Introduction
In this tutorial, we will demonstrate the installation of Elastic Stack on macOS Big Sur, first on a local machine, and then how to perform the same task via the Logstail platform. After the installation, we are able to monitor the performance of our machine with great detail!
Apple recently updated the Operating System and the new name is Big Sur! Apart from the new Operating System, many things have changed from the Elastic side also. The introduction of Metricbeat made things easier than before, but still, the time you need (especially if you are inexperienced with the use and management of ELK) to set it up on your own is considerably more when compared to our service!
Installing ELK On Mac OS Big Sur
Installing Elastic Stack on your Mac is rather straightforward nowadays. You can complete this task by using Homebrew. But what is Homebrew? Homebrew is a popular open-source package manager that helps to install software on Mac OS Big Sur.
Installing Homebrew
If your Mac has Homebrew already installed, you can skip this step, otherwise, follow the steps below to install it.
Open a Terminal on your Mac and type the following commands:
|
1 |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" |
It takes some time to install all the required tools, after which, run the next command to verify the installation:
|
1 |
brew help |
If you have Homebrew output like usage examples, the tool has been installed successfully.
Install Elasticsearch on macOS with Homebrew
The second step to install Elastic Stack is to utilize the Homebrew package manager.
To install with Homebrew, you first need to tap the Elastic Homebrew repository:
|
1 |
brew tap elastic/tap |
Once you’ve tapped the Elastic Homebrew repo, you can use brew install to install the default distribution of Elasticsearch:
|
1 |
brew install elastic/tap/elasticsearch-full |
This installs the most recently released default distribution of Elasticsearch. After some time you can run Elasticsearch with typing:
Elasticsearch
And check your browser by typing http://localhost:9200
Installing Kibana with Homebrew
Next, install Kibana with:
|
1 |
brew install elastic/tap/kibana-full |
To run Kibana in the background, use:
|
1 |
brew services start elastic/tap/kibana-full |
Or, simply:
|
1 |
Kibana |
To access Kibana, open your browser at:
|
1 |
http://localhost:5601 |
System Metrics Pipeline from Local Machine to Kibana
Next, we will set up a simple data pipeline using Metricbeat to ship system metrics from our Mac:
|
1 |
brew install elastic/tap/metricbeat-full |
Metricbeat is a much smaller package, so it’ll take just a few seconds to be downloaded and installed
To have launchd start elastic/tap/metricbeat-full now and restart at login:
|
1 |
brew services start elastic/tap/metricbeat-full |
Or, if you don’t want/need a background service you can just run:
|
1 |
Metricbeat |
and check your Kibana for your logs!
Log Files via Filebeat from Local Machine to Kibana
Apart from Metrics, you can also send log files from your system to your local Kibana. The steps are presented below:
1) Install Filebeat.
Install Filebeat on all the servers you want to monitor. To download and install Filebeat, use these commands for Mac OS Big Sur:
|
1 2 3 4 |
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.1-darwin-x86_64.tar.gz tar xzvf filebeat-7.10.1-darwin-x86_64.tar.gz |
2) Connect to the Elastic Stack.
In order to send data, you have to connect Filebeat with Elasticsearch Kibana. The connection information has to be set in filebeat.yml.
For example:
3) Enable and configure data collection modules.
Filebeat uses modules to collect and parse log data. Initially, you will have to identify the modules you need to enable.
|
1 |
./filebeat modules list |
Second from the installation directory, you can enable one or more modules like the system, nginx, and mysql :
|
1 |
./filebeat modules enable system nginx mysql |
4) Set up your assets.
Filebeat comes with predefined assets for parsing, indexing, and visualizing your data. To load these assets you have to make sure that the user specified in filebeat.yml is authorized to set up Filebeat and from the installation directory, you can run:
|
1 |
./filebeat setup -e |
5) Start Filebeat.
Before starting Filebeat, modify the user credentials in filebeat.yml and specify a user who is authorized to publish events. Then you can start Filebeat, by running:
|
1 2 3 |
sudo chown root filebeat.yml sudo chown root modules.d/system.yml sudo ./filebeat -e |
6) View your data in Kibana.
Go to this address in your browser in
|
1 |
http://localhost:5601 |
Analyze your Mac OS logs via the Logstail app
Actually, there is an even easier way to check your logs from your machine by using our platform! First of all, you can sign in to your account and navigate to the Log Shippers tab. The wizard to ship your machine logs to the Logstail platform is in the System logs category.
Inside this category, you will choose the Mac OS tab and follow the instructions.
1) The first step is to download untar and install Filebeat and the Logstail certificate required to encrypt and secure your traffic, by using the following command.
2) The second step is to configure the Filebeat
Backup your filebeat.yml, create a new one mv /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml_original && sudo nano /etc/filebeat/filebeat.yml and paste the snippet straight from the wizard
3) The final step is to restart Filebeat to apply the changes
And finally, you can check the logs coming from your machine to the Logstail platform! It’s that easy.
You have just completed the most important step to take value from your logs. From now on you can navigate and search easily and quickly your logs!
For example, you can set an alarm (on Slack, webhook, or mail) on the alert on the tab when your system forcefully shuts down processes (SIGKILL).
You can read in detail the whole process in our blog article!
Furthermore, we have created a collection of ready dashboards under the Apps tab to optimize the visualization of your logs. Simply click the Add data button and you will automatically install to your stack this App.
Then if you click the View data button you will get something like this
Now you can easily get an idea if something is going wrong. But even if you want to customize these visualizations, you can click on them and change all the parameters!
If you are new and you don’t know how to create or edit a visualization, then go ahead and read our article! We have thought about everything!
[mo-optin-form id=”apacNKMngd”]
Conclusion
That’s it! We are now able to configure and monitor our machine with great detail. The power of Elastic Stack when compared with Logstail, gives is a must! Logstail offers advanced features and brings the functionality of Elastic Stack to your hands. You don’t have to be an Elastic expert or a software engineer in order to set up and use Elasticsearch anymore. Convert your data into actionable insights with just some tweaks. Maximize today the performance of your infrastructure or be notified of potential problems and take the appropriate actions. Sign-up for a free demo in order to realize the power of Logstail.com.
Contact Our Expertsor Sign Up for Free
