How to Install Elastic Stack on CentOS 7

In this article, We are going to perform, How to Install Elastic Stack on CentOS 7 or any Cloud Instance like Amazon EC2, Azure VM, Google Compute Engine,etc with preinstalled CentOS 7.

Now ELK Stack renamed as Elastic Stack with the addition of FileBeats.

Introduction

ELK is the combination of  three open source projects: Elasticsearch, Logstash, Kibana and Filebeat. Elasticsearch is a search and analytics engine. Logstash is a server‑side logs processing pipeline that transport logs from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch. Kibana is to visualize logs with charts and graphs from Elasticsearch.

WorkFlow  =  ElasticSearch  —> Kibana  —> Logstash —> Filebeat

Prerequisites

  • CentOS 7
  • OpenJDK or Oracle Java
  • 2 CPU and 4 GB RAM
  • Open Ports 9200, 5601, 5044

Install JDK on CentOS 7

Please follow below article to download and install Oracle JAVA 8 on Ubuntu 18.04/16.04 LTS Manually.

How to Download and Install Oracle JAVA 8 on CentOS 7

OR

You can install open JDK on CentOS 7

$  yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel

How to Install Elastic Stack on CentOS 7

Step 1: Add and Configure Elastic Search Repository

First download and install the public signing key of Elasticsearch in CentOS 7

$ sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Next add the ElasticSearch yum repository in /etc/yum.repos.d/ folder  using below command.

$ sudo nano /etc/yum.repos.d/elkstack.repo

paste the below lines into it.

[elasticsearch-7.x]

name=Elasticsearch repository for 7.x packages

baseurl=https://artifacts.elastic.co/packages/7.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

Update system packages

$ sudo yum update

Step 2: Install and Configure ElasticSearch on CentOS 7

Now Install ElasticSearch on CentOS 7 using below command.

$ sudo yum install elasticsearch

Once Installation complete configure elastic search to access locally or remotely.

$ sudo nano /etc/elasticsearch/elasticsearch.yml

uncommnet network.host and make changes as below to access elastic local system.

network.host: localhost

OR

To access ElasticSearch  remotely make change as shown below

network.host: 0.0.0.0

To start elacticsearch services

$ sudo systemctl start elasticsearch

To enable elacticsearch at system startup

$ sudo systemctl enable elasticsearch

To check the status of elasticsearch

$ sudo systemctl status elasticsearch

To stop elasticsearch

$ sudo systemctl stop elasticsearch

Enter below command to check elasticsearch is running or not

$ curl -X GET "localhost:9200"

Step 3: Install and Configure Kibana

Use below command to install Kibana on CentOS 7

$ sudo yum -y install kibana

Now let’s make changes in below configuration file for to access kibana

$ sudo nano /etc/kibana/kibana.yml

uncomment  server.host at line 7 and make changes as mentioned below

server.host: "0.0.0.0"

To start kibana service

$ sudo systemctl start kibana

To enable kibana at system startup

$ sudo systemctl enable kibana

To check the status of kibana service

$ sudo systemctl status kibana

Check if Kibana is running

$ curl http://localhost:5601

To stop kibana service

$ sudo systemctl stop kibana

Add Firewall Rule

If you are using firewall on centos 7, open port 5601 using below command.

$ sudo firewall-cmd --permanent --add-port=5601/tcp

$ sudo firewall-cmd --reload

Step 4: Install and Configure Logstash

Use below command to install logstash on CentOS 7

$ sudo yum install logstash -y

To load logstash beat open the below logstash config file

$ sudo nano /etc/logstash/conf.d/logstash.conf

Insert or update below lines if not exists

input {

  beats {

    port => 5044

  }

}

Next Insert/Update as shown below in Logstash Configuration

$ sudo nano /etc/logstash/conf.d/logstash.conf
output {

  elasticsearch {

    hosts => ["localhost:9200"]

    manage_template => false

    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"

  }

}

To start logstash services

$ sudo systemctl start logstash

To enable logstash at system startup

 $ sudo systemctl enable logstash

To stop logstash services

$ sudo systemctl stop logstash

To check status of logstash

$ sudo systemctl status logstash

Step 5: Install and Configure Filebeat

Use below command to install filebeat on CentOS 7

$ sudo yum install filebeat -y

Now lets make changes in below configuration file

$ sudo vi /etc/filebeat/filebeat.yml

In the configuration file go to Filebeat Section change false to true as shown below :

#=========================== Filebeat inputs =============================
# Change to true to enable this input configuration.
  enabled: true                            #  (change false to true)

In the configuration file go to Kibana Section as shown below:

#============================== Kibana =====================================
# uncomment the host and change "localhost to IP"
host: "<IP of server>:5601"

In the configuration file got ElasticSearch Section as shown below:

#-------------------------- Elasticsearch output ------------------------------
# uncommnet the hosts section
hosts: ["localhost:9200"]

To start filebeat services:

$ sudo systemctl start filebeat

To enable filebeat at system startup

$ sudo systemctl enable filebeat

To check status of filebeat services

$ sudo systemctl status filebeat

Now lets check that ElasticSearch is receiving datalog from filebeat using below command

$ sudo curl -XGET 'https://localhost:9200/filebeat-*/_search?pretty'

Finally lets login into kibana portal using

 http:/<ip of the server>:5601

kibana dashboard

Finally We have covered How to Install Elastic Stack on CentOS 7.

Conclusion:

In this article, We have performed ,How to Install Elastic Stack on CentOS 7 and any other cloud platform like Azure, EC2, Compute Engine System.

Related Articles:

How to Install ELK Stack on Ubuntu 18.04/16.04 LTS

Reference:

https://www.elastic.co/guide

Sivasai Sagar

I am working as DevOps Engineer and having 5 years of Experience. Likes to share knowledge.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link