ELK Blueprint

What are DigitalOcean Blueprints?

DigitalOcean Blueprints are pre-configured infrastructure stacks with ready-to-use applications and they’re deployed with only a few clicks. With DigitalOcean Blueprints you’ll be able to skip complicated deployment configurations and infrastructure setups. You’ll be able to deploy easily and begin using your applications right away!

DigitalOcean Blueprints are designed to be the starting point for your production ready infrastructure. They aim to make deployment as seamless as possible so you can access the value of the application quickly. Each Blueprint has its own infrastructure configuration, cost, and software deployments. Please refer to the documentation for more details on each of these components.

What is this Blueprint?

The ELK Blueprint will deploy 3 Droplets with the following components: ElasticSearch, Kibana, and LogStash. Each Droplet deployed contains:

  • 4 vCPUs
  • 8GB Memory
  • 160GB SSD Disk
  • 5TB of transfer included.

The approximate cost of this deployment is $144 monthly.

ElasticSearch and Kibana are configured out-of-box and LogStash is ready-to-use.

How to use DigitalOcean Blueprints?

Install Terraform

Head to the Terraform install page and follow the instructions for your platform.

You can validate your local Terraform installation by running:

$ terraform -v
Terraform v1.5.7

Create a DigitalOcean API token

Head to the Applications & API page and create a new personal access token (PAT) by clicking the Generate New Token button. Make sure to check the Write scope for the token, as Terraform needs it to create new resources. After creating the token, make sure to save it as it disappears forever if you close the page. If you lost the token, delete it and create a new one.

Set up a blueprint and variables

Clone this repository to the machine where Terraform is installed:

$ git clone https://github.com/digitalocean/marketplace-blueprints.git

Head to the blueprint you are interested in, for this example we will use ELK:

$ cd blueprints/elk/

Edit variables.tf file and specify your API token like this:

variable “do_token” {
  default = “dop_v1_your_beautiful_token_here”

We are almost there, now initialize the Terraform project by running:

$ terraform init

Finally, after the project is initialized, run the Terraform apply to spin the blueprint:

$ terraform apply

It can take a few minutes to spin the droplets and some blueprints require extra time after the creation to finish the configuration.

Software Included

Package Version License
ElasticSearch Latest ELv2
Kibana Latest Dual license: Server Side Public License and Elastic License 2.0
LogStash Latest Apache License V2 and Elastic License

Getting Started After Deploying ELK Blueprint

After the stack is deployed, give it 5-6 minutes to finish the configuration.

After this, you can access Kibana at http://<kibana-droplet-ip>:5601. You should see the Login screen:

kibana login

If the Kibana page asks you for the enrollment token or says: “Kibana server is not ready yet.”, you need to wait a bit more until it finishes configuring.

To get credentials, SSH in ElasticSearch droplet, and you will see a password for the Elastic user like this:

elastic creds

Near the Elastic password, you will see Kibana and LogStash passwords as well.

After you log in, you will have access to the Kibana dashboard!

Stack Details

  • XPACK basic security enabled.
  • This stack does not provide Elastic license. If your business requires one, it is your responsibility to get one.
  • Latest APT versions of ElasticSearch, Kibana, and LogStash.
  • ElasticSearch discovery mode is set to a single node.
  • ElasticSearch, Kibana, and LogStash and configured to run as systemctl services.
  • ElasticSearch configuration logs are available at /var/log/user_data.log file.
  • Kibana configuration logs are available at /var/log/user_data.log file.