diff --git a/utils/elk/README.md b/utils/elk/README.md
index 4c396373..0a65d8ca 100644
--- a/utils/elk/README.md
+++ b/utils/elk/README.md
@@ -1,16 +1,33 @@
-How to process Kippo output in an ELK stack
-===========================================
+# How to process Kippo output in an ELK stack
 
 (Note: work in progress, instructions are not verified)
 
+
+## Prerequisites
+
+* Working Kippo installation
+* Kippo JSON log file (enable database json in kippo.cfg)
+
+## Installation
+
 * Install logstash, elasticsearch and kibana
 
 ```
 apt-get install logstash
 apt-get install elasticsearch
-apt-get install kibana
 ````
 
+* Install Kibana
+
+This may be different depending on your operating system. Kibana will need additional components such as a web server
+
+
+## ElasticSearch Configuration
+
+TBD
+
+## Logstash Configuration
+
 * Download GeoIP data
 
 ```
@@ -24,6 +41,11 @@ wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
 
 ```
 cp logstash-kippo.conf /etc/logstash/conf.d
+```
+
+* Make sure the configuration file is correct. Check the input section (path), filter (geoip databases) and output (elasticsearch hostname)
+
+```
 service logstash restart
 ```
 
@@ -41,3 +63,5 @@ tail /tmp/kippo-logstash.log
 http://<hostname>:9200/_search?q=kippo&size=5
 ```
 
+* If this gives output, your data is correctly loaded into ElasticSearch
+