ELK Exposed: Delving into Elasticsearch, Logstash, and Kibana Installation on Ubuntu

What is ELK Stack???

Elasticsearch: A distributed search and analytics engine for storing and searching data in real-time.

Logstash: A data pipeline tool that collects, filters, and transforms data from various sources before sending it to Elasticsearch.

Kibana: A data visualization tool that allows users to create dashboards, visualizations, and reports based on data stored in Elasticsearch.

Installation and Configuration of ELK Stack on Ubuntu:

Step 1 : Install Java

• Elasticsearch and Logstash require Java to run. Install OpenJDK using the following command:

sudo apt-get install default-jdk

Step : 2 Install Elasticsearch

• Import the Elasticsearch public GPG key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

• Add the Elasticsearch repository:

sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

• Update the package index and install Elasticsearch:

sudo apt-get update && sudo apt-get install elasticsearch

• Configure elasticserach.yml

nano /etc/elasticsearch/elasticsearch.yml

• Uncomment and set network.host to your server's IP.
• Uncomment http.port.
• Add the line: discovery.type=single-node.
• Check Elasticsearch status:

check then curl -X GET "your_ip:200"

Step 3: Install Logstash

• Update the package index and install Logstash:

sudo apt-get update && sudo apt-get install logstash

Step 4:Install Kibana

• Update the package index and install Kibana:

sudo apt-get update && sudo apt-get install kibana

• Configure Kibana:

sudo nano /etc/kibana/kibana.yml

• Uncomment server.port and set server.host to your server's IP.
• Add elasticsearch.host: ["Your_IP:9200"]

Step 5: Start and Enable Services

• Start Elasticsearch:

sudo systemctl start elasticsearch

• Start Logstash:

sudo systemctl start logstash

• Start Kibana:

sudo systemctl start kibana

• Enable services to start on boot:

sudo systemctl enable elasticsearch logstash kibana

Step 6: Access Kibana

• Open a web browser and navigate to http://Your_IP:5601 to access the Kibana dashboard.

Happy Monitoring!!!