Install Filebeat on your hosts, configure it to ship system logs to Logstash, work around the 9.x fileset trap, and verify logs flow into Elasticsearch.
File paths, ports, essential commands, Ansible variables, and vault variables for the entire ELK stack deployment — all in one place.
Free guide: deploy a production-ready ELK stack on Rocky Linux 9 with Elasticsearch, Kibana SSL, Logstash, Filebeat, ILM retention, and SELinux enforcing.