Vagrant and ELK stack installation

INDEX

  1. vagrant install
  2. VirtualBox install
  3. elk stack install
  4. Provisioning

vagrant, VirtualBox を mac にインストールして、elasticsearch, logstash, kibana a.k.a elk stack が入った box を起動します

vagrant install

vagrant download
dmg を落としてインストール

1
2
% vagrant --version
Vagrant 1.7.4

VirtualBox install

VirtualBox download
dmg を落としてインストール
ついでに extension pack も入れた


elk stack install

1
2
3
4
5
6
7
8
9
10
git clone https://github.com/comperiosearch/vagrant-elk-box.git
Cloning into 'vagrant-elk-box'...
remote: Counting objects: 327, done.
remote: Total 327 (delta 0), reused 0 (delta 0), pack-reused 327
Receiving objects: 100% (327/327), 51.51 KiB | 0 bytes/s, done.
Resolving deltas: 100% (153/153), done.
Checking connectivity... done.
cd vagrant-elk-box
vagrant up

Provisioning

1
2
3
4
5
vagrant provision
<snip>
==> default: Notice: /Stage[main]/Main/Elasticsearch::Instance[es-01]/Elasticsearch::Service[es-01]/Elasticsearch::Service::Init[es-01]/Service[elasticsearch-instance-es-01]/ensure: ensure changed 'stopped' to 'running'
==> default: Notice: /Stage[main]/Main/Exec[start kibana]/returns: executed successfully
==> default: Notice: Finished catalog run in 36926.37 seconds

けっこう待ちました

vagrant sshしてss -atunでサービスを確認する

1
2
3
4
5
6
7
8
vagrant@localhost:~$ ss -atun | grep 9200
tcp ESTAB 0 0 127.0.0.1:41495 127.0.0.1:9200
tcp ESTAB 0 0 127.0.0.1:41496 127.0.0.1:9200
tcp LISTEN 0 50 :::9200 :::*
tcp ESTAB 0 0 ::ffff:127.0.0.1:9200 ::ffff:127.0.0.1:41495
tcp ESTAB 0 0 ::ffff:127.0.0.1:9200 ::ffff:127.0.0.1:41496
vagrant@localhost:~$ ss -atun | grep 5601
tcp LISTEN 0 128 *:5601 *:*
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
vagrant@localhost:~$ curl -XGET localhost:9200
{
"status" : 200,
"name" : "localhost-es-01",
"cluster_name" : "vagrant_elasticsearch",
"version" : {
"number" : "1.6.1",
"build_hash" : "e72f2849e1c52f2a7b87196b36e687f851a30a6a",
"build_timestamp" : "2015-07-16T14:06:55Z",
"build_snapshot" : false,
"lucene_version" : "4.10.4"
},
"tagline" : "You Know, for Search"
}
vagrant@localhost:~$

次はここで Netflow などを読み込むための設定を追加したいと思います
可能なら puppet の段階で実施するのも良いのかもしれないですね

ƒ