Setting up the ELK Stack on MALT

In the previous post we showed how to get started with the TICK stack using the MALT principles.  In this post we will look at another central principle of the MALT stack, which is the L.  The L in MALT stands for logging.  Logging is a critical need for any system.  Without logging it is hard to diagnose past events and understand key failures.  Logging, however, is not simply just application logs.  Logging also includes all types of hit logs and access logs.  Hit logs are essential to associating traffic to those key application log events.  The metadata and context provided by both aides in diagnosing key problems.

There are several key platforms for viewing, aggregating, and managing logs, other than the flat text files often created.  In this post we will talk about and show how to setup the popular open source Elatic Stack, more commonly referred to as the ELK stack.  The Elastic company provides a suite of products with the most popular being Elasticsearch and Kibana.  Elastics…