I somehow managed to set Logstash output as the default output for Intergrations hence I don't need a license to use it!

hi, your video help me to my project. the process was successful, but when I check my domain it showing "Your connection to this site is not secure". what is missing? Thanks.

the analysis on self-signed or public certificates is relevant. thanks

thank you for your video. But can you make tutorial to use ILM with fleet server and elastic agent configured? Thanks in advance

32:50 I did not encountered the same issues. But I am also installing 8.17 meanwhile. Great tutorial as always. Thanks.

How can elk stack on Linux rhel 9 pls guide me I installed Elastic search Kibana logstath but I can't be configured prefect

Regarding your question at 4:51 . This is probably due to the fact, that the Fleet Server needs to trust the Elasticsearch Service to even get the data you put in the Advanced YAML configurations. If Fleet doesn't trust ES, how should it get the needed information.

This is exactly what I have been looking for!!! Thank you!

thanks brother

I ran into the problem with staring elastisearch. The error from logs: "bind address: {::} is wildcard, but multiple addresses specified: this makes no sense" The problem was my DNS server which was resolving dns name to both IPv4 and IPv6 (which was ::). Disabling IPv6 on DNS server solved the problem.

why put replication to 0 ? what is real explanation with cluster if no replication if the node1 down then the data index on node1 will disappear ? due to no replication because all data index node1 only availlable in the node1

why the replica is 0 ? nothing replicate index, cluster mean data replicate accors the nodes ?

lifesaver

Which cmd u typing after vi install .sh

Very helpful. Thanks for the video.

Spent the last two days going through guides and videos none of them worked until I came across yours thank you so much this was frustrating to try and configure

I had a problem. I followed all your steps exactly and on Linux it worked without any problems! However, when I tried to install on Windows, I had a problem with it saying: "Cannot index event (status=400): dropping event! Look at the event log to view the event and cause.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"windows/metrics-default","type":"windows/metrics"} I tried to reconfigure and reinstall several times, but the error remains the same. I'm really enjoying your videos

Thank you, tracing worked. I can't configure sending metrics from a C# application. The created metrics and .NET platforms do not arrive. Can you tell me what the reason is?

i got error ca when running test output command. can you see and guide me to fix it. thank you run: /usr/share/filebeat/bin/filebeat test output -c /etc/filebeat/filebeat.yml --path.data /var/lib/filebeat --path.home /usr/share/filebeat Error: TLS... security: server's certificate chain verification is enabled handshake... ERROR x509: certificate signed by unknown authority

Hi. I am installing elastic in docker but i get memory error on ubunto22. I have enough memory but i dont know what is the problem.

Can you also guide the logstash and filebeat part for this ssl connection?

Hello and many thanks for your videos. I want to aks you if it's possible as we have already created those containers via docker-compose to our virtual machine, to transfer them (images) in Microsoft Azure via ACR repository and Azure volumes? Is there any change needed to make or any advise from your side your be highly appreciated.

Nice video. It would be great if you could make another one to integrate Suricata with ELK to get more secure servers.

Public Certs for Docker + Elastic Cluter: kzbin.info/aero/PLPatHYWw1RVuRMxGhsZ-WkMl6zCZ8D0MO I often get asked about how to use Let's Encrypt (or any other publicly signed cert) certificates in a docker-compose project. Peope run into situations where one elastic node can't seem to communicate with another elastic node within a docker network when using publicly signed cert. This is my most recent answer to someone: ---- It is difficult to use "public certs" in a "private network". A docker network is a private network. Services in each of your docker container reference each other internally within the docker network via HOSTNAMES like es01, es02, es03 etc.. (whatever you declared for each service in your docker-compose file ). Public CAs like Let's Encrypt, Sectigo, etc.... verify the authenticity of a FULLY QUALIFIED DOMAIN NAME like es01.example.com, es02.example.com, es03.example.com. Public CAs don't have a practical way to verify docker host names, because docker host names are not managed by the DNS servers of every major Internet Service Provider in the world. If Let's Encrypt makes a TLS certificate for es01.example.com, you'd have to find a way to tell your docker containers to reference each other via FQDN and NOT HOSTNAMES, which is not a conventional way of doing things. This is why containerized systems and orchestration systems develop reverse proxies, load balancers and other tools to expose private services to the public external world: Ingress with K8, Traefik with Docker Swarm, Nginx with anything, Apache with anything etc.... So hopefully that clarifies why trying to use "public certs " in a "private network" (like a docker network) is not an easy thing to do. If you want to expose a private service to the public external world, it's common to add another layer of tech like a reverse proxy or load balancer etc... ---If anyone as more insight, please share!

Can you explain how a docker multinode elasticsearch configuration with Let's Encrypt would be configured. I am able to configure a self-signed configuration, but I cannot figure out how to configure the public signed certificates into the docker-compose file.

request grok for fortinet

It would have been nice to show us how to configure to point it to our site.

You're awesome! what a greatly detailed video with nice tone; Thank you.

very nice tutorial, thank you! helping me setup home data storage cluster!

how do with php/laravel in a docker or locally?

awesome video. recently managed to setup es cluster in docker several several servers. the trick was to copying the cert key to all es docker instances. issue now kibana cant be accessible if one of the es is down. need some assist here

Also please make an video about how to create a elasticsearch certificate in simole method.

Yes another god tier knowledge on Elasticsearch. Thanks for the video.

I had to add restart: unless-stopped tty: true into the docker-compose.yml otherwise the containers didn't come back up up on reboot

Thank you for this content and the effort you invested into making it, you are doing wonderful job. Keep going!

I have installed Elk with Kibana and Filebeat all logs are coming in some dashboard are working fine but I need [Filebeat System] Sudo Commands dashboard data not showing how to fix this I need sudo cmd data there Can you help me achieve this

would it be possible for it to get the data directly visa IMAP? I get over 5000 reports daily and downloading and putting them in the folder seems kinda hardcore :)

I love this channel. hope evermight system can be a benefit company

i want to see also alert status. how can i set it to index

👍

this helped me set up a single node self hosted "cluster". Thanks! the certs are what my problem area was.

hello sir i am getting this issue when i click on fleet "Kibana cannot connect to the Elastic Package Registry, which provides Elastic Agent integrations Ensure the proxy server(opens in a new tab or window) or your own registry(opens in a new tab or window) is configured correctly, or try again later. " how can i resolve this issue ?

Amazing tutorial. You rock.