Skip to content

Configure Elastic Stack


For an overview of Elastic Stack and its components used with PLOSSYS 5 or easyPRIMA, refer to Elastic Stack.

In Elasticsearch, different indices are used for the log, statistics, audit and accounting data of PLOSSYS 5. For easyPRIMA, only the audit data is configured in Kibana so far.

Hint - update for audit data

Audit data for PLOSSYS 5 has been introduced with 5.3.3. When updating to PLOSSYS 5.3.3, you have to adjust filebeat.yml manually as described in Update on Windows or Update on Linux and restart the PLOSSYS system.


For the different indices, you can configure the housekeeping in Elasticsearch (Index Lifecycle Management, ILM). For the configuration, the load-config script is provided by SEAL Systems in the SEAL Elastic Stack package as of version 7.16.0.53 or you can proceed step-by-step in the Kibana user interface. The step-by-step instructions are described in Configure Elastic Stack Step-by-Step.

Only the common index pattern for the audit indices of PLOSSYS 5 and easyPRIMA will not be configured by the load-config script. For the required steps for this, refer to Create a Common Index Pattern for the Audit Indices below.


The load-config Script

SEAL Elastic Stack as of version 7.16.0.53 provides the load-config script and several configuration files for creating all necessary components for the housekeeping of the stored data for both PLOSSYS 5 and easyPRIMA.

  • Windows: C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1

  • Linux: /opt/seal/seal-kibana/configuration/load-config.sh

In the non-overwrite mode, the load-config script checks if the specific index exists and creates only settings that do not yet exist. In the overwrite mode, some settings will be overwritten. Independent of the mode, the dashboard configurations are always overwritten in order to ensure consistency of the consecutive configurations.

Hint - Usage

Call the configuration script with -h or -help in order to get the usage.


Execute the Script

  1. Stop the seal-filebeat services on all PLOSSYS 5 servers (if already installed) so that no new data will be sent to Elasticsearch:

    plossys service stop seal-filebeat
    
  2. By default, the configuration fits for the installation of PLOSSYS 5 and easyPRIMA. If you want to modify it, change the configuration on the management server in the directory structure described in Configure the Script below.

  3. On the management server, open a PowerShell (Administrator) on Windows or a shell on Linux and call the load-config script for PLOSSYS 5:

    • Windows:
    C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1
    
    • Linux:
    /opt/seal/seal-kibana/configuration/load-config.sh
    
  4. Call the load-config script for a second time for easyPRIMA if desired:

    • Windows:
    C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1 -c seal-easyprima
    
    • Linux:
    /opt/seal/seal-kibana/configuration/load-config.sh -c seal-easyprima
    
  5. Start the seal-filebeat services on all PLOSSYS 5 servers (if already installed):

    plossys service start seal-filebeat
    

Configure the Script

The load-config scripts scans through the following directory structure and uses the JSON files found there for the configuration of the different components of Elastic Stack. If a JSON file or a subdirectory does not exist, the load-config script skips the configuration of the correspondent component:

  • Windows: C:\Program Files\SEAL Systems\seal-kibana\configuration\<product_name>
  • Linux: /opt/seal/seal-kibana/configuration/<product_name>

The subdirectories within the product-specific directories contain the JSON files for the different components:

  • index: Elasticsearch index
  • index-lifecycle-policy: Housekeeping of the data in the specific index
  • index-pattern: Index patterns for accessing the data stored in the specific index
  • index-template: Template used when creating the index

The JSON files in the component-specific directories are named according to the data type to be configured:

  • accounting.json
  • audit.json
  • log.json
  • statistics.json

Additionally, the following subdirectories in the product-specific directories contain JSON files for configuring some preconfigured dashboard and workspaces of Kibana:

  • dashboard: Dashboard for visualizing the log data of PLOSSYS 5
  • workspace

Example - configuration directory contained in delivery with SEAL Elastic Stack 7.16.0.53

Configuration Directory of Kibana


Backup Files

Before changing existent settings, the load-config script saves the correspondent original files into the following directory:

  • Windows: $env:TEMP/backup
  • Linux: $HOME/tmp/backup

Log File

Error messages of the load-config script are logged into a log file in the following directory:

  • Windows: $env:TEMP/log
  • Linux: $HOME/tmp/log

Create a Common Index Pattern for the Audit Indices

The audit data of PLOSSYS 5 is stored in the seal-plossys-5-audit index. The audit data of easyPRIMA is stored in the seal-easyprima-audit index. For these indices, you can create a common index pattern seal-*-audit to access the audit data of both products.

For accessing the audit data both of PLOSSYS 5 and easyPRIMA, create a common index pattern:

  1. Change to Index Patterns in the Kibana section and click Create index pattern.

    Create Common Audit Index Pattern

  2. While typing seal-*-audit in Index pattern name, the list below shrinks to the fitting indices. Click Next step:

    Select the Audit Indices

  3. Select @timestamp from the list of available fields for refreshing the data and click Create index pattern:

    Set Field for Refresh

    Optionally, click Show advanced settings, enter seal-*-audit as Custom index pattern ID and click Create index pattern:

    Set Custom Index Pattern ID

  4. Select the seal-*-audit index pattern and configure the view:

    Select Common Audit Index Pattern


Indices for PLOSSYS 5

The indices used in Elasticsearch for the log and statistics data of PLOSSYS 5 are specified in the following keys in the PLOSSYS 5 system:


Back to top