In this tutorial, we will show you how to install ELK Stack on CentOS 8. For those of you who didn’t know, ELK stack is a popular, open-source log management platform. It is used as centralized management for storing, analyzing, and viewing logs. Centralized management makes it easier to study the logs & identify issues if any for any number of servers.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you through the step-by-step install ELK Stack (Elasticsearch, Logstash, and Kibana) on CentOS 8 server.
Prerequisites
- A server running one of the following operating systems: CentOS 8.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo user
or access to theroot user
. We recommend acting as anon-root sudo user
, however, as you can harm your system if you’re not careful when acting as the root.
Install ELK Stack on CentOS 8
Step 1. First, let’s start by ensuring your system is up-to-date.
sudo dnf update
Step 2. Installing Java.
Before installing Elasticsearch we must have java installed on your system as Elasticsearch depends on java:
sudo dnf install java-11-openjdk-devel
Verify the Java version:
[root@idroot.us ~]# java -version openjdk version "1.8.0_242" OpenJDK Runtime Environment (build 1.8.0_242-b08) OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)
Step 3. Installing Elasticsearch.
Now, we add the ELK repository to CentOS 8:
cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo [elasticsearch-7.x] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF
After adding the repo, import the GPG key:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
Next, clear and update your YUM package index:
sudo dnf clean all sudo dnf makecache
The Elasticsearch repository is ready for use. You can install Elasticsearch using the command below:
sudo dnf install elasticsearch
Check that installation is completed successfully:
rpm -qi elasticsearch
Once installation is done, Set up the JVM options like memory limits and others according to your own needs. For this edit the following file:
nano /etc/elasticsearch/jvm.options
... ################################################################ # Xms represents the initial size of total heap space # Xmx represents the maximum size of total heap space -Xms512m -Xmx512m ...
Now, start and enable the Elasticsearch services:
systemctl daemon-reload systemctl enable --now elasticsearch
Verify that Elasticsearch is running as expected:
curl -XGET 127.0.0.1:9200
{ "name" : "elastic.idroot.us", "cluster_name" : "elasticsearch", "cluster_uuid" : "iyslmeilanaSVdVGsDNDvlA", "version" : { "number" : "7.5.2", "build_flavor" : "default", "build_type" : "rpm", "build_hash" : "8bec50e1e0ad29bmwe4612cf3bb580cd1afcdf", "build_date" : "2020-02-15T12:11:52.313576Z", "build_snapshot" : false, "lucene_version" : "8.3.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }
Step 4. Installing Kibana.
The next Elastic Stack component to install is Kabana. Since we already created the Elastic Stack repos, you can simply run the command:
sudo dnf install kibana
After a successful installation, configure Kibana:
nano /etc/kibana/kibana.yml
server.host: “0.0.0.0“ server.name: “kibana.idroot.us” elasticsearch.url: “http://localhost:9200“
Start and enable Kibana to run on system boot:
systemctl enable --now kibana
Kibana is now installed and working on our system. To check the web page, open the web browser & go to the URL mentioned below (use the IP address for your ELK host):
http://kibana-server-hostname-OR-IP:5601
Step 5. Installing Logstash.
The last installation is for Logstash which will act as a centralized logs server for your client systems:
sudo dnf install logstash
Logstash custom configurations can be placed under the /etc/logstash/conf.d/
directory. For further information, you can check out the Logstash configuration manual.
Step 6. Installing other ELK tools (optional)
- Filebeat:
It makes things simple by following a lightweight way to forward and centralize logs and files.
- Metricbeat:
Helps you to send and collect metrics from your systems and services, from CPU to memory, Redis to NGINX, and many more. It’s also a lightweight way to access system and services statistics.
- Packetbeat:
Packetbeat provides a lightweight way for Network Data to increase performance.
- Heartbeat:
Monitors the uptime of Services. Helps you to know the availability of services.
- Auditbeat:
Useful for auditing the activities and processes on your system by users. The tools we have discussed so far can be installed with the given command one time or you can install individually by this command:
sudo dnf install filebeat auditbeat metricbeat packetbeat heartbeat-elastic
Congratulations! You have successfully installed ELK. Thanks for using this tutorial for installing ELK Stack (Elasticsearch, Logstash, and Kibana) on CentOS 8 systems. For additional help or useful information, we recommend you check the official ELK Stack website.