Elastic Stack

Welcome to our demo on how to install ELK Stack on Rocky Linux 8. ELK is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch. Kibana lets users visualize...

In this blog post, you will learn how to write specific events to specific index using Logstash. Logstash is a free and open server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite "stash", which in this example setup is an Elasticsearch. Logstash can be configured to write specific...

In this tutorial, you will learn how to enable Kibana HTTPS connection. HTTPS connections ensures that data is encrypted in transit. Kibana supports only TLS encryption protocol. With TLS, X.509 certificates are used to encrypt the data-in-transit. This kind of encryption is asymetric because each certificate contains a public key and a private key which are used for cryptographic operations....

In this tutorial, you will learn how to integrate Wazuh manager with ELK stack as a unified Security Information and Event management tool. Wazuh consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Wazuh can be fully integrated with the Elastic Stack, which provides a search...

In this tutorial, you will learn how to install Wazuh agents on Ubuntu/Debian systems. Wazuh operates in server-client architecture. It is made up of a Wazuh server and Wazuh agents. Wazuh agents collect data from the end-points and ships it to the Wazuh manager for processing. It is capable of; Log and data collectionFile integrity monitoringRootkit and malware detectionSecurity policy...

In this tutorial, you will learn how to enable HTTPS connection between Elasticsearch nodes. One of the Elastic security features is to enable encryption between Elasticsearch cluster nodes using HTTPS connection. If you want to learn how to configure and setup Elasticsearch cluster, check out our previous guide by following the link below; Configure Multi-node Elasticsearch Cluster See also; Enable Kibana HTTPS Connection Enable...

In this tutorial, we will try to show how to restore Elasticsearch snapshot to another Cluster. Elasticsearch data can be backed up by taking a snapshot of the running Elasticsearch cluster. In our previous tutorial, we learnt how to backup and restore a single node Elasticsearch cluster. Link is provided below; Backup and Restore Elasticsearch Index Data Similarly, in this tutorial, we...

In this blog post, you will learn how to backup and restore Elasticsearch Index data. Well, there are various reasons for taking data backups. One of the main reason being to protect the primary data against any unforeseen damage as a result of system hardware/software failure. In case for Elasticsearch, you might be wanting to migrate the data to...

Follow through this guide to learn how to install Filebeat on FreeBSD. Install Filebeat on FreeBSD Filebeat is not available on the default FreeBSD repositories but can be installed from FreeBSD ports. We use FreeBSD 13.0 in this setup; freebsd-version 13.0-RELEASE Install Ports Collection on FreeBSD To use ports to install software in FreeBSD, you need to install portsnap. Portsnap is a fast and user-friendly tool...

In this tutorial, you will learn how to update/change kibana visualization index pattern. Kibana is a free and open user interface that lets you visualize your Elasticsearch data and navigate the Elastic Stack. Sometimes, the index pattern in which you use to visualize your various event data on Kibana may change for some reasons. This usually leads to being unable...