Sign in Subscribe
By Austin Songer in Ubuntu

How to Install ELK on Ubuntu 20.04

How to Install ELK on Ubuntu 20.04

Elasticsearch, Logstash, Kibana (ELK) allows for managing large amounts of log data on Ubuntu 20.04 Focal Fossa. The ELK stack combines Elasticsearch, Logstash, and Kibana, which are open source tools that work in tandem to provide you with the ability to manage log data from a convenient graphical web interface.

I'll show you the steps required to get ELK up and running on your Ubuntu 20.04 system.

Category Requirements Used
System Ubuntu 20.04
Software ELK, Nginx,openjdk-11-jdk, wget, apt-transport-https, curl, gpgv, gpgsm, gnupg-l10n, gnupg, dirmngr

Update and Upgrade Distro

apt-get update -y
apt-get upgrade -y
bash

Install Required Dependencies

apt-get install openjdk-11-jdk wget apt-transport-https curl gpgv gpgsm gnupg-l10n gnupg dirmngr -y

Install and Configure Java

sudo apt -y install openjdk-11-jdk
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

Elasticsearch

Add Elastic Repository

Download and install the PGP Key using wget command.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Next is to add the Elasticsearch repository to the system:
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Install Elasticsearch

Update the apt packages and install the Elasticsearch by issuing the following command:

apt-get update
apt-get install elasticsearch -y
sudo systemctl stop elasticsearch
systemctl enable elasticsearch

Configure Elasticsearch

Add Transport.host

echo 'transport.host: localhost' >> /etc/elasticsearch/elasticsearch.yml

Add Transport TCP Port

echo 'transport.tcp.port: 9300' >> /etc/elasticsearch/elasticsearch.yml

Add Network.host

echo 'network.host: localhost' >> /etc/elasticsearch/elasticsearch.yml

Add http.port

echo 'http.port: 9200' >> /etc/elasticsearch/elasticsearch.yml

Add discovery.type

echo 'discovery.type: single-node' >> /etc/elasticsearch/elasticsearch.yml

Add setup.ilm.overwrite

echo 'setup.ilm.overwrite: true' >> /etc/elasticsearch/elasticsearch.yml

Add JVM heap

echo '-Xms512m' >> /etc/elasticsearch/jvm.options

echo '-Xmx512m' >> /etc/elasticsearch/jvm.options

Reload and Start Elasticsearch

Start Elasticsearch at system startup:
systemctl daemon-reload
systemctl start elasticsearch
systemctl restart elasticsearch

Elasticsearch Status

systemctl status elasticsearch

Output:

Logstash

Install Logstash

sudo apt install logstash -y
Start Logstash at system startup:
systemctl daemon-reload
systemctl enable logstash
systemctl start logstash

Logstash Status

systemctl status logstash


Output:


Kibana

Install Kibana

sudo apt install kibana -y

systemctl stop kibana

systemctl enable kibana

Configure Kibana

Add Server.port

echo -e "server.port: 5601" >> /etc/kibana/kibana.yml

Add Server.host

echo -e "server.host: $HOSTNAME" >> /etc/kibana/kibana.yml

Add Elasticsearch.hosts

echo -e 'elasticsearch.hosts: ["http://localhost:9200"]' >> /etc/kibana/kibana.yml

Reload and Start Kibana

systemctl daemon-reload

systemctl start kibana

Kibana Status

Start Kibana at system startup:
systemctl status kibana

Output:

Access Kibana

http://<IP Address>:5601

Previous

Elasticsearch: Shard List

 Next

Elastic Security: Bulk Detection Rule Modification via Detection API - JIRA Connector

You might also like...