A sample all-in-one ELK stack repo with instructions for running in a single machine. Find out how to properly configure and install everything you need to have the ELK stack running in your environment.
The ELK stack for this reference architecture is comprised of the following components:
- Elasticsearch
- Logstash
- Kibana
- Filebeat
These installation instructions follows the documentation for Debian based systems. Refer to the documentation on installation for other systems.
-
Setup keys and dependencies with the APT package manager:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpgEnsure that the
apt-transport-httpspackage is installed on the system:sudo apt-get install apt-transport-https
Save the repository definition to
/etc/apt/sources.list.d/elastic-8.x.list:echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
-
Install the Elasticsearch Debian package:
sudo apt-get update && sudo apt-get install elasticsearchThis will generate a token that you need to save:
The generated password for the elastic built-in superuser is : NNNNNNNNNNNNN -
Install Kibana:
sudo apt-get install kibana
-
Install Logstash:
sudo apt-get install logstash
-
Install Filebeat:
sudo apt-get install filebeat
-
Enable and start all the services:
sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable elasticsearch.service sudo systemctl enable filebeat sudo systemctl start logstash.service sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service
Include the Elasticsearch service:
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service