Scribd
Upload
265 views

Elasticsearch, Logstash & Kibana Deployment How To.: Faisal Sikander Khan Senior System Administrator

The document provides instructions for installing the ELK (Elasticsearch, Logstash, Kibana) stack on Ubuntu 18.04. It describes downloading dependencies like Java 8, adding the Elastic repository, and installing Elasticsearch, Kibana, and Logstash. Nginx is configured to proxy requests to Kibana and basic authentication is enabled. Once installed, the ELK stack can be used to centrally manage and visualize large volumes of logged data.

Uploaded by

Faisal Sikander Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
265 views

Elasticsearch, Logstash & Kibana Deployment How To.: Faisal Sikander Khan Senior System Administrator

The document provides instructions for installing the ELK (Elasticsearch, Logstash, Kibana) stack on Ubuntu 18.04. It describes downloading dependencies like Java 8, adding the Elastic repository, and installing Elasticsearch, Kibana, and Logstash. Nginx is configured to proxy requests to Kibana and basic authentication is enabled. Once installed, the ELK stack can be used to centrally manage and visualize large volumes of logged data.

Uploaded by

Faisal Sikander Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

ELK

ElasticSearch, LogStash & Kibana


Deployment How to.

By:
Faisal Sikander Khan
Senior System Administrator
Objective
Install ELK on Ubuntu 18.04 Bionic Beaver

Distributions
Ubuntu 18.04

Requirements
A working install of Ubuntu 18.04 with root privileges

Difficulty
Easy

Conventions
• # - requires given linux commands to be executed with root privileges either directly as a root
user or by use of sudo command
• $ - requires given linux commands to be executed as a regular non-privileged user

What is ELK
If you're in a situation where you manage large amonts of data logs, the ELK stack is exactly what you're
looking for. The ELK stack combines Elasticsearch, Logstash, and Kibana into a simple, yet powerful,
open source stack that lets you manage large amounts of logged data from a convenient graphical web
interface. All three tools are developed by Elastic, so they work in tandem perfectly, and they're very
easy to get set up on your Ubuntu system.

Install The Dependencies


Begin by installing the dependencies. These are all fairly common, though there are a couple of notes
that you need to take into account. Of course, these are Nginx-based, so disable Apache or switch the
port, if you're using it.

Logstash doesn't support Java 10, which is available on Bionic from openjdk-11-jre. If you have it
installed on your system, remove it. Use the older version until Logstash gets support.

$ sudo apt install openjdk-8-jre apt-transport-https wget nginx

Add The Elastic Repository


Elastic provides a complete repository for Debian based systems that includes all three pieces of
software. You just need to add it to your system. Begin by importing their GPG key.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key


add -
Next, add the repository. Create a file at /etc/apt/sources.list.d/elastic.list, and paste the following line
into it.

deb https://artifacts.elastic.co/packages/6.x/apt stable main

Save that file, and exit. Update Apt.

$ sudo apt update

Install Elasticsearch and Kibana


You're now ready to install Elasticsearch and Kibana. They're available through Apt, so get them like you
normally would.

$ sudo apt install elasticsearch kibana

You need to edit the Kibana configuration file at /etc/kibana/kibana.yml to tell it that the host server
is localhost. The line is already there. Uncomment it.

server.host: "localhost"

Restart Kibana and start up Elasticsearch, and both will be ready to go.
$ sudo systemctl restart kibana

$ sudo systemctl start elasticsearch

Set Up Nginx
Kibana is served through Nginx, so you need to set up a basic Nginx configuration to get it to serve your
instance of Kibana. Start by creating a password for Kibana. This way, your server isn't accessible openly
on the Internet. Use OpenSSL to generate the password, and place it in /etc/nginx/htpasswd.kibana. You
can change the username to anything you want. In this instance, it's admin.

$ echo "admin:`openssl passwd -apr1 YourPassword`" | sudo tee -a


/etc/nginx/htpasswd.kibana
After you have your password, create an Nginx configuration similar to the one below
at /etc/nginx/sites-available. Make sure to use your actual server url or IP. The defaults should be good
for everything else.
server {

listen 80;

server_name your-site.com;

auth_basic "Restricted Access";

auth_basic_user_file /etc/nginx/htpasswd.kibana;

location / {

proxy_pass http://localhost:5601;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection 'upgrade';

proxy_set_header Host $host;

proxy_cache_bypass $http_upgrade;

After you have your configuration, remove the existing default config, and create a new symlink in sites-
enabled for Kibana.
$ sudo rm /etc/nginx/sites-enabled/default

$ sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana

Restart Nginx for the changes to take effect.

$ sudo systemctl restart nginx

Install Logstash
The last thing that you need to do is install Logstash. Just install it with your package manager.
$ sudo apt install logstash

Sign In To Kibana
Open up your browser, and go to the address that you assigned to your Kibana instance in the Nginx
configuration. You should be prompted to enter the username and password that you set up for Kibana.
Enter them.

You'll see the Kibana dashboard appear, fully operational. You can begin using Kibana and setting up
your preferences.

Closing Thoughts
Your ELK stack is fully operational on Ubuntu. ELK can help you manage your logs, and Kibana specifically
has some excellent tools to help you visualize and organize that data.

You might also like