Chapter 12: Using Elasticsearch, Logstash, and Kibana to Manage Logs

1. Elasticsearch can be installed through the package manager.
2. This is done through parted.
3. Adding the UUID of the disks to /etc/fstab.
4. /etc/elasticsearch/elasticsearch.yml
5. This gives the name to the cluster, the name should be consistent across nodes so each join the same cluster.

6. The number is dictated by (N/2)+1.
7. By using the same cluster.name setting, the second node will join to the same cluster.
8. Add the repo, install through yum, partition the disk for logstash.
9. This is a storage location where logstash will persistently store queues in the scenario of a crash.
10. A coordinating node is an Elasticsearch node that does not accept inputs, does not store data or takes part in master/slave elections.
11. Beats are the lightweight data shippers from Elastic.co.
12. Filebeat function is to collect logs from sources like syslog, apache and others to later ship it to Elasticsearch or Logstash.