How are events indexed and stored by Elasticsearch when using ELK (Elastichsearch, Logstash, Kibana)
How does Elasticsearch work in ELK
How are events indexed and stored by Elasticsearch when using ELK (Elastichsearch, Logstash, Kibana)
How does Elasticsearch work in ELK
Looks like you got downvoted for not just reading up at elastic.co, but...
logstash picks up unstructured data from log files and other sources, transforms it into structured data, and inserts it into elasticsearch.
elasticsearch is the document repository. While it's not useful for log information, it's a text engine at heart and can analyze the data (tokenization, stop words, stemming, etc).
kibana reads from elasticsearch and allows you to explore the data and make dashboards.
That's the 30,000-ft overview.
Elasticsearch have the function of database on ELK Stack.
You can read more information about Elasticsearch and ELK Stack here: https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html.
first of all you will have logs file that you used to write system logs on it for example when you add new record to database you will write the record in any form you need to log file like
date,"name":"system","serial":"1234" .....
after that you will add your configuration in logstash to parse the data from the logs and it will be like name : system .....
and the data will saved in elastic search
kibana is used to preview the elastic search data
and you can use send a request to elasticsearch with the required query and get your data from it