How To Install ELK Stack on Ubuntu 24.04 LTS
In today’s data-driven world, managing and analyzing logs efficiently is crucial for system administrators and developers. The ELK Stack, comprising Elasticsearch, Logstash, and Kibana, has emerged as a powerful solution for centralized logging and real-time data analysis. This guide will walk you through the process of installing the ELK Stack on Ubuntu 24.04 LTS, providing you with a robust platform for log management and visualization.
The ELK Stack is an open-source suite of tools that work together to provide a comprehensive log management and analysis solution. Elasticsearch serves as the search and analytics engine, Logstash handles data processing and transformation, while Kibana offers a user-friendly interface for data visualization and exploration.
By implementing the ELK Stack, organizations can gain valuable insights from their log data, identify trends, troubleshoot issues more effectively, and make data-driven decisions. Whether you’re managing a small network or overseeing a large-scale infrastructure, the ELK Stack can significantly enhance your ability to monitor and optimize your systems.
Prerequisites
Before diving into the installation process, ensure that your system meets the following requirements:
- Ubuntu 24.04 LTS (Focal Fossa) installed and updated
- A minimum of 4GB RAM (8GB or more recommended for production environments)
- At least 2 CPU cores
- Sufficient disk space (at least 20GB free)
- Root or sudo privileges
- Terminal access
- OpenJDK 11 installed (required for Elastic Stack components)
To install OpenJDK 11, run the following commands:
sudo apt update
sudo apt install openjdk-11-jdkVerify the Java installation by running:
java -versionStep 1: Install Elasticsearch
Elasticsearch is the heart of the ELK Stack, providing powerful search and analytics capabilities. Let’s begin by installing and configuring Elasticsearch on your Ubuntu 24.04 LTS system.
Add Elasticsearch Repository
First, we need to add the Elasticsearch GPG key and repository to our system:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.listInstall Elasticsearch
Now, update the package index and install Elasticsearch:
sudo apt update
sudo apt install elasticsearchConfigure Elasticsearch
Open the Elasticsearch configuration file for editing:
sudo nano /etc/elasticsearch/elasticsearch.ymlModify the following lines to restrict Elasticsearch to localhost and set the cluster name:
network.host: localhost
cluster.name: my-elk-clusterStart and Enable Elasticsearch
Start the Elasticsearch service and enable it to run on boot:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearchVerify Elasticsearch Installation
To ensure Elasticsearch is running correctly, send a test HTTP request:
curl -X GET "localhost:9200"You should receive a JSON response with Elasticsearch version information.
Step 2: Install Logstash
Logstash is responsible for collecting, processing, and forwarding log data to Elasticsearch. Let’s proceed with the Logstash installation.
Install Logstash
Install Logstash using the apt package manager:
sudo apt install logstashConfigure Logstash
Create a basic Logstash configuration file:
sudo nano /etc/logstash/conf.d/logstash.confAdd the following configuration to process system logs and forward them to Elasticsearch:
input {
file {
path => "/var/log/syslog"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
}Start and Enable Logstash
Start the Logstash service and enable it to run on boot:
sudo systemctl start logstash
sudo systemctl enable logstashVerify Logstash Service
Check the status of the Logstash service:
sudo systemctl status logstashEnsure that the service is active and running without errors.
Step 3: Install Kibana
Kibana provides a user-friendly web interface for visualizing and exploring data stored in Elasticsearch. Let’s set up Kibana to complete our ELK Stack installation.
Install Kibana
Install Kibana using the apt package manager:
sudo apt install kibanaConfigure Kibana
Edit the Kibana configuration file:
sudo nano /etc/kibana/kibana.ymlModify the following lines to restrict Kibana to localhost:
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9200"]Start and Enable Kibana
Start the Kibana service and enable it to run on boot:
sudo systemctl start kibana
sudo systemctl enable kibanaSet Up Nginx as a Reverse Proxy
To access Kibana securely from a web browser, we’ll use Nginx as a reverse proxy. First, install Nginx:
sudo apt install nginxCreate a new Nginx server block configuration:
sudo nano /etc/nginx/sites-available/kibanaAdd the following configuration:
server {
listen 80;
server_name your_domain.com;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}Enable the new configuration and restart Nginx:
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginxAccess Kibana Web Interface
Open a web browser and navigate to http://your_domain.com to access the Kibana interface. You should see the Kibana welcome page.
Step 4: Securing the ELK Stack
Security is crucial when deploying the ELK Stack, especially in production environments. Let’s implement some basic security measures to protect our installation.
Configure SSL/TLS for Nginx
To encrypt traffic between clients and Kibana, we’ll use Let’s Encrypt to obtain an SSL/TLS certificate:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d your_domain.comFollow the prompts to complete the certificate installation and Nginx configuration.
Set Up Basic Authentication for Kibana
Create a password file for Kibana access:
sudo apt install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminUpdate the Nginx configuration to include basic authentication:
sudo nano /etc/nginx/sites-available/kibanaAdd the following lines within the location block:
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;Restart Nginx to apply the changes:
sudo systemctl restart nginxConfigure Firewall
If you’re using UFW (Uncomplicated Firewall), allow necessary traffic:
sudo ufw allow 'Nginx Full'
sudo ufw enableStep 5: Loading and Visualizing Data
With the ELK Stack installed and secured, it’s time to start loading data and creating visualizations.
Using Filebeat to Ship Logs
Filebeat is a lightweight log shipper that can send log files to Logstash or Elasticsearch. Install Filebeat:
sudo apt install filebeatConfigure Filebeat to collect system logs:
sudo nano /etc/filebeat/filebeat.ymlEnable the system module and set the output to Elasticsearch:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
output.elasticsearch:
hosts: ["localhost:9200"]Start and enable Filebeat:
sudo systemctl start filebeat
sudo systemctl enable filebeatCreating Visualizations in Kibana
Access Kibana through your web browser and follow these steps to create a basic visualization:
- Click on “Visualize” in the left sidebar
- Choose “Create new visualization”
- Select a visualization type (e.g., “Line”)
- Choose a source index pattern
- Configure the visualization settings (metrics, buckets, etc.)
- Save and add the visualization to a dashboard
Experiment with different visualization types and data sources to gain insights from your log data.
Congratulations! You have successfully installed ELK Stack. Thanks for using this tutorial for installing the ELK Stack on Ubuntu 24.04 LTS LTS system. For additional help or useful information, we recommend you check the official ELK Stack website.
