Now it is time to view and analyze the data from our nodes master-1, data-1 and data2.

Filebeat

Login to your kibana site https://kibana.elk/ using the user ‘elastic’ and the password you setup earlier then go to the dashboard page and look for “filebeat system”

So you can see the syslog events from those nodes (bar chart on the left side) and the syslog hostnames and processes on the 2nd chart. Below it’s the raw data of syslog events from filebeat system.

I will try to login to data-1 node using a wrong SSH password.

And screenshot below shows it was able to capture the SSH login attempts logs

Metricbeat

Go to the dashboard page and look for “metricbeat system”

The screenshot below shows you have 3 hosts (master-1, data-1 and data-2) and it will show its system resources details like cpu. ram, disk, etc.

Create your own custom visualization

Go to Visualize Library -> Create visualization -> Lens.

Then from there, select “metricbeat-*”, Bar vertical, @timestamp for Horizontal axis, process.memory.pct for Vertical axis and you can break it down by hostnames so you can see the 3 nodes master-1, data-1 and data-2.