{"id":28221,"date":"2015-10-26T14:38:23","date_gmt":"2015-10-26T09:08:23","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=28221"},"modified":"2015-10-27T13:42:57","modified_gmt":"2015-10-27T08:12:57","slug":"amazon-elasticsearch-for-centralized-log-management","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/amazon-elasticsearch-for-centralized-log-management\/","title":{"rendered":"Amazon ElasticSearch for Centralized Log Management"},"content":{"rendered":"<p>This blog is about using Amazon Elasticsearch with Amazon Cloudwatch. I had a use case where I have to make a setup for centralised logs, which can be done by using Amazon ElasticSearch and CloudWatch services.<\/p>\n<h3>Pre-requisites:<\/h3>\n<p>New Amazon Elasticsearch Instance can be setup from <a href=\"https:\/\/aws.amazon.com\/blogs\/aws\/new-amazon-elasticsearch-service\/\">here<\/a>.<\/p>\n<p>A new EC2 Instance with an attached role having Cloudwatch full access policy should be launched to install Cloudwatch daemon. Steps to install Cloudwatch deamon are as listed below:<\/p>\n<p>[js]<\/p>\n<p>wget &lt;a href=&quot;https:\/\/s3.amazonaws.com\/aws-cloudwatch\/downloads\/latest\/awslogs-agent-setup.py&quot;&gt;https:\/\/s3.amazonaws.com\/aws-cloudwatch\/downloads\/latest\/awslogs-agent-setup.py&lt;\/a&gt;<br \/>\nsudo python .\/awslogs-agent-setup.py &#8211;region us-east-1<\/p>\n<p>[\/js]<\/p>\n<p>&nbsp;<\/p>\n<p>While executing above steps, a few details has to be provided. These are listed below and also shown in the next screenshot:<\/p>\n<ol>\n<li>AWS region name<\/li>\n<li>AWS output format<\/li>\n<li>Path of log file to upload [\/var\/log\/syslog]<\/li>\n<li>Destination Log Group name [\/var\/log\/syslog]<\/li>\n<li>Log Stream name<\/li>\n<li>Log Event timestamp format<\/li>\n<li>Initial position of upload<\/li>\n<\/ol>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28308 aligncenter\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog-1.png\" alt=\"blog 1\" width=\"901\" height=\"592\" \/><\/p>\n<p>Now, the log streams can be seen on AWS Cloudwatch Console as:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28310\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog2.png\" alt=\"blog2\" width=\"867\" height=\"232\" \/><\/p>\n<p>Since, Elasticsearch instance is already up and running in the account, so, now we are going to stream the above syslogs\u00a0to Amazon Elasticsearch. We need to provide the Elasticsearch cluster name as shown in below screenshot and click next:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28319\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog31.png\" alt=\"blog3\" width=\"1084\" height=\"581\" \/><\/p>\n<p>Now, Filters can be applied which can be referred from <a title=\"here\" href=\"http:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/DeveloperGuide\/FilterAndPatternSyntax.html\">here<\/a>, and debugging can be done while writing the pattern using &#8220;Test Pattern&#8221;:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28324\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog4.png\" alt=\"blog4\" width=\"1626\" height=\"884\" \/><\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28361\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog5.png\" alt=\"blog5\" width=\"1080\" height=\"579\" \/><\/p>\n<p>Now, when we click start streaming button, we get success window as shown below. This process takes some time.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28362\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog6.png\" alt=\"blog6\" width=\"1080\" height=\"579\" \/><\/p>\n<p>Now, we simply need to click on &#8220;Kibana 3&#8221; or &#8220;Kibana4&#8221; (as shown in above screenshot) to get desired logs on Kibana UI. This UI is illustrated\u00a0in below screenshot:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28363\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog9.png\" alt=\"blog9\" width=\"1297\" height=\"715\" \/><\/p>\n<h5 style=\"text-align: center;\">Kibana4<\/h5>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone  wp-image-28364\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/10\/blog8.png\" alt=\"blog8\" width=\"784\" height=\"430\" \/><\/p>\n<h5 style=\"text-align: center;\">Kibana3<\/h5>\n","protected":false},"excerpt":{"rendered":"<p>This blog is about using Amazon Elasticsearch with Amazon Cloudwatch. I had a use case where I have to make a setup for centralised logs, which can be done by using Amazon ElasticSearch and CloudWatch services. Pre-requisites: New Amazon Elasticsearch Instance can be setup from here. A new EC2 Instance with an attached role having [&hellip;]<\/p>\n","protected":false},"author":261,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":3},"categories":[1174,2348],"tags":[2662,2661],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/28221"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/261"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=28221"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/28221\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=28221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=28221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=28221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}