Introduction
This is a basic article explaining details of installation and configuration of ELK with Jenkins and windows log events.
Basics of ELK
ELK stands for Elastic Search, Logstash and Kibana.
- Elastic Search is Lucene based search indexer.
- Logstash is for stashing the logs and feeding it serially to Elastic Search.
- Kibana is a UI representation of Search Indexes and for setting things up in Elastic Search.
You can directly load data on elastic search. All these three tools can be used separately. But it is better to use them together.
One of the problems with this tool stack is security. You need to manually attach a security layer if required. Like Kibana is directly accessible. But if you need user authorization like SSO, LDAP or own authorization, you would need to attach a proxy to authorize. Here in this document, we will not touch upon that.
You can directly load logs to Elastic Search. For this document, we will cover the basics only.
Installation
Links to download the tools. We are not going to use Docker for now.
There are various beats that we can use, but for this document, we will use only filebeat and winlogbeat, we will not cover this is much detail:
Extract all the zip files in a folder. I named the folder ELK_Stack on my C: drive:
Since we are going to use windows, we would need these apps to run as a service.
Installing Elastic Search as Service
Elastic Search comes with a batch file which when run on command prompt, installs the services.
cd /d C:\ELK_stack\elasticsearch\bin
elasticsearch-service.bat install.
C:\ELK_stack\elasticsearch\config has a config named elasticsearch.yml - this has default values. By default, elastic search will run on 9200 port.
This will install the elastic search as service in Windows:
Installing Logstash as Service
Once the file is unzipped, create a file named Logstash_config.conf under the same folder where you extracted logstash. This can be anywhere in the system but for better management, I have kept it here.
C:\ELK_stack\logstash
The file is a JSON file.
\\logstash_config.conf
input {
file {
path => "D:/jenkins_QA/jobs/**/log"
start_position => "beginning"
}
file{
path=>"\\s608109dl2nsqa\stars_qa\EE\ContinuousDeployment/*/*.log"
start_position => "beginning"
}
beats {
port => 5044
}
tcp {
id=>"Jenkins_Plugin"
port => 5045
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}
Then open a Command prompt and run the following commands:
cd /d C:\ELK_stack\logstash\bin
logstash-plugin install logstash-output-tcp
logstash-plugin install logstash-input-beats
Remember we downloaded NSSM:
C:\ELK_stack\nssm\win64\nssm install
This will trigger a UI. If you want to run as commandline, feel free to try it.
There are other tabs I put in Dependency on Elastic search, but that is optional.
Now go to service manager and start the service.
Logstash is now running, we will see what all we can do with it later.
Installing Kibana as Service
This is straight forward:
cd /d C:\ELK_stack\kibana\bin
dir kaibana.bat
Kibana.bat should exist:
C:\ELK_stack\nssm\win64\nssm install
This will trigger a UI. If you want to run as commandline, feel free to try it.
There are several settings that you can alter but for now, we will leave them as is.
If you want to look at the configuration, it is located here:
C:\ELK_stack\kibana\config\kibana.yml
Default port is 5601 and can be accessed from anywhere as long as port is accessible. Ideally, kibana should be run using ngnix https://logz.io/blog/securing-elk-nginx/.
But we are not going in detail here.
Installing WinLogbeat as Service
Extract the zip on some other server and you will see that there is a Powershell script for install winlogbeat as service. Go ahead and run the install-service-winlogbeat.ps1.
Once the service is installed, open the config file winlogbeat.yml which comes in the package and modify line number 122 with the IP of Logstash and the port that you have specified as beats listener in logstash config. In our case, we are using 5044.
output.logstash:
hosts: ["localhost:5044"]
goto services and start the winlogbeat service and it will start pushing the data to logstash.
Installing Jenkins Plugin
Now you have installed the logstash and you want to send the data of your builds from Jenkins to Logstash. So to do this, first install:
Here, we are assuming Jenkins is already installed and running other plugins once the plugin is installed.
Now let's configure the Plugin in Jenkins.
http://<JenkinsIP:Port> /configure
Here is the Port which we configured in logstash_config.conf for TCP input.
And now, all the Jobs will start getting in.
If there was a problem in pushing the Log, you will get an error like below:
[logstash-plugin]: Failed to send log data: <Logstash Server>:5045.
[logstash-plugin]: No Further logs will be sent to <Logstash Server>: 5045.
java.net.ConnectException: Connection refused: connect
Configuring Kibana to Show Logs
<a href="http://localhost:5601/app/kibana#/home?_g=()">http://localhost:5601/app/kibana#/home?_g=()</a>
Once you see your index of logstash, we can create an Index Pattern so that we get our expected data:
So in Index name, put in something like logstash-*.
Now if you go to dashboard, you will see something like this:
Points of Interest
One of the major learnings I came across in various sites - it was mentioned that lot of logstash are already installed. And when I ran the command logstash-plugin list, this always gave me a huge list. But till the time I didn't install filebeats plugin and the tcp-output plugin, no matter whatever I tried, I could not make it work. Now all my Jenkins build logs are visible in Kibana with proper searches.
History
- 4th November, 2019: Initial version
