MENU

(http://developers.redhat.com)

BLOG

Insights and news on Red Hat developer

tools, platforms and more
Blog Menu:
Blog

How to Install Elastic Stack (ELK) on

Red Hat Enterprise Linux(RHEL)
Posted by Hemant Jain (http://developers.redhat.com/blog/author/rhhemantjain/) on June 7,
2016
Sometimes, software just goes together. Linux, the Apache Web server, MySQL, and PHP, the
four ingredients of the LAMP stack, which revolutionized data centers and made open source a
big deal two decades ago, are probably the most famous example. But there are lots of others
(https://en.wikipedia.org/wiki/Solution_stack).
Heres another open source software stack you should know about in our present age of cloud
and big data: the Elastic Stack, or ELK. Based on Elasticsearch, Logstash and Kibana, ELK is a
fully open source solution for searching, analyzing and visualizing data in any format, at any
scale.
Since ELK has multiple parts, and some of them have other dependencies, setting up ELK is
not as simple as installing other stacks, which sometimes require a simple one-line yum
installation command. But fear not. ELK is still easy enough to install if you follow the proper
steps.

Follow

Below, well walk through configuring a Red Hat Enterprise Linux

Follow Red
(http://developers.redhat.com/products/rhel/overview/) (RHEL) server for ELK, installing
Hat(RHEL
Developer
each of the requisite components and configuring them to work with one another.
is now
free for development use download it here
Blog

(http://developers.redhat.com/products/rhel/download/).)

Prerequisites

Get every new post

delivered to your Inbox.
Join 8,563 other followers

First, lets go over some prerequisites. This guide assumes:

Enter your email address

Your server runs RHEL 6 or RHEL 7. Some parts of the ELK stack support RHEL 5, but
not all, so dont try using it. (By the way, if youre still using RHEL 5, you should probably

Sign me up
be upgrading soon, since its EOL date is fast approaching
(https://www.redhat.com/archives/epel-devel-list/2012-February/msg00000.html).)
Build a website with
You want to install ELK using the official RPM packages from the developers. (Yes,
you
WordPress.com
could pull the source through git and compile it yourself, but thats outside
the scope of
(https://wordpress.com/?ref=lof)
this post.)

You want to install the latest version of ELK. You could install older versions by telling yum
to download specific packages (but I assume you want to be as up-to-date as possible).
Youre happy using Oracle Java, which is what well install to meet the Java dependency of
ELK. If you want to use a different version of Java, check the Elasticsearch support matrix
(https://www.elastic.co/support/matrix#show_ jvm) to make sure it will work. (Yes,
OpenJDK is supported.)

Step 1: Install Java

Lets dive into the installation process. Our first task is to install Java, since Elasticsearch and
Logstash require Java to run. As noted above, well install Oracle Java, although you could use
OpenJDK if you like.
To do this, well use curl to download the latest Java RPM (Java 8 revision 77) from Oracles
site, then install it via yum, with these two commands:
cd/tmp

curlinsecureheader"Cookie:gpw_e24=http%3A%2F%2Fwww.oracl
e.com%2Foraclelicense=acceptsecurebackupcookie"L"http://d
ownload.oracle.com/otnpub/java/jdk/8u77b02/jdk8u77linuxx64.
rpm">jdk8u77linuxx64.rpm

Lest I start a war between curl and wget fans, I suppose I should tell you how to download Java
using wget, too. The commands are:
cd/tmp

wgetnocookiesnocheckcertificateheader"Cookie:gpw_e
24=http%3A%2F%2Fwww.oracle.com%2Foraclelicense=acceptsecureba
ckupcookie""http://download.oracle.com/otnpub/java/jdk/8u77b
02/jdk8u77linuxx64.rpm"

Whether you use curl or wget to download Java, you should end up with a file in /tmp called
jdk-8u77-linux-x64.rpm. The next step is to install this file by running yum (as root) like so:
yumylocalinstalljdk8u73linuxx64.rpm

All set. You just installed Java.

Step 2: Install Elasticsearch

The next step, installing Elasticsearch, is easier, since we can do it all using yum. (If only Java
installation were equally simple)
To do this, first import the Elasticsearch GPG key with:
rpmimporthttp://packages.elastic.co/GPGKEYelasticsearch

Next, open a blank text file in your favorite text editor (be sure to run the editor as root, so that
you have the necessary save permissions) and fill it with these lines:
name=Elasticsearchrepositoryfor2.xpackages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPGKEYelasticsearch
enabled=1

Save the file as /etc/yum.repos.d/elasticsearch.repo

Next, install the Elasticsearch package with:
sudoyumyinstallelasticsearch

Step 3: Congure and Start

Elasticsearch
Before installing the rest of the ELK stack, we should tweak Elasticsearch a little and start it
up.
Specifically, we want to prevent outside connections to the Elasticsearch HTTP API. To do this,
open the file /etc/elasticsearch/elasticsearch.yml in an editor (again, run the editor as root),
find the line with the value network.host, uncomment it and replace it with the (uncommented)
line network.host: localhost Then save the file and exit.
You can now start Elasticsearch using the systemctl interface. systemctl start elasticsearch
starts it, systemctl stop elasticsearch stops it, and systemctl systemctl enable configures it to
start automatically at boot.

