Elastic Stack
To use Elastic Stack logging, you must configure the server for JSON logging. To do so, in the local-configuration.yaml file, specify the following property and value:
loggingStyle: JSON_ROLLOVER
The Elastic Stack consists of 3 components:
| • | Logstash. This component receives log entries, filters and transforms them and then passes the entries onwards. |
| • | Elasticsearch. This component stores the log entries. |
| • | Kibana. This component is the GUI where log entries can be searched and visualized. |
The following methods are available to pass the log entries to Logstash:
| • | Using Logstash’s native support of the GELF protocol—Set up the graylog.host and graylog.threshold configuration properties to refer to Logstash. |
| • | Using Elastic Stack's Filebeat to monitor the server’s logging directory—The use of Filebeat to send log entries to the Elastic stack is generally preferred to the use of GELF, because the JSON output is richer and more flexible than the GELF log entry encapsulation, and it is more robust when network interruptions happen. For more information about Filebeat, go to elastic.co/beats/filebeat. |
The sections Elastic Stack and Filebeat and Elastic Stack and GELF show examples of how you can implement this configuration.