Hello all,

I have come across with Elasticsearch and have gone through the websites but nothing goes in to my mind. I understood its for logging analysis, but is it only useful for cloud infrastructure like AWS, google? please share me your ideas.

ELK stands for ElasticSearch Logstash Kibana. It should be called LEK, because the dataflow starts with Logstash, but I guess ELK sounds better.

Logstash is a tool that standardizes log messages. Standardized log messages go into Elasticsearch, which puts them into a database that is optimized for very fast read access. Kibana is a graphical presentation tool that allows you to correlate log information in many ways.

Useful for any infrastructure where you have several log files from several servers that you want to analyze and correlate.

Any specific question?

Thank you so much for the answer. Yes, In our infrastructure we have many apache logs to monitor so would ELK be the best to monitor all logs with in the infrastructure?

I can’t serve as a consultant, even more so because I only have a one-line description of a complex problem, but I would check how much work and computing resources are required to set up and maintain an ELK installation and compare that to the scale of your problem.

Since you only need to manage Apache logs, perhaps there are more focused, easier to use and leaner solutions.

If you're looking for a commercial solution take a look at Splunk, we use it to ingest around 50Gb of log files a day.

Hello all,

I have installed ELK on my system (Debian version: 8), after the installation when i try to connect to my website https://example.com it asks for username and password and I am unable to authenticate it. Can anyone help me with this.
when i checked the error log

Which part of the error message "testuser" was not found in "/etc/nginx/htpasswd.kibana" doesn't make sense?

I have installed Splunk on my server, So I can monitor all the clients on a single server?

Have you CONFIGURED all your servers to send the logs to one? Have you read the Splunk documentation?? And you do realize that Splunk requires configuration, just like Kibana does too?

I have created an instance to monitor apache access log as per the documentation, unforunately i am unable to see the logs when i start seraching for it. Any idea?

Besides "You didn't configure it properly"...no, none at all. And an 'instance' of what? This thread was started about Kibana, and after you seemed to bypass a very simple error message, (that TenTenths explained), you said you the installed Splunk.

Again: you have to configure things before they'll work. If you're not seeing the logs you want (but see others), that narrows down the list of potential problems considerably.

I configured the app Splunk Add-on for Apache Web Server unfortunately when i try to launch app it redirects to the page where the application not found. when i download and upload files it says successfully done but still seems the application doesnot exist.

Right; again, you have **NOT INSTALLED OR CONFIGURED IT CORRECTLY**

It's giving you errors and telling you it's not running...why would you then think that you'd see log file entries as if it WAS running? Again, you are providing NO DETAILS about what you've done/tried how you installed, to what version/distro of Linux. All things you've been asked several times before. Since you are now asking about Splunk, you need to open a new thread where you provide all of the details you SHOULD be providing. Do this after you read and follow the Splunk installation instructions (which you haven't yet).