How to install and configure ELK stack in Ubuntu

“ELK” is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana.

  • Elasticsearch is a search and analytics engine.
  • Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch.
  • Kibana lets users visualize data with charts and graphs in Elasticsearch.

To install all, follow below steps

Install dependencies:

Update Ubuntu and install necessary packages

$ sudo apt-get update && sudo apt-get -y upgrade
$ sudo apt-get install apt-transport-https software-properties-common wget

Install Oracle Java JDK from Webupd8 Team PPA repository,

$ sudo add-apt-repository ppa:webupd8team/java
$ sudo apt-get update
$ sudo apt-get install oracle-java8-installer

Check Java installation

$ java -version

You should see something like the following

java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)

Install and configure ElasticSearch

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
$ sudo apt-get update
$ sudo apt-get install elasticsearch

Restrict remote access to the Elasticsearch instance by editing /etc/elasticsearch/elasticsearch.yml file

$ sudo sed -i 's/#network.host: 192.168.0.1/network.host: localhost/g' /etc/elasticsearch/elasticsearch.yml

Start the Elasticsearch service and set it to automatically start on boot:

$ sudo systemctl restart elasticsearch
$ sudo systemctl enable elasticsearch

To test that the Elasticsearch daemon is up and running, try sending an HTTP GET request on port 9200.

$ curl http://127.0.0.1:9200

Install and configure Kibana

Install Kibana from previously added Elastic repository.

$ sudo apt-get install kibana

Restrict remote access to the Kibana instance by editing /etc/kibana/kibana.yml file

$ sudo sed -i 's/#server.host: "localhost"/server.host: "localhost"/g' /etc/kibana/kibana.yml

Start the Kibana service and set it to automatically start on boot:

$ sudo systemctl restart kibana
$ sudo systemctl enable kibana

Kibana will now run on localhost on port 5601. To access Kibana web interface, point your browser to port 5601. For example, http://127.0.0.1:5601.

Install and configure Logstash

Install Logstash from previously added Elastic repository.

$ sudo apt-get install logstash
1 Like