Getting Started with the ELK Stack

Posted on by Chris

In this post I’ll demonstrate how to get the ELK Stack up and running.

Installing the ELK Stack

First we will install Elasticsearch, then Logstash, and then finally Kibana. Most of the instructions are the same if you follow the official documentation (links provided below). If you follow my instructions, you’ll get the parts that differ. As a note, a lot of the similarities are making sure you down the the PGP key and APT repo. Once those are down the different is which package you install. Reference the official documentation if you run into issues. The following also worked on my first attempt.

Installing Elasticsearch

I’m installing the ELK Stack on my laptop, which is running Linux/Ubuntu 20.04. While on the main page, I followed one of the many links (here). I arrived at the following page displayed below (also linked and clickable). Since they didnt display a Linux option for Elasticsearch, I clicked the “or install with a package manager ….”. I went to the section for deb. If you have another installation configuration , you should do the same and look through the available installs.

I went the to documentation and just followed the instructions. I explored both routes to install the tar.gz file and through APT. I’ll use the APT instructions below.

Import the Elasticsearch PGP Key

First, you need to get the PGP key that Elastic uses to sign their packages. To download the public signing key enter the following in the terminal:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Install the Program

If you have not installed apt-transport-https before, install with the following:

sudo apt-get install apt-transport-https

Next, save the repository definition to /etc/apt/sources.list.d/elastic-7.x.list.

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

You’re ready to download and install Elasticsearch now.

sudo apt update && sudo apt install elasticsearch

Running Elasticsearch with systemd

Now that we have Elasticsearch installed (via APT), we can configure it to start automatically when the system boots up. Run the following commands:

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
sudo systemctl enable --now elasticsearch.service

Elasticsearch can be started and stopped using the following commands:

sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service

The system does not provide feedback when these commands are run. You can do a quick check by running the following command. 

curl -X GET http://localhost:9200/

If done correctly, you should see something similar on your machine.

Installing Logstash

If you followed the above sections already you can just go straight to installing Logstah from APT. Install documentation link here.

sudo apt update && sudo apt install logstash

Running Logstash with systemd

Now that we have Logstash installed (via APT), it can be started and stopped using the following commands:

sudo systemctl start logstash.service
sudo systemctl stop logstash.service

Here is a link to information on other configurations for running Logstash. Its a little different from Elasticsearch and Kibana.

Installing Kibana

If you followed the above sections already you can just go straight to installing Kibana from APT

sudo apt update && sudo apt install kibana

Running Kibana with systemd

Now that we have Kibana installed (via APT), we can configure it to start automatically when the system boots up. Run the following commands:

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
sudo systemctl enable --now kibana.service

Kibana can be started and stopped using the following commands:

sudo systemctl start kibana.service
sudo systemctl stop kibana.service

The system does not provide feedback when these commands are run. If your elasticsearch.service and kibana.service are both started and running, you can access you instance here: localhost:5601

Now I’m ready to start adding data. I’ll save that for the next post.

Official Documentation

For more details, instructions and information about installing the ELK Stack please reference the following:

  • https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html
  • https://www.elastic.co/guide/en/kibana/current/deb.html
  • https://www.elastic.co/guide/en/logstash/7.10/getting-started-with-logstash.html

Supported Programming Languages

The following are a list of currently support languages for interacting with the ELK Stack:

  • Java
  • JavaScript (Node.js)
  • Go
  • .NET (C#)
  • PHP
  • Perl
  • Python
  • Ruby

GitHub Link

You can find a couple of simple shell scripts to simplify starting and stopping the ELK stack services.

https://github.com/problemxsolutions/project_crime/tree/main/scripts_shell

RSS
Follow by Email
LinkedIn
Share
Twitter
Pinterest
fb-share-icon
Facebook