Update elk.md

Open-EO · Mar 6, 2024 · 8870e34 · 8870e34
1 parent 3bbcb0c
commit 8870e34
Showing 1 changed file with 31 additions and 10 deletions.
diff --git a/docs/elk.md b/docs/elk.md
@@ -160,6 +160,12 @@ discovery.seed_hosts: ["192.168.1.100", "192.168.1.150", "node2"]
 cluster.initial_master_nodes: ["node1"]
 ```
 
+Restart elasticsearch:\
+```bash
+sudo systemctl restart elasticsearch.service
+```
+Restart must go fine, otherwise check typo errors in YML file for troubleshooting
+
 ### Installing logstash 
 
 IMPORTANT: at the moment this Logstash setup doesn't allow HTTPS mode and SSL certificates
@@ -186,6 +192,7 @@ This plugin is mandatory to have the configuration below working
 ### Editing logstash conf
 \
 Edit /etc/logstash/conf.d/logstash.conf as follows:
+You have to create this file inside conf.d folder, usually it isn't included by default
 
 ```
 input{
@@ -277,9 +284,11 @@ output {
       # set proper IP if the ES node is not on the same machine as Logstash' 
       hosts => ["http://localhost:9200"]
       user => "elastic"
+      #Password is the one for 'elastic' user you saved on setup wizard while installing ES
       password => "elasticsearch-password"
 
-      ssl => true
+      ssl => false
+      # Change to True if HTTPS with SSL enabled
       ssl_certificate_verification => false
       ## FIXME implement
       #cacert => "/path/to/ca.crt"
@@ -292,14 +301,15 @@ stdout { codec => rubydebug }
 }
 ```
 
+Restart logstash:\
+```bash
+sudo systemctl restart logstash.service
+```
+Restart must go fine, otherwise check typo errors in conf file for troubleshooting
 
 ## Adding node2 (optional)
 
-STOP ES
-
-If you need to distrubute calc capacity ............ (sistemare paragrafetto introduttivo)
-
-### installing and configuring elasticsearch
+### Installing and configuring elasticsearch
 
 Stop the Elasticsearch service if already installed and active, otherwise, if not installed:
 
@@ -322,11 +332,12 @@ cluster.initial_master_nodes: ["node1"]
 
 ```
 
-RESTART ES and check health (TESTARE AL VOLO I DUE NODI)
-
 If you need more nodes, you can repeat this procedure
 
-# checking ELK installation 
+At this point RESTART ES and check health  (see section below)
+
+
+# Checking ELK installation 
 ### cluster health
 wget, curl or navigate on https://<es-host>:9200/_cat/health, to get some info about (in plain text) cluster status and check if everything works fine on the cluster.
 
@@ -336,7 +347,7 @@ wget, curl or navigate on https://<es-host>:9200/_cat/health, to get some info a
 Test if ES and LS are working. Restart their respective system services, if necessary:
 
 
-### On Client Host (where spring and OCD resides)
+### On Client Host (where spring and ODC resides)
 
 #### Installing FileBeat
 Filebeat is mandatory to be used in the same machines as the logs resides, send logs to logstash
@@ -386,6 +397,16 @@ output.logstash:
   hosts: ["X.X.X.X:5044"] #sobstitute X with real ip bytes
 ```
 
+Remove 'output.elasticsearch' property, if present, because we're using the logstash one
+
+Restart filebeat:\
+```bash
+sudo systemctl restart filebeat.service
+```
+Restart must go fine, otherwise check typo errors in YML file for troubleshooting
+
+
+
 ## Testing ELK log ingestion
 
 Having all ELK components running and properly configured, you can easily test if log ingestion work by: