Read the first item in this Table of Contents if you haven't been here before.
Table of Contents
- The ELKBeats Stack: Sounds Like a Good Idea ...
- The ELKBeats Stack: the Ground Work
- The ELKBeats Stack: L is for Logstash
- The ELKBeats Stack: E is for Elasticsearch
- The ELKBeats Stack: K is for Kibana
- The ELKBeats Stack: Getting E, L, and K to play nice together
- The ELK Stack with Beats: Feeding Logstash with Beats (Insecure - so far)
- The ELK Stack with Beats: Securing the Beats-to-Logstash Connection
This tutorial assumes you're working as root on a current Debian system. sudo doesn't make sense to me when I'm going to be issuing dozens of commands: start a root shell and skip the sudo part. Make sure Apache is installed and working (this could probably also be done with nginx, but I'm using Apache).
When this post gets out of date (which it will do, very quickly), find correct version numbers here: https://www.elastic.co/downloads/ . Also check to see if the content in the links in the Bibliography below have been updated.
Install Java 8
# add this at the end of /etc/apt/sources.list: deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main
With that in place:
# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886 # apt-get update
Yes, this is for Ubuntu, but it works on Debian. The webupd8.org site says to then run
apt-get install oracle-java8-installer. One day this worked, a couple days later the package didn't exist and I had to install java8-runtime-headless instead of oracle-java8-installer. You figure it out - use whichever works when you visit.
This should be sufficient, but if you need to compile JSPs on the fly, "headless" won't be enough. But for Elasticsearch/Kibana, this should be good. The easiest test is to run
Get Keys and Set Repositories
We need to get elastic.co's GPG key for their repositories:
# wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | apt-key add -
Once you have the key, add this at the end of /etc/apt/sources.list:
deb http://packages.elastic.co/logstash/2.1/debian stable main deb http://packages.elastic.co/elasticsearch/2.x/debian stable main deb http://packages.elastic.co/kibana/4.4/debian stable main
I do love consistency - I wish elastic.co did too. Their logstash repo says ".../2.1/..." while their elasticsearch repo says ".../2.x/..." ... and most Debian repos don't subdivide software by version number at all. Why would you? You have to change repos to upgrade. (Okay, server-side there are advantages to sticky versions, but I'd still prefer consistency.)
Rant aside, these are the package repositories you'll need to install all the components of the ELK stack, addressed in the next three articles.
Continue to The ELKBeats Stack: L is for Logstash, the next article in this series.
(This is the same Bibliography for all of the "ELKBeats Stack" articles.)
- https://www.linode.com/docs/databases/elasticsearch/webserver-logs-with-elk-stack ... this is an excellent set of instructions that's significantly out-of-date (old URLs/addresses), which was nevertheless my main source of information
- http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html (with the caveat that as of 2016-03, my instructions are more accurate than theirs ...)
- Getting Kibana Up and Running
- Elasticsearch Getting Started
- Elasticsearch Reference >> Installation
- Elasticsearch Repositories (at elastic.co)
- Getting Started with Logstash
- Logstash Repositories (at elastic.co)
- How To Install Elasticsearch, Logstash, and Kibana (ELK Stack) on Ubuntu 14.04, Digital Ocean's uneven guide to this same subject, occasionally helpful but big on "install this" and short on "understand"