1
00:00:00,510 --> 00:00:06,900
OK, so now to install an advanced elasticsearch dashboard that uses both Volbeat and Metrick beat data

2
00:00:06,900 --> 00:00:08,550
sources at the same time.

3
00:00:08,580 --> 00:00:12,360
I'm going to download it from the Carfagna Dashboard's website.

4
00:00:12,380 --> 00:00:14,570
It's called OS Stats Linux.

5
00:00:14,580 --> 00:00:17,400
That's the ID just there that I'll need now.

6
00:00:17,400 --> 00:00:22,200
It's got a lot of information in there, logs, network stats, et cetera, et cetera.

7
00:00:22,200 --> 00:00:27,570
And all of this information comes from the metric based in the Volbeat, which I'll have installed on

8
00:00:27,570 --> 00:00:28,420
the same server.

9
00:00:28,470 --> 00:00:32,340
So two listeners ago I installed Falbe on my Espie code server.

10
00:00:32,369 --> 00:00:38,220
I'm also going to install metric based on that server, which is a Debian based Ubuntu twenty point

11
00:00:38,220 --> 00:00:39,280
zero four K.

12
00:00:39,300 --> 00:00:44,860
So on the download metric Beke page, we can use at one end Deb's 64 bit copy that link.

13
00:00:44,880 --> 00:00:54,150
And then on the server url l o output your URL that I just copied downloads beats metric metric seventeen

14
00:00:54,150 --> 00:00:55,410
and a sixty four.

15
00:00:56,280 --> 00:00:59,820
So I've already provided that link there myself.

16
00:00:59,820 --> 00:01:06,330
Now to on the package manager Souto package manager Metrick beat seven 10 instore.

17
00:01:07,720 --> 00:01:08,640
Let's have a look.

18
00:01:10,320 --> 00:01:15,390
Case not running good, I do have Forbert beat running on this server already.

19
00:01:17,270 --> 00:01:18,200
He's already running.

20
00:01:18,950 --> 00:01:20,870
OK, so let's go into the metric before.

21
00:01:23,600 --> 00:01:31,520
It's now Hitesh, and we need to edit the metric Betawi amount first, we'll have a look what's enabled

22
00:01:31,520 --> 00:01:32,180
by default.

23
00:01:32,180 --> 00:01:36,110
So metric on Jules.

24
00:01:36,920 --> 00:01:38,690
List, OK?

25
00:01:38,750 --> 00:01:43,760
So there's a whole lot of models to choose from, a naval system by default, just like a windows,

26
00:01:43,820 --> 00:01:47,720
OK, so pseudo metric, B Y amount.

27
00:01:49,270 --> 00:01:51,720
It looks like all the others.

28
00:01:52,990 --> 00:01:54,070
Using Kobana.

29
00:01:56,100 --> 00:02:05,880
My address is a small myelocytic search IP address, Cohon nine 200 and my S.B code server is already

30
00:02:05,910 --> 00:02:09,530
allowed to send report nine 200 pay.

31
00:02:11,060 --> 00:02:14,900
I'm going to keep those to this time is to see what happens.

32
00:02:15,920 --> 00:02:19,080
Very good tricks to save, yes, now.

33
00:02:19,160 --> 00:02:19,820
It started.

34
00:02:22,430 --> 00:02:26,880
A trick start and chicken status or good.

35
00:02:26,900 --> 00:02:33,650
Let's go on to the ElasticSearch server on the elasticsearch server and let's look at the indexes.

36
00:02:34,830 --> 00:02:42,200
OK, so it should be using the existing metric bait index that was created in the last video.

37
00:02:42,360 --> 00:02:50,400
Now in California, let's look at the ElasticSearch metric, Bayt DataSource and I can see Hesp code

38
00:02:50,400 --> 00:02:51,270
lines already.

39
00:02:51,270 --> 00:02:57,120
So I'm getting metric based data from my desktop, which is Windows plus my Hesp code server, which

40
00:02:57,120 --> 00:03:02,040
is Linux on the Net as well, though almost on it.

41
00:03:02,610 --> 00:03:05,200
And that's showing me a code.

42
00:03:05,250 --> 00:03:05,640
Excellent.

43
00:03:05,820 --> 00:03:12,500
So it's now time to install that new dashboard because it appears that I'm getting lots of data now

44
00:03:12,500 --> 00:03:17,850
on that ElasticSearch server and I can read it using the ElasticSearch data sourcing from dashboards

45
00:03:18,030 --> 00:03:18,810
Manwich.

46
00:03:19,020 --> 00:03:25,700
Let's import a dashboard that already being one to six to six load.

47
00:03:26,280 --> 00:03:33,330
OK, so my elasticsearch metric beat was that one and my fall beat, which I hadn't renamed yet, is

48
00:03:33,330 --> 00:03:37,260
just simply that it would have been better if I named ElasticSearch Volbeat.

49
00:03:37,260 --> 00:03:39,450
Perhaps, but anyway, import.

50
00:03:39,490 --> 00:03:46,200
OK, so Espie code server is already preselected so this dashboard is pretty good already log's.

51
00:03:46,440 --> 00:03:48,600
Can see logs, logs.

52
00:03:48,720 --> 00:03:52,650
Looks like it could be improved their network stats.

53
00:03:53,820 --> 00:03:55,930
Let's look at that for the last five minutes.

