The EGK Stack - that's Elasticsearch, Graylog, Kibana - are open source projects that help you take data from any source, any format and search, analyze, and visualize it in real time.
Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management. It combines the speed of search with the power of analytics via a sophisticated, developer-friendly query language covering structured, unstructured, and time-series data.
Graylog Parse and enrich logs, wire data, and event data from any data source. Graylog also provides centralized configuration management for 3rd party collectors such as beats, fluentd and nxlog.
Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics. From histograms to geomaps, Kibana brings your data to life with visuals that can be combined into custom dashboards that help you share insights from your data far and wide.
This bundle is a 6 node cluster designed to scale out. Built around Elastic components, it contains:
- 1 Apache2 unit (reverse proxy for graylog)
- 1 Elasticsearch unit
- 1 Graylog unit
- 1 Kibana unit
- 1 MongoDB unit (required for graylog)
- 1 Ubuntu unit (source for log/metric ingestion)
- 1 Filebeat unit (colocated on the ubuntu unit)
juju deploy ~kwmonroe/bundle/egk-stack
Testing the deployment
The applications provide extended status reporting to indicate when they are ready:
This is particularly useful when combined with watch to track the on-going progress of the deployment:
watch juju status
The message for each unit will provide information about that unit's state.
Scale Out Usage
This bundle was designed to scale out. To increase the amount of log storage and indexers, you can add-units to elasticsearch:
juju add-unit elasticsearch
You can also increase in multiples. For example: increase the number of graylog parser units with:
juju add-unit -n 2 graylog