How To Install Elastic Stack on Ubuntu 22.04

Tejas ManeTejas Mane
2 min read

Table of contents

1. Install Elasticsearch

Launch an EC2 instance (Ubuntu t2.medium)

# Update and install JDK/JRE
sudo apt-get update
sudo apt install default-jdk default-jre -y

# Add Elasticsearch GPG Key & repository
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

# Install Elasticsearch
sudo apt-get update -y
sudo apt-get install elasticsearch

Configure Elasticsearch:

Edit the Elasticsearch config file and set network.host to your instance’s private IPv4 address.

sudo nano /etc/elasticsearch/elasticsearch.yml

Start Elasticsearch:

sudo systemctl start elasticsearch 
sudo systemctl status elasticsearch

2. Deploy Logstash and Kibana Instance

Launch EC2 (logstashkibana) - t2.medium

sudo apt-get update
sudo apt install default-jdk default-jre -y

# Add GPG key, repository, and install Kibana
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update -y
sudo apt-get install kibana

Configure Kibana:

Set server.host to the logstashkibana instance's private IP and elasticsearch.hosts to Elasticsearch’s private IP.

sudo nano /etc/kibana/kibana.yml

Start Kibana:

sudo systemctl start kibana 
sudo systemctl status kibana

3. Install Logstash

sudo apt-get install logstash

Create Configuration File:

sudo nano /etc/logstash/conf.d/apache.conf

input {
  beats {
    port => "5044"
  }
}
filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
}
output {
  elasticsearch {
    hosts => ["http://<Elasticsearch_IP>:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
  stdout { codec => rubydebug }
}

Start Logstash:

sudo systemctl start logstash 
sudo systemctl status logstash

Verify Logstash:

tail -f /var/log/logstash/logstash-plain.log

4. Deploy Client Instance

sudo apt-get update
sudo apt-get install apache2 -y
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.17.6-amd64.deb
sudo dpkg -i filebeat-7.17.6-amd64.deb

Configure Filebeat:

Edit the Filebeat config file and set the hosts field to your LogstashKibana instance’s private IP.

sudo nano /etc/filebeat/filebeat.yml

Enable Filebeat Modules:

sudo filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["<Elasticsearch_IP>:9200"]'
sudo filebeat modules enable system
sudo filebeat modules enable apache

Restart Filebeat:

systemctl restart filebeat.service
filebeat test output
0
Subscribe to my newsletter

Read articles from Tejas Mane directly inside your inbox. Subscribe to the newsletter, and don't miss out.

elk-stackelk installationDevopsUbuntu

Written by

Tejas Mane
Tejas Mane