¶ Preface
This describes the installation of the Elastic Stack on Ubuntu 16.04 with AdoptOpenJDK 8. Some of the configuration items are 'personal' defaults. You can do it the way you want. For instance the bind-addresses of Kibana and Elasticsearch. I bind them to an internal tunnel address so it's only reachable from internal endpoints. As for Kibana to access it from outside I use a Apache2 reverse proxy in front.
¶ Installation AdoptOpenJDK
I use AdoptOpenJDK because Oracle isn't providing free updates to Java 8 anymore.
As an alternative you can also use the repo from Azul Systems (Zulu) which has more up to date versions and more complete support of OS'es. Check here how to install.
We'll use a ppa to install Java.
I could be that adding the ppa command gives the error => "add-apt-repository: command not found"
Then perform the command below.
sudo apt-get install software-properties-common apt-transport-https
¶ Install AdoptOpenJDK
sudo add-apt-repository ppa:rpardini/adoptopenjdk
sudo apt-get update
sudo apt-get install adoptopenjdk-8-installer
Verify if Java can be found
which java
java -version
¶ Install Elastic Stack
The elastic stack can be installed via the repository from Elastic itself. This way you always have the most recent version.
¶ Preparation
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
Install and trust the public key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Update lists
apt-get update
¶ Install Elasticsearch
sudo apt-get install elasticsearch
¶ Basic Config
There is a small minimum that needs to be configured for elasticsearch to work. I usually adjust the following settings.
Minimum master nodes is set to 1. Only change this when you have 3 or more nodes. Yes split brain could occur but otherwise it's of no use when you have 2 nodes. (Because the cluster won't start)
Be careful with the network.host option. If not filled in it defaults to 127.0.0.1 so it is only accessible from the same host. If you enter a public IP please make sure you firewall the opened ports so no unauthorized access is allowed and even better enable the security xpack!
/etc/elasticsearch/elasticsearch.yml
cluster.name: yourcluster
node.name: es1
network.host: [yourmachinebind address]
http.port: 9200
discovery.zen.ping.unicast.hosts:
- host1:9300
- host2:9300
discovery.zen.minimum_master_nodes: 1
Optional allocate more memory for Java.
/etc/elasticsearch/jvm.options
-Xms4g
-Xmx4g
Enable service to start on boot and start service.
systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch
¶ Installation Logstash
sudo apt-get install logstash
Configuration of Logstash is based on what you need. This therefore differs for each input.
Enable service to start on boot and start service.
systemctl daemon-reload
systemctl enable logstash
systemctl start logstash
¶ Installation Kibana
apt-get install kibana
¶ Basic Config
There is a small minimum that needs to be configured for Kibana to work. I usually adjust the following settings.
/etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
server.name: "InstanceName"
elasticsearch.hosts: ["http://localhost:9200"]
¶ Enable service to start on boot and start service.
systemctl daemon-reload
systemctl enable kibana
systemctl start kibana