Elasticsearch along with Logstash and Kibana is a great combination for aggregating and enriching log files, splitting them into different fields and visualizing them. For this setup, I will set up a 3 Node Cluster with every node operating every role. The recommended Setup would be separating master-eligible nodes and data nodes, as well as ingest nodes (depending on your workload). Quick Note on the software components: Elasticsearch: Elasticsearch is a distributed search backend using the lucene engine for searching its shards and saved data. The Data indexed into this will be in the json-format. Logstash: Logstash takes your data, passes it through the grok filters you wrote, enriches them if you've configured to do so and indexes them into elasticsearch. Kibana: With Kibana you can control and manage your cluster as well as configure pipelines. Kibana will also give you a fancy frontend to search your data and build graphs. Since I'm only going to go