i wish there were a like button which can generate tons of likes..i would do that on this video!! you have solve my biggest problem!!thanks a lot boss

Hi Ali, fantastic video - works like a charm. Thx for the effort. I have one or two questions regarding adding additional containers to the docker-compose file. If i add additional containers, i get the following error, validating /home/test/elk/docker-compose.yml: services.logstash Additional property filebeat is not allowed. Can file beat just be added as a separate container instead of adding it to the docker-compose file?

Hi, ca we send log from fortigate directly to logstash/elasticsearch withtout filebeat? I mean, Why do most tutorials always use Filebeat?

i have question about ILM is it possible to create lifecycle policy for index pattern not just an index

Thank you, Ali, for this video, useful one.

Still valid in 2024! Thank you for the help!

thank youuuu brother ❤

I almost gave up installing ELK 8. Thank you very much for the straight and forward video. The only difference I have to make is setting cluster name and keeping the node-name disabled. Much respect

thank you! :D i have stuck configuring kibana and elastic search for weeks Thanks again for the clear guidance

Just what I needed - Brilliant!

Amazing video!! thank you Ali

wonderfull video

Hey, I was able to download and setup filebeat and it showed me that kibana dashboard must be running and reachable but when I refresh the page the logs section shows me that I still need to install filebeat which I have already done

Hi Ali, Do you think ElasticSearch can be used for documents archiving and records management. I work for engineering company where project can produce 10s of thousands of documents . All those need to be archived provided retention schedule before records\files are destroyed (deleted from they system with log documenting the destruction event).

Python errors with elastalerts2! Its not working! And remove dislike wtf?

thanks you man 🙏

that was the clearest explanation I've seen for timelion- I wish I had seen it years ago!😄

Very great job. Sufficient and very good explanations. very practical

That is really helpfull !!!

Thanks a lot for the great explanation! It was really useful as it gave the two ways to deploy ILM (with and without rollover)

I run your docker-compose file but get this error in Kinaba: FATAL Error: [config validation of [xpack.encryptedSavedObjects].encryptionKey]: value has length [16] but it must have a minimum length of [32].

MAD RESPECT!! Clear explanations, well-paced tutorials, and incredibly useful content. Big props to you Ali for making complex topics so accessible and engaging. waiting for more about elastic stack kafka, load balancing, reverse proxies, integration with TheHive, Cortex... Keep up the fantastic work may Allah bless you! ❤🙏

Despite configuring SSL certificates why it appears insecure n the browser?????????????????????????????????

awesome, ill wait for next lectures

followed this but every time I join a node it crashes the master, if I restart the master it crashes the node. any ideas?

Thanks a ton for this, was looking for this for a while.

Here in this video , Can you show me how to extract ip address and assign to other field ?because i want to populate that ip in the other slot

Im confused, what's the difference between elastic agent and apm agent or are these the same?

Great what if i have multiple elasticsearch node, How we can define in kibana.yml

my logstash cannot conect to elastic.. i already put in false the security... logs in logstash are like this: [2024-06-07T08:06:29,273][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

Thank you!

Hey man, I don't get data on some fields and I miss data in the dashboard. How do I resolve this?

Deserve an applause. you cover all basic details to setup the elasticsearch and kibana,

Thank you very much for your great tutorial. Even if the Elastic documentation explains similar steps but there were many steps not working, but you shown them practically.

which one is better depends on performance, send log via filebeat or via logstash?

i cant understand the difference between logstash and filebeat, why not using just filebeat instead of logstash?

I miss a lot of fields! How do I get these?

How to resolve the hot node disk is full I have unassigned shards and the indices health is red

Hi I want to install ELK on a test/production server can you please me for that

i have error : org.jruby.exceptions.SystemExit: (SystemExit) exit at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:808) ~[jruby.jar:?] at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:767) ~[jruby.jar:?] at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/en vironment.rb:90) ~[?:?]

i want to add fleet server hosts as http. is it possible ? I am doing everything on localhost

Hi ali... I am facing an issue.... After following these steps i am unable to connect to elasticsearch search from my logstash server.... Can you help

Nice Vid Ali. I've installed Fleet and some Integrations. But when I try a CISCO FTD, the installation gets completed, No errors observed. Yet the Data Streams are not created. Any suggestion? I am supposed to receive the logs into a Ingestion Server with the Elastic Agent installed and the FTD sends the logs to the Ingestion server. In my integration I am using the IP address of the Ingestion server port 9003. The Ingestion server windows firewall has the UDP port opened. All this is on Windows btw. I use the same Agent policy for both the Windows OS and the Cisco devices. I tried to create a new Cisco policy to separate the logs, but then it tries to install the Agent on the Ingestion server which has the Elastic Agent already installed for the other Integrations. I even changed the Namespace on the Integration settings to user other name than "default" and eve tried with "default". Same results whatsoever. Thanks for your help if at all possible.

We just moved from a pfsense netgate + dell switch setup to a full 2x fortigate 100f in HA + 3 stacked Fortiswitches so, trying to learn as much as I can about this environment.

ELK version upgradation please please to V 8.12.0

why does this not work for me lol. I can't access kibana even after following all the steps

this doesnt work for me and i cant even access my first node or kibana anymore

Great!

كل الشكر و التقدير على هدا العمل الجميل شكرا اخي

I have errors: "stacktrace": ["java.net.UnknownHostException: es01" "stacktrace": ["java.net.UnknownHostException: es02" "stacktrace": ["java.net.UnknownHostException: es03" Help me please!