In the ELK stack, what is the primary role of Logstash?
Think about which component processes and prepares logs before storage.
Logstash collects logs from various sources, parses and transforms them, then forwards them to Elasticsearch for storage.
What is the expected output when you successfully create an index named 'logs-2024' in Elasticsearch using the following curl command?
curl -X PUT "localhost:9200/logs-2024" -H 'Content-Type: application/json'
Successful index creation returns an acknowledgment with true values.
The response confirms the index was created and shards acknowledged successfully.
Which Logstash input configuration correctly reads Docker container logs from the default JSON file location?
Docker stores container logs as JSON files in a specific directory.
The default Docker container logs are JSON files located under /var/lib/docker/containers/*/*.log, so Logstash must read from there with JSON codec.
You have set up ELK stack and Logstash is running. However, Kibana dashboards show no logs. Which of the following is the most likely cause?
Kibana needs to know which Elasticsearch indexes to read from.
If the index pattern is missing in Kibana, it cannot display logs even if data exists in Elasticsearch.
Arrange the ELK stack components in the correct order of processing logs from collection to visualization.
Think about which component collects logs first and which shows them last.
Beats collect logs from sources, Logstash processes them, Elasticsearch stores and indexes, Kibana visualizes.