Skip to content

ELK Installation Quick HowTo (30 minutes on Linux)

Jump to bottom
Benjamin Herson-Macarel edited this page Jan 8, 2021 · 3 revisions

How to install ELK 7.10.1 on RHEL/CENTOS

Informations gathered from ELK website mainly

Build a Linux VM (RHEL or CentOS)

Will be called "elkserver.example.com" in this document
Need TCP/9200 port reachable from AIX client

Add elastic repo

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Import the Elasticsearch PGP Key

Create a file named "elasticsearch.repo" in the "/etc/yum.repos.d/" directory (for RedHat based distributions) containing:

[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

Install Kibana / Elasticsearch / Logstash (not mandatory) / Metrixbeat / Filebeat

sudo yum install --enablerepo=elasticsearch elasticsearch-7.10.1-1
sudo yum install --enablerepo=elasticsearch kibana-7.10.1-1
sudo yum install --enablerepo=elasticsearch logstash-7.10.1-1
sudo curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.10.1-x86_64.rpm
sudo curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.1-x86_64.rpm
sudo rpm -vi metricbeat-7.10.1-x86_64.rpm
sudo rpm -vi filebeat-7.10.1-x86_64.rpm

Modify "/etc/elasticsearch/elasticsearch.yml" to include the following:

network.bind_host: 0.0.0.0
node.master: true
node.data: true
transport.host: localhost
transport.tcp.port: 9300

Modify "/etc/kibana/kibana.yml" to include the following:

server.host: "elkserver.example.com"
elasticsearch.hosts: ["http://elkserver.example.com:9200"]

Modify "/etc/metricbeat/metricbeat.yml" and "/etc/filebeat/filebeat.yml" host value :

From 
  hosts: ["localhost:9200"]
To
  hosts: ["elkserver.example.com":9200"]

Restart services to take new config into account

sudo systemctl restart elasticsearch.service
sudo systemctl restart kibana.service
sudo systemctl restart metricbeat.service
sudo systemctl restart filebeat.service (Will not send any data until configured to do so...)
sudo systemctl stop logstash.service (Stop Logstash if not used)

Upload Index templates to Elastic

sudo metricbeat setup -E 'output.elasticsearch.hosts=["elkserver.example.com:9200"]' --index-management
sudo filebeat setup -E 'output.elasticsearch.hosts=["elkserver.example.com:9200"]' --index-management

Upload Dashboard templates to Kibana

sudo metricbeat setup -E "setup.kibana.host=elkserver.example.com:5601" -E "output.elasticsearch.hosts=["elkserver.example.com:9200"]" --dashboards
sudo filebeat setup -E "setup.kibana.host=elkserver.example.com:5601" -E "output.elasticsearch.hosts=["elkserver.example.com:9200"]" --dashboards
Clone this wiki locally