In this article, We are going to perform, How to Install Elastic Stack on CentOS 7 or any Cloud Instance like Amazon EC2, Azure VM, Google Compute Engine,etc with preinstalled CentOS 7.
Now ELK Stack renamed as Elastic Stack with the addition of FileBeats.
Table of Contents
Introduction
ELK is the combination of three open source projects: Elasticsearch, Logstash, Kibana and Filebeat. Elasticsearch is a search and analytics engine. Logstash is a server‑side logs processing pipeline that transport logs from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch. Kibana is to visualize logs with charts and graphs from Elasticsearch.
WorkFlow = ElasticSearch —> Kibana —> Logstash —> Filebeat
Prerequisites
- CentOS 7
- OpenJDK or Oracle Java
- 2 CPU and 4 GB RAM
- Open Ports 9200, 5601, 5044
Install JDK on CentOS 7
Please follow below article to download and install Oracle JAVA 8 on Ubuntu 18.04/16.04 LTS Manually.
How to Download and Install Oracle JAVA 8 on CentOS 7
OR
You can install open JDK on CentOS 7
$ yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel
How to Install Elastic Stack on CentOS 7
Step 1: Add and Configure Elastic Search Repository
First download and install the public signing key of Elasticsearch in CentOS 7
$ sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
Next add the ElasticSearch yum repository in /etc/yum.repos.d/ folder using below command.
$ sudo nano /etc/yum.repos.d/elkstack.repo
paste the below lines into it.
[elasticsearch-7.x] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Update system packages
$ sudo yum update
Step 2: Install and Configure ElasticSearch on CentOS 7
Now Install ElasticSearch on CentOS 7 using below command.
$ sudo yum install elasticsearch
Once Installation complete configure elastic search to access locally or remotely.
$ sudo nano /etc/elasticsearch/elasticsearch.yml
uncommnet network.host and make changes as below to access elastic local system.
network.host: localhost
OR
To access ElasticSearch remotely make change as shown below
network.host: 0.0.0.0
To start elacticsearch services
$ sudo systemctl start elasticsearch
To enable elacticsearch at system startup
$ sudo systemctl enable elasticsearch
To check the status of elasticsearch
$ sudo systemctl status elasticsearch
To stop elasticsearch
$ sudo systemctl stop elasticsearch
Enter below command to check elasticsearch is running or not
$ curl -X GET "localhost:9200"
Step 3: Install and Configure Kibana
Use below command to install Kibana on CentOS 7
$ sudo yum -y install kibana
Now let’s make changes in below configuration file for to access kibana
$ sudo nano /etc/kibana/kibana.yml
uncomment server.host at line 7 and make changes as mentioned below
server.host: "0.0.0.0"
To start kibana service
$ sudo systemctl start kibana
To enable kibana at system startup
$ sudo systemctl enable kibana
To check the status of kibana service
$ sudo systemctl status kibana
Check if Kibana is running
$ curl http://localhost:5601
To stop kibana service
$ sudo systemctl stop kibana
Add Firewall Rule
If you are using firewall on centos 7, open port 5601 using below command.
$ sudo firewall-cmd --permanent --add-port=5601/tcp $ sudo firewall-cmd --reload
Step 4: Install and Configure Logstash
Use below command to install logstash on CentOS 7
$ sudo yum install logstash -y
To load logstash beat open the below logstash config file
$ sudo nano /etc/logstash/conf.d/logstash.conf
Insert or update below lines if not exists
input { beats { port => 5044 } }
Next Insert/Update as shown below in Logstash Configuration
$ sudo nano /etc/logstash/conf.d/logstash.conf
output { elasticsearch { hosts => ["localhost:9200"] manage_template => false index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" } }
To start logstash services
$ sudo systemctl start logstash
To enable logstash at system startup
$ sudo systemctl enable logstash
To stop logstash services
$ sudo systemctl stop logstash
To check status of logstash
$ sudo systemctl status logstash
Step 5: Install and Configure Filebeat
Use below command to install filebeat on CentOS 7
$ sudo yum install filebeat -y
Now lets make changes in below configuration file
$ sudo vi /etc/filebeat/filebeat.yml
In the configuration file go to Filebeat Section change false to true as shown below :
#=========================== Filebeat inputs ============================= # Change to true to enable this input configuration. enabled: true # (change false to true)
In the configuration file go to Kibana Section as shown below:
#============================== Kibana ===================================== # uncomment the host and change "localhost to IP" host: "<IP of server>:5601"
In the configuration file got ElasticSearch Section as shown below:
#-------------------------- Elasticsearch output ------------------------------ # uncommnet the hosts section hosts: ["localhost:9200"]
To start filebeat services:
$ sudo systemctl start filebeat
To enable filebeat at system startup
$ sudo systemctl enable filebeat
To check status of filebeat services
$ sudo systemctl status filebeat
Now lets check that ElasticSearch is receiving datalog from filebeat using below command
$ sudo curl -XGET 'https://localhost:9200/filebeat-*/_search?pretty'
Finally lets login into kibana portal using
http:/<ip of the server>:5601
Finally We have covered How to Install Elastic Stack on CentOS 7.
Conclusion:
In this article, We have performed ,How to Install Elastic Stack on CentOS 7 and any other cloud platform like Azure, EC2, Compute Engine System.
How to Install ELK Stack on Ubuntu 18.04/16.04 LTS