bvader/PCF-Space-Drain-ELK-Stack-Quick-Start.txt

## PCF-Space-Drain-ELK-Stack-Quick-Start.txt
##
# Assumes Basic Understanding of PCF, Elasticsearch, Kibana and logstash
# Should support Elasticstack 7.X
##

##
# Step 1: Setup index template
# Save this file https://gist.github.com/bvader/addf80083b170e0cfcd78f946a78d50e
# to pcf_space_drain_log_template.json
# Then run the following command replacing the username, password and elasticearchhost
###
curl -u username:password -XPUT -H 'Content-Type: application/json' http://elasticsearchhost:9200/_template/pcf_space_drain_log_template -d@pcf_space_drain_log_template.json


##
# Step 2: Setup and run Logstash to ingest from space drain using this pcf-space-drain.conf
# Save this file https://gist.github.com/bvader/7ec1505e5d8c8cb44780abe20f553c02
# to pcf-space-drain.conf
# Edit the logstash.yml to point to the correct elasticsearch instance
# example start logstash
###

./bin/logstash -f ./pcf-space-drain.conf

##
# Step 3: Install CF Space Drain plugins locally
# Reference : https://github.com/cloudfoundry/cf-drain-cli#space-drain
# Install the drain plugins locally this can take a while.
# Note: You can uncomment the stdout { codec => rubydebug } line in the out put section of the conf
# if you want to see the the logs being processed on stdoout
###

cf install-plugin -r CF-Community "drains"
cf target -s my-dev-space

##
# Step 4: Install the space drain
# Note: the URL is the  URL for the Logstash instance listening for space drain syslog
# Note it shows crashed first before it goes green
# Note: We used port 1601 in this example you can choose your own.
##
cf drain-space syslog://my-logstash-host:1601 --drain-name my-dev-space-drain

##
# When this finishes you should be ingesting space drain logs into Elasticsearch
##

##
# Step 5 : Load the Kibana Saved Objects
# Save this file https://gist.github.com/bvader/58d7a2d0eb132b6e42784c2b36691d24
# to pcf-rtr-logs-saved-objects-7x.json
#
# In Kibana Go to
# Management -> Saved Objects and Import the saved objects from pcf-rtr-logs-saved-objects-7x.json
# Overwrite any existing objects. Note this will only overwrite existing object of the same name and type
#
# You should now have a Dashboard, Some Visualizations, and Some Save Searches to use from Discovery
# To open the saved searches go to Discover -> Open
##
	##
	# Assumes Basic Understanding of PCF, Elasticsearch, Kibana and logstash
	# Should support Elasticstack 7.X
	##

	##
	# Step 1: Setup index template
	# Save this file https://gist.github.com/bvader/addf80083b170e0cfcd78f946a78d50e
	# to pcf_space_drain_log_template.json
	# Then run the following command replacing the username, password and elasticearchhost
	###
	curl -u username:password -XPUT -H 'Content-Type: application/json' http://elasticsearchhost:9200/_template/pcf_space_drain_log_template -d@pcf_space_drain_log_template.json


	##
	# Step 2: Setup and run Logstash to ingest from space drain using this pcf-space-drain.conf
	# Save this file https://gist.github.com/bvader/7ec1505e5d8c8cb44780abe20f553c02
	# to pcf-space-drain.conf
	# Edit the logstash.yml to point to the correct elasticsearch instance
	# example start logstash
	###

	./bin/logstash -f ./pcf-space-drain.conf

	##
	# Step 3: Install CF Space Drain plugins locally
	# Reference : https://github.com/cloudfoundry/cf-drain-cli#space-drain
	# Install the drain plugins locally this can take a while.
	# Note: You can uncomment the stdout { codec => rubydebug } line in the out put section of the conf
	# if you want to see the the logs being processed on stdoout
	###

	cf install-plugin -r CF-Community "drains"
	cf target -s my-dev-space

	##
	# Step 4: Install the space drain
	# Note: the URL is the URL for the Logstash instance listening for space drain syslog
	# Note it shows crashed first before it goes green
	# Note: We used port 1601 in this example you can choose your own.
	##
	cf drain-space syslog://my-logstash-host:1601 --drain-name my-dev-space-drain

	##
	# When this finishes you should be ingesting space drain logs into Elasticsearch
	##

	##
	# Step 5 : Load the Kibana Saved Objects
	# Save this file https://gist.github.com/bvader/58d7a2d0eb132b6e42784c2b36691d24
	# to pcf-rtr-logs-saved-objects-7x.json
	#
	# In Kibana Go to
	# Management -> Saved Objects and Import the saved objects from pcf-rtr-logs-saved-objects-7x.json
	# Overwrite any existing objects. Note this will only overwrite existing object of the same name and type
	#
	# You should now have a Dashboard, Some Visualizations, and Some Save Searches to use from Discovery
	# To open the saved searches go to Discover -> Open
	##