Preface

This describes the installation of the Elastic Stack on Ubuntu 16.04 with AdoptOpenJDK 8. Some of the configuration items are 'personal' defaults. You can do it the way you want. For instance the bind-addresses of Kibana and Elasticsearch. I bind them to an internal tunnel address so it's only reachable from internal endpoints. As for Kibana to access it from outside I use a Apache2 reverse proxy in front.

Installation AdoptOpenJDK

I use AdoptOpenJDK because Oracle isn't providing free updates to Java 8 anymore.

As an alternative you can also use the repo from Azul Systems (Zulu) which has more up to date versions and more complete support of OS'es. Check here how to install.

We'll use a ppa to install Java.

I could be that adding the ppa command gives the error => "add-apt-repository: command not found"
Then perform the command below.

sudo apt-get install software-properties-common apt-transport-https
Installatie AdoptOpenJDK
sudo add-apt-repository ppa:rpardini/adoptopenjdk
sudo apt-get update
sudo apt-get install adoptopenjdk-8-installer


Verify if Java can be found

Verify Java Install
which java
java -version

Install Elastic Stack

The elastic stack can be installed via the repository from Elastic itself. This way you always have the most recent version.

Preparation


echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list

Install and trust the public key

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Update lists

apt-get update

Install Elasticsearch

Install elasticsearch
sudo apt-get install elasticsearch

Basic Config

There is a small minimum that needs to be configured for elasticsearch to work. I usually adjust the following settings. 

Minimum master nodes is set to 1. Only change this when you have 3 or more nodes. Yes split brain could occur but otherwise it's of no use when you have 2 nodes. (Because the cluster won't start)


Be careful with the network.host option. If not filled in it defaults to 127.0.0.1 so it is only accessible from the same host. If you enter a public IP please make sure you firewall the opened ports so no unauthorized access is allowed and even better enable the security xpack!


/etc/elasticsearch/elasticsearch.yml
cluster.name: yourcluster
node.name: es1
network.host: [yourmachinebind address]
http.port: 9200
discovery.zen.ping.unicast.hosts:
- host1:9300
- host2:9300
discovery.zen.minimum_master_nodes: 1

Optional allocate more memory for Java.

/etc/elasticsearch/jvm.options
-Xms4g
-Xmx4g

Enable service to start on boot and start service.

systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch

Installation Logstash

sudo apt-get install logstash

Configuration of Logstash is based on what you need. This therefore differs for each input.

Enable service to start on boot and start service.

systemctl daemon-reload
systemctl enable logstash
systemctl start logstash

Installation Kibana

apt-get install kibana

Basic Config

There is a small minimum that needs to be configured for Kibana to work. I usually adjust the following settings.

/etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
server.name: "InstanceName"
elasticsearch.hosts: ["http://localhost:9200"]

Enable service to start on boot and start service.

systemctl daemon-reload
systemctl enable kibana
systemctl start kibana