The instructions describe how to install ELK Stack on a virtual server running Centos 7.
What is ELK Stack?
"ELK" is short for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server-side data processing pipeline that receives data from multiple sources at the same time, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana allows users to visualize data using charts and graphs in Elasticsearch.
Initial requirements
The minimum system requirements for normal operation of ELK are 4Gb RAM and 2 CPUs
Java installation
Deploying an Elastic stack requires Java to be installed. Run the following command:
You can check the installed version with the command:
Installing and configuring Elasticsearch
Use the rpm command to download the Elasticsearch key:
Add a repository:
Paste the following content into it and save the file:
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
Start the installation process:
Next, you need to edit the configuration file, first you need to open it with the vi text editor:
Uncomment the following line in the file:
Uncomment and set values for the following parameters:
http.port: 9200
Save your changes and close the text editor.
The next step is to edit the sysconfig configuration file for Elasticsearch:
Uncomment the MAX_LOCKED_MEMORY setting and make sure it's set to unlimited:
Before starting the service, first reboot the systems and allow Elasticsearch to start at boot time:
systemctl enable elasticsearch
systemctl start elasticsearch
Installing and configuring Kibana
Use wget to download Kibana 6.2.4 and then install it with the rpm command:
rpm -ivh kibana-6.2.4-x86_64.rpm
Next, you need to edit the Kibana configuration file:
Uncomment the following lines and set the values:
server.host: "[IP - adress of your server]"
elasticsearch.url: "http://localhost:9200"
For example:
server.host: "123.234.123.234"
elasticsearch.url: "http://localhost:9200"
Start the Kibana service and set it to start automatically on boot:
systemctl start kibana
Open port 5601 to connect to the Kibana web interface:
sudo firewall-cmd --reload
Setting up Nginx
On your virtual server, the NGINX web server must be installed, how to do this is written in our instructions(нужна гиперссылочка).
Install additional tools for working with the web server:
Next, you need to create a new virtual host configuration file in the conf.d directory:
For example:
And insert the following data:
listen 80; server_name [Domen or IP-adress];
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Then create a new basic authentication file using the htpassw command. You will need to create a password for the admin user:
Restart the nginx server:
Installing and configuring Logstash
Download and install Logstash:
rpm -ivh logstash-6.2.4.rpm
Once Logstash is installed, start the service:
systemctl enable logstash
Connecting to Kibana
After completing the settings, connect to Kibana in the browser, to do this, go to the following link:
For example:
http://123.234.123.234:5601