ELK Stack Centos 7

The instructions describe how to install ELK Stack on a virtual server running 7. (The ELK stack is an acronym used to describe a stack that comprises of three popular projects: Elasticsearch, Logstash, and Kibana.)

What is ELK Stack?

“ELK” is short for three open resource jobs: Elasticsearch, Logstash, and also Kibana. Elasticsearch is a search and also analytics engine. Logstash is a server-side data processing pipeline that obtains information from several sources at the same time, transforms , and afterwards sends it to a “stock” like Elasticsearch. Kibana enables users to picture data utilizing charts and also graphs in Elasticsearch.

Initial requirements

The minimum system requirements for normal operation of ELK are 4Gb RAM and 2 CPUs

installation

Deploying an Elastic stack requires Java to be installed. Run the following command:
yum -y install java-1.8.0

You can check the installed version with the command:
java -version

Installing and configuring Elasticsearch

Use the rpm command to download the Elasticsearch key:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Add repository:

sudo vi /etc/yum.repos.d/elasticsearch.repo

Paste the following content into it and save the file:

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Start the installation process:

sudo yum install elasticsearch

Next, you need to edit the configuration file, first you need to open it with the vi text editor:

vi /etc/elasticsearch/elasticsearch.yml

Uncomment the following line in the file:

bootstrap.memory_lock: true

Uncomment and set values ​​for the following parameters:

network.host: localhost
http.port: 9200

Save your changes and close the text editor.

The next step is to edit the sysconfig configuration file for Elasticsearch:

vi /etc/sysconfig/elasticsearch

Uncomment the MAX_LOCKED_MEMORY setting and make sure it’s set to unlimited:

MAX_LOCKED_MEMORY=unlimited

Before starting the service, first reboot the systems and allow Elasticsearch to start at boot time:

systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch

Installing and configuring Kibana

Use wget to download Kibana 6.2.4 and then install it with the rpm command:

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.4-x86_64.rpm
rpm -ivh kibana-6.2.4-x86_64.rpm

Next, you need to edit the Kibana configuration file:

vi /etc/kibana/kibana.yml

Uncomment the following lines and set the values:

server.port: 5601
server.host: "[IP-адрес вашего сервера]"
elasticsearch.url: "http://localhost:9200"

:

server.port: 5601
server.host: "123.234.123.234"
elasticsearch.url: "http://localhost:9200"

Start the Kibana service and set it to start automatically on boot:

systemctl enable kibana
systemctl start kibana

Open port 5601 to connect to the Kibana web interface:

sudo -cmd --add-port=5601/tcp --permanent
sudo firewall-cmd --reload

setup

The NGINX web server must be installed on your virtual server, how to do this is written in our instructions .

Install additional tools for working with the web server:

yum install httpd-tools

Next, you need to create a new virtual host configuration file in the conf.d directory:

vi /etc/nginx/conf.d/[Домен или IP-адрес].conf

For example:

vi /etc/nginx/conf.d/123.234.123.234.conf

And insert the following data:

server {
listen 80;    server_name [Домен или IP-адрес];
auth_basic "Restricted ";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Then create a new basic authentication file using the htpassw command. You will need to create a password for the admin user:

sudo htpasswd -c /etc/nginx/htpasswd.kibana admin

Restart the nginx server:

systemctl restart nginx

Installing and configuring Logstash

Download and install Logstash:

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm
rpm -ivh logstash-6.2.4.rpm

Once Logstash is installed, start the service:

systemctl restart logstash
systemctl enable logstash

Connecting to kibana

After completing the settings, connect to Kibana in the browser, to do this, go to the following link:

http://[IP-адрес вашего сервера]:5601

For example:
http://123.234.123.234:5601

 

Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!