beats – Justin Lim

1

Elastic Fleet Server & elastic-agent common troubleshooting

Posted on June 16, 2022 by jlim0930

Common troubleshooting items for any fleet & elastic-agent issues can be found on https://www.elastic.co/guide/en/fleet/current/fleet-troubleshooting.html however there are a few items that I would like to add. Whitespaces When you start the elastic-agent on an endpoint and even if you have everything configured for your elastic-agent, the right policy, integrations, etc however no data is going into elasticsearch. The most common issue is that there is something wrong with your fleet settings. This can be edited from kibana -> fleet -> settings. Either your ES endpoint / Fleet server endpoint / Advanced YAML settings are wrong or there might even be… Continue Reading →

3

deploy-eck – script to automate various configurations of elasticsearch with ECK

Posted on May 26, 2022 by jlim0930

OUTDATED – Please use this link for the new script and instructions https://www.gooksu.com/2022/09/new-elastic-kubernetes-script-deploy-elastick8s-sh/ Updated! Aug 16, 2022 – https://www.gooksu.com/2022/08/deploy-eck-update-1/ I stand up and tear down elasticsearch deployments on kubernetes pretty often for various testing. I found that it was a bit cumbersome to do so by hand since my tests are usually short and specific and wanted some way to be able to stand up various versions of the ECK operator and the elasticsearch stack using various configurations for testing. Using my gke.sh script, I built the deploy-eck.sh. It is similar in function to my deploy-elastic.sh script but designed for… Continue Reading →

1

elasticsearch 8.x configure roles and users for stack monitoring

Posted on February 17, 2022 by jlim0930

A lot of changes were made with elasticsearch 8.0 release but the main one that affected me the most was the ability to use the default elastic(superuser role) to access system indices. According to https://www.elastic.co/guide/en/elasticsearch/reference/current/release-highlights.html#_better_protection_for_system_indices we no longer have write access to system indices with the superuser role. When configuring stack monitoring using metricbeats this is an issue if you’ve been just using the elastic user to configure the monitoring. You can add allow_restricted_indices to the role to enable it back however its the lazy and insecure method. I’ve summarized the creation of roles and users for metricbeats and filebeats… Continue Reading →

6

Quickly deploy elasticsearch with docker

Posted on February 22, 2021 by jlim0930

UPDATE: there is a new version that was released in March 2022 and you can read about it here I needed a way to quickly stand up various versions of elasticsearch for testing. Sometimes just 1 instance was needed and at other time a small cluster and configure it with TLS and security settings. I spent way too much time installing and reinstalling the software on my vm and knew that this will not work well for me. So I set out to look for a light weight, portable, fast, re-produce-able solution that I can quickly stand up and delete… Continue Reading →