This blog is part of a series. Refer to the links below for the other posts in this series.
Part 1: Installing Ubuntu
Part 2: Installing Elastic Stack
Part 3: Install ElastiFlow
Part 4: Solution Maintenance (coming soon)
In this section, we will cover installing and configuring Elastic Stack 6.x, which will be used to power the ElastiFlow solution. Elastic Stack, often referred to as ELK Stack, consists of Elasticsearch, Logstash, and Kibana. Elasticsearch is a full-text based search engine. Logstash is a data-collection and log-parsing engine, and Kibana is an analytics and visualization platform used to display the ElastiFlow dashboards.
Please note this tutorial is designed for personal or lab environment setups, so we are not going to cover security considerations with the Kibana website. I have provided links below to additional resources if you need to set up restricted access to the Kibana dashboards.
Installing Elastic Stack 6.x
Install Java
Logstash requires Java 8. Java 9 is not supported. So, we need to ensure that we install the proper version.
Add the Oracle Java PPA to apt
| 1 | sudo add-apt-repository -y ppa:webupd8team/java |
Update apt
| 1 | sudo apt-get update |
Install the latest stable version of Oracle Java 8
| 1 | sudo apt-get install -y oracle-java8-installer |
Install Elasticsearch
Import Elasticsearch Signing Key PGP key
| 1 | wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - |
Confirm apt-transport-https is installed
| 1 | sudo apt-get install -y apt-transport-https |
Add the repository definition to ensure you are getting the latest version
| 1 | echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list |
Update apt
| 1 | sudo apt-get update |
Install Elasticsearch
| 1 | sudo apt-get -y install elasticsearch |
Configure Elasticsearch to start automatically when the system boots
| 1 2 | sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable elasticsearch.service |
Start the Elasticsearch service
| 1 | sudo systemctl start elasticsearch.service |
Install Kibana
Update apt
| 1 | sudo apt-get update |
Install Kibana
| 1 | sudo apt-get -y install kibana |
Configure Kibana to start automatically when the system boots
| 1 2 | sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service |
Start the Kibana service
| 1 | sudo systemctl start kibana.service |
Install Logstash
Update apt
| 1 | sudo apt-get update |
Install Logstash
| 1 | sudo apt-get -y install logstash |
Configuring Elastic Stack
Before you can install ElastiFlow there are a few things that need to be set up in the Elastic Stack.
Configure Elasticsearch
Open the Elasticsearch configuration file for editing.
| 1 | sudo nano /etc/elasticsearch/elasticsearch.yml |
Edit the network.host entry in the Elasticsearch configuration to block access to Elasticseach from outside the server.
Set – network.host: localhost
Restart the Elasticsearch service to force the changes to take effect.
| 1 | sudo systemctl restart kibana |
Configure Kibana
Open the Kibana configuration file for editing.
| 1 | sudo nano /etc/kibana/kibana.yml |
Edit the server.host entry in the configuration to allow external access to Kibana.
note: As I mentioned that the beginning of this tutorial this will allow anonymous access to the Kibana dashboard. If you need to restrict access, I recommend installing and configuring Nginx.
Set – server.host: <Your Server’s IP Address>
Restart the Kibana service to force the changes to take effect.
| 1 | sudo systemctl restart kibana |
To ensure that you can access the Kibana site externally you will need to open the inbound port on the service’s firewall.
| 1 | sudo ufw allow from <Your Server's IP Address> to any port 5601 proto tcp |
On your local computer open a web browser, navigate to the Kibana URL, and confirm Kibana loads
http://<Your Server’s IP Address>:5601/
If you see a page load similar to the one above, then everything is set up and ready for you to install ElastiFlow.
Would you like to get more information? Get in touch with us here!