1

How are events indexed and stored by Elasticsearch when using ELK (Elastichsearch, Logstash, Kibana)

How does Elasticsearch work in ELK

Has QUIT--Anony-Mousse
  • 76,138
  • 12
  • 138
  • 194
manhhuy
  • 59
  • 1
  • 2

3 Answers3

18

Looks like you got downvoted for not just reading up at elastic.co, but...

logstash picks up unstructured data from log files and other sources, transforms it into structured data, and inserts it into elasticsearch.

elasticsearch is the document repository. While it's not useful for log information, it's a text engine at heart and can analyze the data (tokenization, stop words, stemming, etc).

kibana reads from elasticsearch and allows you to explore the data and make dashboards.

That's the 30,000-ft overview.

Alain Collins
  • 16,268
  • 2
  • 32
  • 55
0

Elasticsearch have the function of database on ELK Stack.

You can read more information about Elasticsearch and ELK Stack here: https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html.

Miguel Bessa
  • 325
  • 2
  • 5
  • 21
0

first of all you will have logs file that you used to write system logs on it for example when you add new record to database you will write the record in any form you need to log file like

date,"name":"system","serial":"1234" .....

after that you will add your configuration in logstash to parse the data from the logs and it will be like name : system .....

and the data will saved in elastic search

kibana is used to preview the elastic search data

and you can use send a request to elasticsearch with the required query and get your data from it

qusai safa
  • 46
  • 6