First, lets Download the beats template.
curl -O https://raw.githubusercontent.com/elastic/topbeat/master/etc/topbeat.template.json
Upload to elastic template
curl -XPUT 'http://elk3.domain.com:9200/_template/topbeat' -d@topbeat.template.json
Now, lets install topbeat, add elastic beat repo, and run
yum -y install topbeat
Modify /etc/topbeat/topbeat.yml, under elasticsearch add elastic (or logstash) hosts
hosts: ["10.10.3.48:9204", "10.10.3.48:9205", "10.10.3.48:9206"]
Start the beat service
systemctl start topbeat
Install topbeats dashboards
curl -L -O https://download.elastic.co/beats/dashboards/beats-dashboards-1.2.0.zip unzip beats-dashboards-1.2.0.zip, and run ./load.sh -url "http://elk3.domain.com:9200"
Finally, create the kibana index, [topbeat]-YYY.MM.DD in the web UI
To verify the index got created (after logs are send to the system)
curl -XGET 'http://localhost:9200/topbeat-*/_search?pretty'
Source
http://amsterdam.luminis.eu/2015/10/05/infrastructure-metrics-with-elasticsearch-stack/
Network capture
http://amsterdam.luminis.eu/2015/10/05/infrastructure-metrics-with-elasticsearch-stack/