This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
This section contains manifests that illustrate common use cases, and can be your starting point in exploring Logstash deployed with ECK. These manifests are self-contained and work out-of-the-box on any non-secured Kubernetes cluster. They all contain a three-node Elasticsearch cluster and a single Kibana instance.
The examples in this section are for illustration purposes only and should not be considered to be production-ready. Some of these examples use the
node.store.allow_mmap: false setting on Elasticsearch which has performance implications and should be tuned for production workloads, as described in Virtual memory.
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.11/config/recipes/logstash/logstash-eck.yaml
Deploys Logstash with a single pipeline defined in the CRD
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.11/config/recipes/logstash/logstash-pipeline-as-secret.yaml
Deploys Logstash with a single pipeline defined in a secret, referenced by a
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.11/config/recipes/logstash/logstash-pipeline-as-volume.yaml
Deploys Logstash with a single pipeline defined in a secret, mounted as a volume, and referenced by
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.11/config/recipes/logstash/logstash-es-role.yaml
Deploys Logstash and Elasticsearch, and creates an updated version of the
eck_logstash_user_role to write to a user specified index.
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.11/config/recipes/logstash/logstash-volumes.yaml
Deploys Logstash, Beats and Elasticsearch. Logstash is configured with two pipelines:
- a main pipeline for reading from the Beats instance, which will send to the DLQ if it is unable to write to Elasticsearch
a second pipeline, that will read from the DLQ.
In addition, persistent queues are set up.
This example shows how to configure persistent volumes outside of the default
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.11/config/recipes/logstash/logstash-monitored.yaml
Deploys an Elasticsearch and Kibana monitoring cluster, and a Logstash that will send its monitoring information to this cluster. You can view the stack monitoring information in the monitoring cluster’s Kibana
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.11/config/recipes/logstash/logstash-multi.yaml
Deploys Elasticsearch in prod and qa configurations, running in separate namespaces. Logstash is configured with a multiple pipeline→pipeline configuration, with a source pipeline routing to