10.2.3 Enabling Logstash
Navigate to the
$WORKDIR/kubernetes/helm
directory and create a
logging-override-values.yaml
file as
follows:elk:
imagePullSecrets:
- name: dockercred
IntegrationEnabled: true
logStashImage: logstash:<ELK_VER>
logstashConfigMap: false
esindex: oudlogs-00001
sslenabled: <ELK_SSL>
eshosts: <ELK_HOSTS>
# Note: We need to provide either esuser,espassword or esapikey
esuser: <ELK_USER>
espassword: elasticsearch-pw-elastic
esapikey: elasticsearch-pw-elastic
- Change the <ELK_VER>, <ELK_SSL>, <ELK_HOSTS>, and <ELK_USER> to match the values for your environment.
- If using SSL, replace the
elk.crt
in$WORKDIR/kubernetes/helm/oud-ds-rs/certs/
with theelk.crt
for your ElasticSearch server. - If using API KEY for your ELK authentication, leave both
esuser:
andespassword:
with no value. - If using a password for ELK authentication, leave
esapi_key:
but deleteelasticsearch-pw-elastic
. - If no authentication is used for ELK, leave
esuser
,espassword
, andesapi_key
with no value assigned. - The rest of the lines in the yaml file should not be changed.
elk:
imagePullSecrets:
- name: dockercred
IntegrationEnabled: true
logStashImage: logstash:8.3.1
logstashConfigMap: false
esindex: oudlogs-00001
sslenabled: true
eshosts: https://elasticsearch.example.com:9200
# Note: We need to provide either esuser,espassword or esapikey
esuser: logstash_internal
espassword: elasticsearch-pw-elastic
esapikey: