How to Install Elasticsearch, Logstash, Filebeat, & Kibana on Ubuntu

ELK stack is the collection of open source products developed by the elastic. The following three things are performed:

• Collection of data: The user collects the data from different sources
• Analyze the data: processing the collected data
• Visualization: denotes the representation of data

Prerequisites

• Ubuntu Server 20.04 LTS
• Java(JDK)
• 2 CPU and 4 GB RAM
• Ports 9200, 5601, 5044.

Install the required packages:

apt-get update
apt-get install openjdk-11-jdk wget apt-transport-https curl gnupg2 -y

Check Java version.

java -version 

Here is the command output.

Install & Configure ElasticSearch

• Add elasticsearch signing key & repository.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch --no-check-certificate
 | sudo apt-key add -

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" 
| sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Here is the command output.

Update the  repository.

apt-get update

Install ElasticSearch

apt-get install elasticsearch -y

Open elesticsearch configuration file using vim editor.

vim /etc/elasticsearch/elasticsearch.yml

Uncomment & Provide the follwoing values:

network.host: localhost/0.0.0.0
http.port: 9200
discovery.type: single-node

Start & Enable ElasticSearch Service

systemctl start elasticsearch
systemctl enable elasticsearch

Check ElasticSearch Status.

systemctl status elasticsearch

Here is the command output.

Check elasticsearch service pid using command line.

ss -antpl | sudo grep 9200

Here is the command output.

Check elasticsearch is running by sending HTTP request.

We can also check elasticsearch is running status using web browser(http://localhost:9200) or (http://server-ip:9200)

Install and Configure Kibana

• Install kibana on Ubuntu.

apt-get install kibana

Open kibana configuration file using editor.

vim /etc/kibana/kibana.yml

Uncomment & Edit the config file.Provide the follwoing values.

server.port: 5601
server.host: "0.0.0.0" or "localhost"
elasticsearch.hosts: ["http://localhost:9200"] or ["http://0.0.0.0:9200"]

Start & Enable Kibana Service

systemctl start kibana
systemctl enable kibana

Check the Kibana Status

systemctl status kibana

Here is the command output.

Install and Configure Logstash

• Install logstash on ubuntu.

apt-get install logstash

• Create config file.

vim /etc/logstash/conf.d/02-beats-input.conf

• Enter the follwoing lines.

input {

  beats {

    port => 5044

  }

}

• Create the logstash configuration file to send the logs.

vim /etc/logstash/conf.d/30-elasticsearch-output.conf

• Enter the follwoing lines.

output {

  elasticsearch {

    hosts => ["localhost:9200"] or ["0.0.0.0:9200"]

    manage_template => false

    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"

  }

}

• Start & Enable Logstash service.

systemctl start logstash
systemctl enable logstash

• Check Logstash status.

systemctl status logstash

Here is the command output.

Install and Configure Filebeat

• Install Filebeat on ubuntu.

apt-get install filebeat

• Open filebeat configuration file.

vim /etc/filebeat/filebeat.yml

• Comment the below lines.

#output.elasticsearch:
  # Array of hosts to connect to.
#  hosts: ["localhost:9200"]

• Uncomment the below lines.

output.logstash:
hosts: ["localhost:5044"] or ["0.0.0.0:5044"]

• Start & Enable filebeat service.

systemctl start filebeat
systemctl enable filebeat

• Check Filebeat status.

systemctl status filebeat

Here is the command output.

• Enable filebeat system module.

filebeat modules enable system

Here is the command output.

• Check that ElasticSearch is receiving datalog from filebeat using below command.

curl -XGET http://localhost:9200/_cat/indices?v

Here is the command output.

Access Kibana Web Interface

• Access Kibana Web Interface by using the URL.

http://your-server-ip:5601