How to Install ELK Stack on Ubuntu

Want to know how to install ELK Stack on Ubuntu?

Imagine you have a system with multiple software and applications installed on it. These applications are being continuously used, churning out loads and loads of useful data you need. 

In this situation, keeping track of each software’s information and data logs can be very tedious. It is hard to continuously collect massive amounts of data continuously and filter it to extract useful information. This is where ELK Stack comes in handy. 

ELK Stack is an acronym for Elastic Stack, a collection of open-source software developed by Elastic. It is used for centrally logging information to your computer. As a powerful tool, it can be deployed for logging information from various software.

For the users who want to learn more about ELK Stack and how it can be deployed on your system, you are at the right place. In this article, we will be guiding you through the steps on how to install ELK Stack on Ubuntu. Moreover, we will also be discussing the important components of ELK Stack and their functions.

So, gear up for an interesting ride!

ELK Stack 

As mentioned before, the ELK stack is a collection of open-source software. The three components that form the ELK Stack are as follows: 

Elasticsearch: This is the search engine part of elk. It stores all the incoming information and data. 

Logstash: This part of elk is used for data processing. It filters for useful information and sends it to Elastcsearch to store it.

Kibana: This component is the web interface for elk. It can also be used as a data visualizing and analyzing tool. 

These three components work in tandem to create the perfect data-logging software. These enable elk to be very effective at real-time computing and data processing. It is also very effective at handling large amounts of data, hence if you are looking for a data logging and processing application, ELK Stack is worth considering. 

How to Install ELK Stack On Ubuntu?

Before we go into the details, you must ensure that you have the basic requirements to run ELK Stack on your system. You will need at least 4GB of RAM and at least 20GB of ROM to accommodate the data storage done by Elasticsearch. Moreover, you will also need Nginx on your system

Nginx is a web server that can be used for reverse proxy and to access webpage content on Linux. It can also be used as a load balancer. Not only do you need Nginx for ELK Stack, but multiple utilities come with Nginx that you may find helpful. 

If you have made sure that you have the requirements to install ELK Stack, let’s move on to the juicy parts. 

Install and Configure Elasticsearch.

Unluckily, the Elasticsearch package is not available in the Ubuntu repository. However, we can still get Elasticsearch on Ubuntu by adding its package and then downloading it through APT. Follow these steps to get Elasticsearch.

  1. We will use the $curl command to extract the Elasticsearch package.
$ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Or:

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
  1. In the next step, we will add Elasticsearch source to the “sources.list.d” directory and do the APT search for new resources.
$ echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
Install ELK Stack on Ubuntu
  1. Update your package list by using this command:
$ sudo apt update
command
  1. Install Elasticsearch from the APT repository.
$ sudo apt install elasticsearch
  1. After it has been installed, open the configuration file of Elasticsearch with a text editor.
$ sudo emacs /etc/elasticsearch/elasticsearch.yml
  1. Elasticsearch works so that it sees all the traffic going through port 9200. You need to change this so that outsiders can’t interfere with your ELK Stack and invade your privacy. In the configuration file, find the line that says “network.host”. You need to uncomment it and give it the value “localhost”.
  2. Next, start Elasticsearch using the $systemctl command. 
$ sudo systemctl start elasticsearch
Install ELK Stack on Ubuntu

This is how you can install and configure Elasticsearch on your Ubuntu. Next, we move on to install and configure Kibana. 

Install and Configure Kibana.

Unlike Elasticsearch, the package for Kibana is already present in the Ubuntu APT repository. So, you can directly install Kibana from there. Follow these steps to get Kibana.

  1. Open the Terminal and type in this command:
$ sudo apt install kibana
Install ELK Stack on Ubuntu
  1. After the installation is complete, use the $systemctl command to start and enable Kibana.
  2. By default, Kibana is designed to listen to the “localhost”. So, you will need to reverse proxy to allow external access to it. This will be done using Nginx. First, use the $openssl command to set up a new username and password to access Kibana. 
  3. Both these will be stored in the “htpasswd.users” file and you will configure Nginx to access this file after providing the username and password.
$ echo "username:`openssl password -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
  1. The next step is to create an Nginx server block file. Use any text editor to open the server block file and add the following code. 
$ sudo emacs /etc/nginx/sites-available/filename
server {
    listen 80;
    server_name your_domain;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
    proxy_pass http://localhost:5601;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
     proxy_set_header Host $host;
     proxy_cache_bypass $http_upgrade;
    }
  1. Reload Nginx using the $systemctl command. You are done with configuring Kibana.

Install and Configure Logstash.

Logstash is available in Ubuntu repositories and you can install it directly from there using the following command. 

$ sudo apt install logstash

Once it is installed, start and enable it using the $systemctl command. For configuring Logstash, you can customize its input, outputs, and filters according to your demands. Set the data transfer rate and the data being filtered as you require so you can get the most out of the ELK Stack application. 

This was a guide on how to install ELK Stack on Ubuntu. We looked at how ELK Stack works and what advantages we can get out of it.

We hope that we were able to help you understand this wonderful software and install it. If there are any further queries, please let us know in the comments.   

If this guide helped you, please share it. 🙂

Author

Leave a Reply

Your email address will not be published. Required fields are marked *