This blog is part of a series. Refer to the links below for the other posts in this series.
Part 1: Installing Ubuntu
Part 2: Installing Elastic Stack
Part 3: Install ElastiFlow
In this section, we will cover installing and configuring Elastic Stack 6.x, which will be used to power the ElastiFlow solution. Elastic Stack, often referred to as ELK Stack, consists of Elasticsearch, Logstash, and Kibana. Elasticsearch is a full-text based search engine. Logstash is a data-collection and log-parsing engine, and Kibana is an analytics and visualization platform used to display the ElastiFlow dashboards.
Please note this tutorial is designed for personal or lab environment setups, so we are not going to cover security considerations with the Kibana website. I have provided links below to additional resources if you need to set up restricted access to the Kibana dashboards.
Installing Elastic Stack 6.x
Install Java
Logstash requires Java 8. Java 9 is not supported. So, we need to ensure that we install the proper version.
Add the Oracle Java PPA to apt
sudo add-apt-repository -y ppa:webupd8team/java
Update apt
sudo apt-get update
Install the latest stable version of Oracle Java 8
sudo apt-get install -y oracle-java8-installer
Install Elasticsearch
Import Elasticsearch Signing Key PGP key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Confirm apt-transport-https is installed
sudo apt-get install -y apt-transport-https
Add the repository definition to ensure you are getting the latest version
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
Update aptsudo apt-get update
Install Elasticsearch
sudo apt-get -y install elasticsearch
Configure Elasticsearch to start automatically when the system boots
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
Start the Elasticsearch service
sudo systemctl start elasticsearch.service
Install Kibana
Update apt
sudo apt-get update
Install Kibana
sudo apt-get -y install kibana
Configure Kibana to start automatically when the system boots
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
Start the Kibana service
sudo systemctl start kibana.service
Install Logstash
Update apt
sudo apt-get update
Install Logstash
sudo apt-get -y install logstash
Configuring Elastic Stack
Before you can install ElastiFlow there are a few things that need to be set up in the Elastic Stack.
Configure Elasticsearch
Open the Elasticsearch configuration file for editing.
sudo nano /etc/elasticsearch/elasticsearch.yml
Edit the network.host entry in the Elasticsearch configuration to block access to Elasticseach from outside the server.
Set – network.host: localhost
Restart the Elasticsearch service to force the changes to take effect.
sudo systemctl restart kibana
Configure Kibana
Open the Kibana configuration file for editing.
sudo nano /etc/kibana/kibana.yml
Edit the server.host entry in the configuration to allow external access to Kibana.
note: As I mentioned that the beginning of this tutorial this will allow anonymous access to the Kibana dashboard. If you need to restrict access, I recommend installing and configuring Nginx.
Set – server.host: <Your Server’s IP Address>
Restart the Kibana service to force the changes to take effect.
sudo systemctl restart kibana
To ensure that you can access the Kibana site externally you will need to open the inbound port on the service’s firewall.
sudo ufw allow from <Your Server's IP Address> to any port 5601 proto tcp
On your local computer open a web browser, navigate to the Kibana URL, and confirm Kibana loads
http://<Your Server’s IP Address>:5601/
If you see a page load similar to the one above, then everything is set up and ready for you to install ElastiFlow.
Would you like to get more information? Get in touch with us here!