54
00:03:55,950 --> 00:03:59,670
Very good, but network statistics for errors drops.

55
00:03:59,670 --> 00:04:01,860
These stats are data yet?

56
00:04:03,660 --> 00:04:07,850
For the last 15 minutes, all system starts, OK?

57
00:04:09,040 --> 00:04:11,260
Use a Stetz route.

58
00:04:11,390 --> 00:04:13,300
Very good use of memory.

59
00:04:14,200 --> 00:04:15,430
Process Stets.

60
00:04:16,399 --> 00:04:21,920
Which processes are running the most on my Linux server memory stets?

61
00:04:22,910 --> 00:04:24,200
CPU's, Stets.

62
00:04:25,160 --> 00:04:28,700
So all of you may speak to restructure.

63
00:04:29,600 --> 00:04:31,040
Lots of information there.

64
00:04:31,200 --> 00:04:35,840
So straight away that dashboard is worth keeping last five minutes.

65
00:04:37,390 --> 00:04:44,380
And if I set up metric beaten Falbe, I know my Linux servers that will shoven that now this won't work

66
00:04:44,380 --> 00:04:51,280
so well on a Windows server because the Windows Server is not producing logs in the same way.

67
00:04:51,280 --> 00:04:53,500
So this logs PENNEL won't work for you.

68
00:04:55,130 --> 00:04:55,940
At least.

69
00:04:57,220 --> 00:04:58,660
Process, that's.

70
00:05:00,180 --> 00:05:05,550
Since my windows already has Metrick be running as well, and I've pointed this to the same metric by

71
00:05:05,590 --> 00:05:12,360
datasource that the Windows was already using, I can make the Windows Server appear in this list by

72
00:05:12,360 --> 00:05:14,700
just modifying the dashboard settings here.

73
00:05:14,700 --> 00:05:20,880
Variables, and it says here find terms subfield hostname size, query hostname.

74
00:05:20,880 --> 00:05:24,300
Just get rid of this whole query section because it's saying and not host.

75
00:05:24,300 --> 00:05:27,960
I was family windows so can I get rid of that query.

76
00:05:27,960 --> 00:05:29,040
They're completely.

77
00:05:30,550 --> 00:05:38,440
And just keep that down here, it shows me the Windows host, plus the last update that out down here

78
00:05:38,470 --> 00:05:40,090
is the Windows host.

79
00:05:40,260 --> 00:05:41,950
Well, we don't have everything.

80
00:05:44,350 --> 00:05:45,590
Still very useful.

81
00:05:46,070 --> 00:05:51,060
That's quite a perceived dashboard that so let's look at the logs for windows.

82
00:05:51,070 --> 00:05:52,210
We don't get anything there.

83
00:05:52,960 --> 00:05:55,600
And SB Code, which is a Linux server.

84
00:05:55,630 --> 00:05:56,500
Twenty four.

85
00:05:58,210 --> 00:06:04,690
If we look at this again, there's some information missing, we to discuss stats here.

86
00:06:06,620 --> 00:06:10,880
Is the one that stands out the most, ESCs, that's Disko, right?

87
00:06:12,000 --> 00:06:19,020
Like that, if we look at the graph on a website where I downloaded the dashboard information, it says

88
00:06:19,080 --> 00:06:23,580
down here which metrics it's to have enabled.

89
00:06:23,610 --> 00:06:29,360
So open up Wincer C.p, which is what I use for navigating the file system on Linux.

90
00:06:29,370 --> 00:06:31,680
And I'm in the ATC metric big folder there.

91
00:06:31,770 --> 00:06:38,550
The new one on my because it's going to module and I just scroll down and I find a system there will

92
00:06:38,570 --> 00:06:41,130
email, I can open that up in various code.

93
00:06:41,640 --> 00:06:43,170
That's what I use.

94
00:06:43,170 --> 00:06:50,940
And I can see that compared to the collective configuration dittos CPU load memory network process,

95
00:06:50,970 --> 00:06:58,470
I don't have disk IO enabled or service or users even though I'm seeing information about users already.

96
00:06:58,480 --> 00:07:05,370
So let's have a look how that everything else looks good and also how they got the CPU by 10.

97
00:07:05,370 --> 00:07:07,170
So I Sepo 10.

98
00:07:07,290 --> 00:07:07,980
What memory.

99
00:07:07,980 --> 00:07:09,240
Ten top 10.

100
00:07:09,240 --> 00:07:10,790
That's how you do it anyway.

101
00:07:10,830 --> 00:07:15,150
So I think that that has now updated the fall on my remote server.

102
00:07:15,180 --> 00:07:22,230
I use when I sleep that clock back on I my code server, I need to restart the metric by process.

103
00:07:25,080 --> 00:07:32,310
Very good, go back into the dashboard and hopefully we start seeing some Desco stats that 10 to 10

104
00:07:32,310 --> 00:07:32,970
seconds.

105
00:07:34,290 --> 00:07:35,540
The last five minutes.

106
00:07:39,640 --> 00:07:46,840
OK, and now I have started see this stets, it took a little while, you actually took a few minutes

107
00:07:46,990 --> 00:07:50,200
or started happening, but there now seems to be a lot of information.

108
00:07:50,200 --> 00:07:50,830
There would.

109
00:07:51,920 --> 00:07:56,120
All systems, that is the stats, which was all good already.

110
00:07:57,880 --> 00:08:00,220
So I'm very impressed with that excellent.