enabled and configured by default (HTTPS and Authentication)Better protection for system indicesNew k-nearest neighbor (kNN)...

This tutorial will show you how you can easily configure Logstash Elasticsearch Basic authentication. If you have secured your Elasticsearch cluster with authentication/authorization, then for Logstash to be able to publish the events to the Elasticsearch cluster, it must provided valid user credentials that is authorized to publish events to specific indices. In our previous guides, we learnt how to...

This tutorial will take you through how you can configure filebeat-elasticsearch authentication. You realize that when you enable Elastic basic authentication, you need to valid user credentials to authenticate and validate access to restricted Elastic resources. Our previous guide showed how to enable Elastic stack basic authenticaion. How to Enable Basic Authentication on ELK Stack Configure Filebeat-Elasticsearch Authentication Create Required Publishing Roles In order...

In this tutorial, you will learn how to enable basic authentication on ELK stack. Elastic/ELK stack supports user authentication. This enables it to restrict access to various resources within the cluster. To access these resources when authentication is enabled, a user has to prove their identity using username/passwords or other forms of identity depending on the authentication realm enabled. How...

This guide will take you through how to integrate Osquery manager with ELK Stack. According to their Github page, osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. It is available for Linux, macOS, Windows, and FreeBSD. It allows you to query the operating system just like you would query any records from the usual relational databases...

This tutorial will take you through how you can install and enroll Elastic agents to Fleet manager in Linux. According to Elastic Fleet and Elastic Agent overview page; Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to each host. A single agent makes it easier and faster to deploy monitoring...

This tutorial will take you through how to ship system logs to ELK stack using Elastic Agents. You might be so used to using Elastic beats such as Filebeat, metricsbeat, Winlogbeat etc. to ship log from your end points to ELK for visualization. However, Elastic has announced the general availability Elastic Agents. Elastic Agent is a single, unified agent...

In this tutorial, you will learn how to detect changes to critical files in Linux using Auditbeat and ELK. Auditbeat is one of the elastic beats that according to Elastic page, collects Linux audit framework data and monitor the integrity of the files. It ships these events in real time to the rest of the Elastic Stack for further...

Welcome to our guide on how to install ELK Stack on Debian 11. ELK, currently known as Elastic Stack, is the acronym for open source projects comprising; Elasticsearch: a search and analytics engineKibana: a data visualization and dash-boarding tool that enables you to analyze data stored on Elasticsearch.Logstash: a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms...

Welcome to our demo on how to install ELK Stack on Rocky Linux 8. ELK is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch. Kibana lets users visualize...