The ELK Stack is a collection of three open-source products — Elasticsearch, Logstash, and Kibana — all developed, managed and maintained by Elastic.
 
Elasticsearch – Elasticsearch is a NoSQL database that is based on the Lucene search engine. Use for Indexing and storage. Elasticsearch is a distributed, RESTful search and analytics engine, it centrally stores your data.
 
Logstash – Logstash is a log pipeline tool that accepts inputs from various sources, executes different transformations, and exports the data to various targets.Use for Data Aggregation and Processing.
 
Kibana – Kibana is a visualization layer that works on top of Elasticsearch.
It is a browser-based user interface (UI) used to search, analyze and visualise the data stored in elasticsearch indices.
 

Here are the steps to install ELK on Ubuntu LTS 18.04

 

Step 1: Install Ubuntu 18.04 LTS (you can create a VM using VirtualBox)

 

Step 2: Install Java

 

• The first thing to do is check what Java version you are running. 

java -version
 

• To install Java 8, update your system:

sudo apt-get update
 

• Install java with:

sudo apt-get install default-jre
 

• Checking your Java version now should give you the following output or similar:

openjdk version “1.8.0_151”

OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12)

OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)
 

Step 3: Installing Elasticsearch

 

• Add elasticsearch to apt trusted keys:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
 
For Debian, you need to then install the apt-transport-https package:
sudo apt-get install apt-transport-https
 

• The next step is to add the repository definition to your system:

echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
 

• Update your repositories and install Elasticsearch:

sudo apt-get update

sudo apt-get install elasticsearch
 

• To run Elasticsearch, use:

sudo service elasticsearch start
 
To confirm that everything is working as expected, point curl or your browser to http://localhost:9200, and you should see something like the following output:
 
{

“name” : “ji0rjvq”,

“cluster_name” : “elasticsearch”,

“cluster_uuid” : “pzqZdF6gQL2VbYANwQs6bQ”,

“version” : {

“number” : “6.3.0”,

“build_hash” : “424e937”,

“build_date” : “2018-07-11T23:38:03.357887ZZ”,

“build_snapshot” : false,

“lucene_version” : “7.3.1”,

“minimum_wire_compatibility_version” : “5.6.0”,

“minimum_index_compatibility_version” : “5.0.0”

},

“tagline” : “You Know, for Search”

}

 

Step:4  Installing Logstash

 

• To install Logstash, run:

sudo apt-get install logstash
 

Step:5  Installing Kibana

 

• To install Kibana, run:

sudo apt-get install kibana
 

• Open up the Kibana configuration file at: /etc/kibana/kibana.yml, and make sure you have the following configurations defined:

server.port: 5601
elasticsearch.url: “http://localhost:9200“

 
• These specific configurations tell Kibana which Elasticsearch to connect to and which port to use.

sudo service kibana start
 
Open up Kibana in your browser with: http://localhost:5601. You will be presented with the Kibana home page.
 

Troubleshooting:

 
While installing Logstash it may give following errors-

• “unrecognised VM option ‘UseParNewGC’ error – could not create JVM” – check the version of java and if you are java 10 and it is giving “” use java 8 instead of 10.
• “Cannot allocate memory” – Follow the following link –  https://discuss.elastic.co/t/solved-logstash-cant-start-up-not-enough-memory/51372 and make changes in logstash jvm.options file.

 

Share and leave comment if you liked it or found it useful!