Install ELK Stack on CentOS 7 / Fedora 36/35/34/33

  • Elasticsearch: This is an open source, distributed, RESTful, JSON-based search engine. It is scalable, easy to use, and flexible
  • Logstash : This is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch.
  • Kibana lets users visualize data with charts and graphs in Elasticsearch.

Step 1: Install Java / OpenJDK

sudo yum -y install java-openjdk-devel java-openjdk
$ java -version

openjdk version "1.8.0_332"

OpenJDK Runtime Environment (build 1.8.0_332-b09)

OpenJDK 64-Bit Server VM (build 25.332-b09, mixed mode)

Step 2: Add ELK repository

cat <[elasticsearch-8.x]

name=Elasticsearch repository for 8.x packages

baseurl=https://artifacts.elastic.co/packages/8.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

EOF
cat <[elasticsearch-7.x]

name=Elasticsearch repository for 7.x packages

baseurl=https://artifacts.elastic.co/packages/7.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

EOF
cat <[elasticsearch-6.x]

name=Elasticsearch repository for 6.x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

EOF
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo yum clean all

sudo yum makecache

Step 3: Install and Configure Elasticsearch

sudo yum -y install vim elasticsearch
$ rpm -qi elasticsearch

Name : elasticsearch

Epoch : 0

Version : 8.2.0

Release : 1

Architecture: x86_64

Install Date: Thu May 19 20:56:11 2022

Group : Application/Internet

Size : 1115332284

License : Elastic License

Signature : RSA/SHA512, Wed Apr 20 12:55:44 2022, Key ID d27d666cd88e42b4

Source RPM : elasticsearch-8.2.0-1-src.rpm

Build Date : Wed Apr 20 10:42:41 2022

Build Host : packer-virtualbox-iso-1646848364

Relocations : /usr

Packager : Elasticsearch

Vendor : Elasticsearch

URL : https://www.elastic.co/

....
--------------------------- Security autoconfiguration information ------------------------------



Authentication and authorization are enabled.

TLS for the transport and HTTP layers is enabled and configured.



The generated password for the elastic built-in superuser is : tzV1Ju5fqnEy3B5+zc5G



If this node should join an existing cluster, you can reconfigure this with

'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token '

after creating an enrollment token on your existing cluster.



You can complete the following actions at any time:



Reset the password of the elastic built-in superuser with

'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.



Generate an enrollment token for Kibana instances with

'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.



Generate an enrollment token for Elasticsearch nodes with

'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.



-------------------------------------------------------------------------------------------------
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i
sudo vi /etc/elasticsearch/jvm.options
-Xms1g

-Xmx1g
-Xms256m

-Xmx512m
$ sudo systemctl enable --now elasticsearch.service 

Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
$ sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

Enter host password for user 'elastic':



"name" : "cent7.novalocal",

"cluster_name" : "elasticsearch",

"cluster_uuid" : "5GFmuAkwQ4Sxrrrg4G-b6A",

"version" :

"number" : "8.2.0",

"build_flavor" : "default",

"build_type" : "rpm",

"build_hash" : "b174af62e8dd9f4ac4d25875e9381ffe2b9282c5",

"build_date" : "2022-04-20T10:35:10.180408517Z",

"build_snapshot" : false,

"lucene_version" : "9.1.0",

"minimum_wire_compatibility_version" : "7.17.0",

"minimum_index_compatibility_version" : "7.0.0"

,

"tagline" : "You Know, for Search"
$ curl http://127.0.0.1:9200 



"name" : "bBzN5Kg",

"cluster_name" : "elasticsearch",

"cluster_uuid" : "LKyqXXSvRvCpX9QAwKlP2Q",

"version" :

"number" : "6.5.4",

"build_flavor" : "default",

"build_type" : "rpm",

"build_hash" : "d2ef93d",

"build_date" : "2018-12-17T21:17:40.758843Z",

"build_snapshot" : false,

"lucene_version" : "7.5.0",

"minimum_wire_compatibility_version" : "5.6.0",

"minimum_index_compatibility_version" : "5.0.0"

,

"tagline" : "You Know, for Search"
$ curl -X PUT "http://127.0.0.1:9200/mytest_index"

"acknowledged":true,"shards_acknowledged":true,"index":"mytest_index"

Step 4: Install and Configure Kibana

sudo yum -y install kibana
$ sudo vim /etc/kibana/kibana.yml

server.host: "0.0.0.0"

server.name: "kibana.example.com"
elasticsearch.hosts: ["http://localhost:9200"]
sudo systemctl enable --now kibana
elasticsearch-kibana-centos7-min-1024x372
sudo firewall-cmd --add-port=5601/tcp --permanent

sudo firewall-cmd --reload

Kibana 8 configurations

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
elasticsearch-kibana-01-1024x788
sudo /usr/share/kibana/bin/kibana-verification-code
elasticsearch-kibana-02-1024x613
elasticsearch-kibana-03-1024x664
elasticsearch-kibana-03-1024x664

Step 5: Install and Configure Logstash

sudo yum -y install logstash

Step 6: Install other ELK tools — Bonus

  • Filebeat: Lightweight Shipper for Logs. It helps you keep the simple things simple by offering a lightweight way to forward and centralize logs and files
  • Metricbeat: Collect metrics from your systems and services. From CPU to memory, Redis to NGINX, and much more, Metricbeat is a lightweight way to send system and service statistics.
  • Packetbeat: Lightweight Shipper for Network Data
  • Heartbeat: Lightweight Shipper for Uptime Monitoring. It helps you monitor services for their availability with active probing
  • Auditbeat: Lightweight shipper that helps you audit the activities of users and processes on your systems
sudo yum install filebeat auditbeat metricbeat packetbeat heartbeat-elastic

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ComputingPost

ComputingPost

ComputingPost — Linux Howtos, Tutorials, Guides, News, Tips and Tricks.