I have taken this and expanded it to include version 6.3.2 of ElasticSearch, Logstash, Kibana, FileBeat, and MetricBeat.
My cluster is 6 nodes.
ElasticSearch is installed on Nodes 4,5,6(4 Master & 5,6 Data Nodes). Logstash is Installed on Node 3. FileBeat & MetricBeat are installed on all 6 nodes. Kibana is installed on Node 4. The rest of the cluster is configured normally for a minimal Install.
ElasticSearch Zen Discovery Hosts: example: [ node4.hostname.com, node5.hostname.com, node6.hostname.com ]
Post installation Ambari handles the configuration of all components including logstash (input, output, and filters) and FileBeat and MetricBeat configuration files.
ElasticSearch configuration should work out of the box without any changes other than Zen Discovery Hosts.
Logstash filters are setup for beats input, file FileBeat filter, and elasticsearch output.
FileBeat is setup to use Logstash.
MetricBeat is setup to send metrics directly to Elasticsearch.
Learning this Elasticsearch MPack is a good example of how to create your own custom stack using a Management Pack to define services not normally found in an Ambari Cluster. Ambari Administrators looking to understand how to create their own Management Pack should take some time to diff the Mpacks attached below. Creating custom services controlled via Ambari is pretty easy if you mimic the folder structure, make the necessary xml file changes, and adjust the python package scripts accordingly.