How To Install ELK Stack on CentOS 8

Install ELK Stack on CentOS 8

In this tutorial, we will show you how to install ELK Stack on CentOS 8. For those of you who didn’t know, ELK stack is a popular, open-source log management platform. It is used as centralized management for storing, analyzing, and viewing logs. Centralized management makes it easier to study the logs & identify issues if any for any number of servers.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step install ELK Stack (Elasticsearch, Logstash, and Kibana) on CentOS 8 server.

Install ELK Stack on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf update

Step 2. Installing Java.

Before installing Elasticsearch we must have java installed on your system as Elasticsearch depends on java:

sudo dnf install java-11-openjdk-devel

Verify the Java version:

[root@idroot.us ~]# java -version
openjdk version "1.8.0_242"
OpenJDK Runtime Environment (build 1.8.0_242-b08)
OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)

Step 3. Installing Elasticsearch.

Now, we add the ELK repository to CentOS 8:

cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

After adding the repo, import the GPG key:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Next, clear and update your YUM package index:

sudo dnf clean all
sudo dnf makecache

Elasticsearch repository is ready for use. You can install Elasticsearch using the command below:

sudo dnf install elasticsearch

Check that installation completed successfully:

rpm -qi elasticsearch

Once installation is done, Set up the JVM options like memory limits and others according to your own needs. For this edit the following file:

nano  /etc/elasticsearch/jvm.options
...
################################################################

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space-Xms512m
-Xmx512m
...

Now, start and enable the Elasticsearch services:

systemctl daemon-reload
systemctl enable --now elasticsearch

Verify that Elasticsearch is running as expected:

curl -XGET 127.0.0.1:9200
{
  "name" : "elastic.idroot.us",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "iyslmeilanaSVdVGsDNDvlA",
  "version" : {
    "number" : "7.5.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "8bec50e1e0ad29bmwe4612cf3bb580cd1afcdf",
    "build_date" : "2020-02-15T12:11:52.313576Z",
    "build_snapshot" : false,
    "lucene_version" : "8.3.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Step 4. Installing Kibana.

The next Elastic Stack component to install is Kabana. Since we already created the Elastic Stack repos, you can simply run the command:

sudo dnf install kibana

After a successful installation, configure Kibana:

nano /etc/kibana/kibana.yml
server.host: “0.0.0.0“
server.name: “kibana.idroot.us”
elasticsearch.url: “http://localhost:9200“

Start and enable Kibana to run on system boot:

systemctl enable --now kibana

Kibana is now installed and working on our system. To check the web page, open the web browser & go to the URL mentioned below (use the IP address for your ELK host):

http://kibana-server-hostname-OR-IP:5601

Step 5. Installing Logstash.

The last installation is for Logstash which will act as a centralized logs server for your client systems:

sudo dnf install logstash

Logstash custom configurations can be placed under the /etc/logstash/conf.d/ directory. For further information, you can check out Logstash configuration manual.

Step 6. Installing other ELK tools (optional)

  • Filebeat:

It makes things simple by following a lightweight way to forward and centralized logs and files.

  • Metricbeat:

Helps you to send and collect metrics from your systems and services, from CPU to memory,  Redis to NGINX,  and many more.  It’s also a lightweight way to access system and services statistics.

  • Packetbeat:

Packetbeat provides a lightweight way for Network Data to increase performance.

  • Heartbeat:

Monitors the uptime of Services. Helps you to know the availability of services.

  • Auditbeat:

Useful for auditing the activities and processes on your system by users. The tools we have discussed so far can be installed with the given command one time or you can install individually by this command:

sudo dnf install filebeat auditbeat metricbeat packetbeat heartbeat-elastic

Congratulations! You have successfully installed ELK. Thanks for using this tutorial for installing ELK Stack (Elasticsearch, Logstash, and Kibana) on CentOS 8 systems. For additional help or useful information, we recommend you check the official ELK Stack website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!