ELK is the most mandatory tools in this DevOps world. ELK stack stands for Elasticsearch Logtstash Kibana.

Elasticsearch - It is an Opensource document-oriented database, It stored the data in json format, easy to use, scalable.

Logstash - It is a data processing pipeline which collects the data from multiple sources(eg : filebeat) then transform it and send to Elasticsearch.

Kibana - It used to visualize and explore the data from Elasticsearch.

Today will see how to install latest ELK stack in Centos 8.

Step 1 :

Install Java 1.8,

# yum -y install java

check java version,

# java -version



Step 2 :

Configure ELK repository,

#  cat << EOF > /etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
EOF

Step 3 :

Install Elasticsearch, Logstash and Kibana

# yum install -y --enablerepo=elasticsearch elasticsearch logstash kibana


Step 4 :

Configure all the services and Start it,

For Elasticsearch,

The configuration file location is available at /etc/elasticsearch

We are going to use default configuration.

# systemctl enable elasticsearch.service
# systemctl start elasticsearch.service
# systemctl status elasticsearch.service

To check the Elasticsearch status,

# curl -X GET http://127.0.0.1:9200



Note : To access elasticsearch from outside, un-comment "network.host" in "/etc/elasticsearch/elasticsearch.yml" and update like below and restart elasticsearch.

network.host: 0.0.0.0

For Logstash,

The configuration file location is available at /etc/logstash/

We are going to use default configuration.

# cp -r /etc/logstash/logstash-sample.conf /etc/logstash/conf.d/logstash.conf

# systemctl enable logstash.service
# systemctl start logstash.service
# systemctl status logstash.service

For Kibana,

The configuration file location is available at /etc/kibana/

By default Kibana listens on localhost, to change this go to /etc/kibana.

#vi kibana.yaml

change, server.host to "0.0.0.0"

# systemctl enable kibana.service
# systemctl start kibana.service
# systemctl status kibana.service

Go to browser and use the kibana server ip, http://Kibana_server_IP:5601




In firewall allow 5601 port to access Kibana from outside.

That's all, ELK stack has been installed successfully.

Post a Comment

Previous Post Next Post