Elasticsearch is a search engine that provides a distributed, multitenant-capable full-text search engine and schema-free JSON documents across distributed shared storage. Logstash is a free and open server-side data processing component that collects, parses, and transforms data before sending it to other sources, including Elasticsearch. Kibana is a free and open user interface that lets you explore and visualize Elasticsearch data. Beats are lightweight transport agents that collect application data and send it to Elasticsearch or another platform. When you add all these components and services, you will be able to build a robust search and analytic platform to run your services. To get started installing the ELK stack on Ubuntu follow the steps below:
Prepare Ubuntu
Before installing any of the services above, run the commands below on your Ubuntu machine to install packages that are vital to install ELK on Ubuntu.
Install Java
Elasticsearch is a Java component and requires Java to be installed. The open-source version of Java should work great with Elasticsearch. Simply run the commands below to install Java. To verify that Java is installed, run the commands below: That should display similar lines as shown below: The commands above install OpenJDK version 11.
Install Elasticsearch
Now that Java is installed, run the commands below to add Elasticsearch APT repository to Ubuntu since its packages are not available by default in Ubuntu. Run the commands below to add its GPG repository key. Then follow that by creating its repository file in Ubuntu. That should create a repository file called elastic-7.x.list. Once the repository is added, run the commands below to install Elasticsearch. Start and enable Elasticsearch services. By default, Elasticsearch should be running on port 9200. Run the commands below from the command line to view Elasticsearch status and details That should output similar lines as shown below:
Install Kibana
Kibana packages are available in Ubuntu repositories by default. No need to add extra repositories. Simply run the commands below to install, start and enable Kibana services. That should get Kibana installed and ready to use. Kibana provides a web interface that can be secured with a reverse proxy and HTTPS. Kibana communicates over port 5601. http://localhost:5601/status You can open your browser and browse to the server’s hostname or IP address followed by port 5601 and bring up the Kibana web interface. If you’d like to use Nginx reverse proxy and enable HTTPS, then use this Nginx reverse proxy configuration in the virtual host. You can also use Let’s Encrypt to further secure the Kibana web interface with the proxy above.
Install Logstash
Logstash packages are also available in Ubuntu repositories. So all you need to do is run the commands below to install, start and enable its services. That should get Logstash installed and ready to be used. The default configuration of Logstash is found in /etc/logstash/conf.d. Since we’re going to be using Filebeat to collect and input data to Logstash, run the commands below to create a file to define port 5044 on Logstash. Copy and paste the content below into the file and save. Next, create a file to define output to Elasticsearch. Then copy and paste the content below into the file and save it. Save the exit. Make sure the configurations are ok, by running the validation commands below: You should get a success message as below:
Install Filebeat
Filebeat packages also come with Ubuntu default repositories. Simply run the commands below to install, start and enable Filebeat services. Filebeat is configured to send data directly to Elasticsearch. Since we want data to flow to Logstash first before going to Elasticsearch, comment out the lines that send to Elasticsearch and uncomment the ones that send to Logstash. Make the highlighted changes below: After making the changes, save and exit. Run the commands below to enable Filebeat modules and parsing processes. Load Filebeat template Also, integrate Filebeat with Kibana. Restart all components That should do it! Conclusion: This post showed you how to install the ELK stack on Ubuntu 20.04 | 18.04. If you find any error above, please use the form below to report.