Guide to Installing Elasticsearch, Logstash, and Kibana on Amazon Linux 2023

Guide to Installing Elasticsearch, Logstash, and Kibana on Amazon Linux 2023

·

4 min read

Are you looking to harness the power of Elasticsearch, Logstash, and Kibana for effective log management and data analysis?
This step-by-step guide will walk you through the process of installing and configuring this powerful trio on Amazon Linux 2023. Elasticsearch enables lightning-fast searches and data storage, Logstash efficiently processes logs, and Kibana delivers stunning visualizations. Let's dive right in!

Prerequisites:

  • Amazon linux 2023

  • enable security group "all traffic"

  • 2 CPU and 4gb RAM (t3.medium or t2.large)

    Step 1: Installing Elasticsearch

  • Install Java 11:

      sudo yum install java-11 -y
    

Configure the Elasticsearch repository:

https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html

Create a repo for Elasticsearch using vi/etc/yum.repos.d/elasticsearch.repo

   vi/etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

To verify :

cat /etc/yum.repos.d/elasticsearch.repo
  1. Import the GPG key:

     sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
    

  2. Update and refresh the repository:

     sudo yum clean all
     sudo yum makecache
    

  3. Install Elasticsearch on Amazon Linux 2023.

     sudo yum -y install elasticsearch
    

  4. Verify that Elasticearch has been installed successfully:

     rpm -qi elasticsearch
    

  5. Start and enable the Elasticsearch service:

     systemctl start elasticsearch.service
     systemctl enable elasticsearch.service
    
  6. Configure Elasticsearch on Amazon Linux 2023

    After the installation, you may need to configure Elasticsearch. Edit the file /etc/elasticsearch/elasticsearch.yml

    Update the network.host to 0.0.0.0 and http.port to 9200 and modify discovery.seed hosts:[].To disable security features, set xpack.security.enabled: false.

     vi /etc/elasticsearch/elasticsearch.yml
    

  7. Restart Elasticsearch:

     systemctl restart elasticsearch.service
    

    Verify service status

  8. Testing Elasticsearch:

    Lets test Elasticsearch using curl command by sending HTTP request

     curl -X GET "localhost:9200"
    

  9. To check browser <Instance publicip>:9200

    Step 2: Installing Logstash

    After a successful installation and configuration of Elasticsearch on Amazon Linux 2023, we now proceed to the next element, which is Logstash.

    1. Install Logstash:

       sudo yum install logstash -y
      

    2. Edit the Logstash configuration file to add the input and output parameters.

       vi /etc/logstash/conf.d/logstash.conf
      

      paste:

       input {
      
         beats {
      
           port => 5044
      
         }
      
       }
       output {
      
         elasticsearch {
      
           hosts => ["localhost:9200"]
      
           manage_template => false
      
           index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
      
         }
      
       }
      
    3. Start and enable the Logstash service:

       systemctl start logstash.service
       systemctl enable logstash.service
       systemctl status logstash.service
      

Step 3: Installing and Configuring Kibana

Kibana exists in the ELK repo that we had configured earlier, we shall therefore proceed to install the package directly.

  1. Install Kibana

     sudo yum -y install kibana
    
  2. Start and enable the Kibana service:

     systemctl start kibana.service
     systemctl enable kibana.service
     systemctl status kibana.service
    

  3. Configure Kibana by modifying /etc/kibana/kibana.yml. Update uncommentserver.host to "0.0.0.0" and elasticsearch.hosts to ["http://localhost:9200"].

     vi /etc/kibana/kibana.yml
    

  4. Restart Kibana:

     systemctl restart kibana.service
    
  5. Access the Kibana dashboard by <server-ip>:5601

You can now start adding your data and shipping logs using beats such as Filebeat, Metricbeat, etc.

Step 4: Installing and Configuring Filebeat

  1. Install Filebeat:

     sudo yum install filebeat -y
    
  2. Start and enable the Filebeat service:

     systemctl start filebeat.service
     systemctl enable filebeat.service
    
  3. Configure Filebeat

    filebeat, by default, send data to Elasticsearch. Filebeat can be also configured to send event data to Logstash

    #output.elastic search:

    An array of hosts to connect to.

    #hosts: ["localhost:9200"]

    ------------------------------ Logstash Output -------------------------------

    output.logstash:

    The Logstash hosts

    hosts: ["localhost:5044"]

    open configuration file follow below command:

     vi /etc/filebeat/filebeat.yml
    

  4. Restart Filebeat:

     systemctl restart filebeat.service
    

    Enable modules for Filebeat. This enables the applications that will ship their logs to Elasticsearch. To check the available modules, run the command below:

     sudo filebeat modules list
    
  5. Enable a module, such as the Nginx module:

     sudo filebeat modules enable system
    

  6. Restart Filebeat:

     systemctl restart filebeat.service
    
  7. load the index template:

    note: change the instance IP Address in the template <instance IP:9200>

     filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["<instance ip>:9200"]'
    

  8. Start and enable the Filebeat service:

     systemctl start filebeat.service
     systemctl enable filebeat.service
    
  9. Verify Elasticsearch reception of data:

     curl -XGET http://<instance-ip>:9200/_cat/indices?v
    

  10. To Access browser

    <instance-ip>:9200/_cat/indices?v
    

You're all set! With Elasticsearch, Logstash, and Kibana up and running, you have a powerful platform for managing, analyzing, and visualizing your data. Customize the setup according to your needs, create stunning visualizations, and dive into the world of actionable insights.

Remember, this guide provides a basic setup. For production environments, consider security, scaling, and optimization. Happy analyzing!