13.2.5 Enabling Logstash
Perform the following steps to enable logstash:
- Navigate to the
$WORKDIR/kubernetes/elasticsearch-and-kibanadirectory and create alogstash.yamlfile as follows:apiVersion: apps/v1 kind: Deployment metadata: name: oig-logstash namespace: <ELKNS> spec: selector: matchLabels: k8s-app: logstash template: # create pods using pod definition in this template metadata: labels: k8s-app: logstash spec: imagePullSecrets: - name: dockercred containers: - command: - logstash image: logstash:<ELK_VER> imagePullPolicy: IfNotPresent name: oig-logstash env: - name: ELASTICSEARCH_PASSWORD valueFrom: secretKeyRef: name: elasticsearch-pw-elastic key: password resources: ports: - containerPort: 5044 name: logstash volumeMounts: - mountPath: <mountPath> name: weblogic-domain-storage-volume - name: shared-logs mountPath: /shared-logs - mountPath: /usr/share/logstash/pipeline/ name: oig-logstash-pipeline - mountPath: /usr/share/logstash/config/logstash.yml subPath: logstash.yml name: config-volume - mountPath: /usr/share/logstash/config/certs name: elk-cert volumes: - configMap: defaultMode: 420 items: - key: elk.crt path: elk.crt name: elk-cert name: elk-cert - configMap: defaultMode: 420 items: - key: logstash-config.conf path: logstash-config.conf name: oig-logstash-configmap name: oig-logstash-pipeline - configMap: defaultMode: 420 items: - key: logstash.yml path: logstash.yml name: oig-logstash-configmap name: config-volume - name: weblogic-domain-storage-volume persistentVolumeClaim: claimName: governancedomain-domain-pvc - name: shared-logs emptyDir: {}- Change the <ELK_VER>, <ELK_SSL> to match the values for your environment.
- Change
<mountPath>to match themountPathreturned in Finding Required Domain Details. - Change the
claimNamevalue to match theclaimNamereturned earlier - If your Kubernetes environment does not allow access to the internet to pull the
logstash image, you must load the logstash image in your own container registry and
change image:
logstash:<ELK_VER>to the location of the image in your container registry, for examplecontainer-registry.example.com/logstash:8.3.1
apiVersion: apps/v1 kind: Deployment metadata: name: oig-logstash namespace: oigns spec: selector: matchLabels: k8s-app: logstash template: # create pods using pod definition in this template metadata: labels: k8s-app: logstash spec: imagePullSecrets: - name: dockercred containers: - command: - logstash image: logstash:8.3.1 imagePullPolicy: IfNotPresent name: oig-logstash env: - name: ELASTICSEARCH_PASSWORD valueFrom: secretKeyRef: name: elasticsearch-pw-elastic key: password resources: ports: - containerPort: 5044 name: logstash volumeMounts: - mountPath: /u01/oracle/user_projects name: weblogic-domain-storage-volume - name: shared-logs mountPath: /shared-logs - mountPath: /usr/share/logstash/pipeline/ name: oig-logstash-pipeline - mountPath: /usr/share/logstash/config/logstash.yml subPath: logstash.yml name: config-volume - mountPath: /usr/share/logstash/config/certs name: elk-cert volumes: - configMap: defaultMode: 420 items: - key: elk.crt path: elk.crt name: elk-cert name: elk-cert - configMap: defaultMode: 420 items: - key: logstash-config.conf path: logstash-config.conf name: oig-logstash-configmap name: oig-logstash-pipeline - configMap: defaultMode: 420 items: - key: logstash.yml path: logstash.yml name: oig-logstash-configmap name: config-volume - name: weblogic-domain-storage-volume persistentVolumeClaim: claimName: governancedomain-domain-pvc - name: shared-logs emptyDir: {} - Deploy the logstash pod by executing the following
command:
The output will look similar to the following:kubectl create -f $WORKDIR/kubernetes/elasticsearch-and-kibana/logstash.yamldeployment.apps/oig-logstash created