Set Up ELK Stack (Elasticsearch, Logstash and Kibana) On Windows

In this article, we will learn How to Set Up an ELK Stack (Elasticsearch, Logstash and Kibana) On Windows. Setting up the ELK Stack on Windows allows you to efficiently collect, process, store, and visualize log data in real-time. The ELK Stack, which includes Elasticsearch, Logstash, and Kibana, helps businesses and developers monitor applications, detect issues, and gain insights from data. This guide will walk you through the process of downloading, extracting, and setting up the ELK stack on Windows, including configuring Logstash for log processing and using Kibana for data visualization. By the end, you’ll have a functional ELK stack ready for log analysis.

Prerequisites

• AWS Account with Windows EC2 Instance.
• At least 2 CPU cores and 4 GB of RAM for smooth performance.
• Ensure the instance’s security group allows inbound traffic on ports 9200, 5601, and 5044

Step #1:Download and Extract ELK on Windows

Download the latest Windows ZIP version of Elasticsearch, Logstash and Kibana from the official Elastic website.

You can see the downloaded zip files.

After downloading:

• Right-click each ZIP file → Select Extract All
• Extract them to your desired location.

We are extracting them in the same the directory.

Step #2:Set Up Elasticsearch on Windows

Open Command Prompt as Administrator.

Navigate to the Elasticsearch Bin Directory.

cd C:\path\to\your\elasticsearch-8.17.2\bin

Start Elasticsearch using following command.

elasticsearch.bat

Wait for Elasticsearch to start, it may take a few seconds. It will generate a password for the elastic user and a Kibana enrollment token. Copy and save these credentials, you’ll need them later (only shown on the first run).

Verify Elasticsearch is running by opening a browser and navigating to

http://localhost:9200

Click on Advanced.

Go to Proceed to localhost (unsafe).

Enter username: elastic and Password which we have copied before and then Sign in.

If Elasticsearch is running correctly, you should see a JSON response like shown below.

Step #3:Set Up Logstash on Windows

Open the duplicate tab. First we will create a Logstash Configuration File for that navigate to the Logstash config directory.

cd C:\path\to\your\logstash-8.17.2\config

Open Notepad from the command prompt and create a new file named logstash.conf

notepad logstash.conf

add the following configuration in it.

input {
  stdin {}
}

output {
  elasticsearch {
    hosts => ["https://localhost:9200"]
    index => "demo-log-%{+YYYY.MM.dd}"
    user => "elastic"
    password => "your_elastic_password"
    ssl_certificate_verification => false
  }
  stdout { codec => rubydebug }
}

Save and close the file.

You can verify file creation by going to logstash config directory,

now navigate to bin directory.

cd C:path\to\your\logstash-8.17.2\bin

Run the logstash using following command.

logstash.bat -f C:\path\to\your\logstash.conf

When prompted, you will see The stdin plugin is now waiting for input,

then enter sample log data.

2025-02-24 09:00:00 INFO - User 'devopshint' logged out
2025-02-24 09:20:00 ERROR - Connection failed: Server not responding
2025-02-24 09:35:00 INFO - Request received from IP: 10.0.0.5
2025-02-24 10:00:00 WARNING - Disk space low on /dev/sdb
2025-02-24 10:30:00 ERROR - Database query timeout
2025-02-24 10:50:00 INFO - File uploaded successfully: report.xlsx
2025-02-23 11:10:00 DEBUG - Background task execution started
2025-02-23 12:30:00 WARNING - High memory usage detected
2025-02-23 13:10:00 ERROR - Unhandled exception in application
2025-02-23 14:45:00 INFO - User 'devopshint' accessed the dashboard

Logstash will process input logs and output them in JSON format.

Step #4:Set Up Kibana on Windows

Open the duplicate tab. Navigate to bin directory of kibana.

cd C:\Users\Administrator\Downloads\kibana-8.17.2\bin

Start the kibana using following command.

kibana.bat

After kibana started, copy the link below from the line saying Kibana has not been configured.

Open the link in browser, and paste the Kibana token we have copied during elasticsearch setup. Click on Configure Elastic.

if your token is correct you will see that kibana is setting up as shown below

After setup is complete it will redirect to Elastic login page. Log in using the elastic username and the password generated by Elasticsearch.

Click on explore on my own.

You will see the kibana home page.

Step #5:Visualizing Logs in Kibana

Go to Kibana home page and go to Menu bar from top-left corner and select Stack Management under the management section.

Select Data Views under the Kibana section.

Click on Create data views.

Enter the Name the Index pattern as demo-log-* and click on Save data view to Kibana.

Next to view logs in Kibana, go to Analytics → Discover.

Now you can visualize the logs generated, you may need to adjust the time range like shown below.

Conclusion:

By following this step-by-step guide, you have successfully set up the ELK Stack on Windows, enabling powerful log management and real-time data analysis. With Elasticsearch storing your logs, Logstash processing them, and Kibana providing a user-friendly dashboard, you can now analyze trends, monitor system health, and troubleshoot issues efficiently. As you explore further, you can integrate additional features such as Beats for lightweight data collection and security configurations to enhance your ELK setup. This foundation will help you make data-driven decisions and improve system performance.

Related Articles:

How to Install Elastic Stack on Ubuntu 24.04 LTS

Install Elastic Stack on Amazon Linux 2

Reference:

Elastic Stack official page