Step 4: Install Kibana

Were going to follow a similar process to install Kibana. First, create a yum repository file for it
by opening a blank text file and adding these lines:

[kibana4.4]

name=Kibanarepositoryfor4.4.xpackages
baseurl=http://packages.elastic.co/kibana/4.4/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPGKEYelasticsearch
enabled=1

Save the file as /etc/yum.repos.d/kibana.repo

Then download and install the Kibana package with:
yumyinstallkibana

We also need to do a quick configuration tweak for Kibana. Open the file
/opt/kibana/config/kibana.yml, find the line that reads server.host: 0.0.0.0 and replace it
with server.host: localhost
You should now start Kibana with systemctl start kibana. You can stop it using systemctl as
well. And to configure Kibana to start automatically at boot, run chkconfig kibana on

Step 5: Install Logstash

Our final step is to install the last piece of the ELK stack, Logstash. Here again, we need to
create a yum repository file by adding the following lines to a blank text file:
[logstash2.2]
name=logstashrepositoryfor2.2packages
baseurl=http://packages.elasticsearch.org/logstash/2.2/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPGKEYelasticsearch
enabled=1

Save the file as /etc/yum.repos.d/logstash.repo. Then install Logstash with:

yumyinstalllogstash

Congrats! Logstash is installed.

Using ELK
You now have a basic ELK stack installed. Depending on exactly what you want to do with it,
however, you may want to take some additional steps. Consider the following tweaks and
additions:
By default, Kibana (the Web interface that you use to search and analyze your
Elasticsearch data) listens on localhost at port 5601. That means you can connect to it
from your RHEL server at localhost:5601. If you want to be able to access Kibana from
other servers, too, youll need to do some additional configuration. Refer here
(https://www.elastic.co/guide/en/kibana/current/kibana-server-properties.html) for

details.
Above, we did a basic installation of Logstash. Your exact configuration of the tool will
depend on which plugins you want to use and how you want to work with data. Basic
configuration instructions are available here
(https://www.elastic.co/guide/en/logstash/current/configuration.html), and more complex
examples are here (https://www.elastic.co/guide/en/logstash/current/configexamples.html).
By default, your ELK stack will only let you collect and analyze logs from your local server.
But you can add remote logs to the mix by using Filebeat, which collects logs from other
hosts. Here (https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-gettingstarted.html) are instructions for installing and setting up Filebeat to work with your ELK
stack.

(https://rhdevelopers.les.wordpress.com/2016/05/screen-shot-2016-05-27at-3-47-23-pm.png)About Hemant Jain

Hemant Jain is the founder and owner of Rapidera Technologies (http://www.rapidera.com), a
full service software development shop. He and his team focus a lot on modern software
delivery techniques and tools. Prior to Rapidera he managed large scale enterprise
development projects at Autodesk and Deloitte.

Join Red Hat Developers (https://developers.redhat.com/register?

utm_source=blog&utm_medium=blog&utm_campaign=blog), a developer program
for you to learn, share, and code faster and get access to Red Hat software for
your development. The developer program and software are both free!

Take advantage of your Red Hat Developers membership and download RHEL
(http://developers.redhat.com/products/rhel/download/) today at no cost.

Rate this:

1 Vote

Share this:

Twitter(http://developers.redhat.com/blog/2016/06/07/howtoinstallelasticstackelkon

redhatenterpriselinuxrhel/?share=twitter&nb=1)

Facebook 6 (http://developers.redhat.com/blog/2016/06/07/howtoinstallelasticstackelk

onredhatenterpriselinuxrhel/?share=facebook&nb=1)

Reddit(http://developers.redhat.com/blog/2016/06/07/howtoinstallelasticstackelkon

redhatenterpriselinuxrhel/?share=reddit&nb=1)
Google(http://developers.redhat.com/blog/2016/06/07/howtoinstallelasticstackelkon

redhatenterpriselinuxrhel/?share=googleplus1&nb=1)
LinkedIn 23 (http://developers.redhat.com/blog/2016/06/07/howtoinstallelasticstackelk

onredhatenterpriselinuxrhel/?share=linkedin&nb=1)

Related

(http://developers.redhat
.com/blog/2016/09/01/s
ix-popular-incidentmanagement-tools-forred-hat-enterpriselinux/)
Six popular incident
management tools for
Red Hat Enterprise Linux
(http://developers.redhat
.com/blog/2016/09/01/s
ix-popular-incidentmanagement-tools-forred-hat-enterpriselinux/)
In "DevOps"

(http://developers.redhat
.com/blog/2016/06/02/i
nstalling-mongodb-onred-hat-enterpriselinux/)
Installing MongoDB on
Red Hat Enterprise Linux
(http://developers.redhat
.com/blog/2016/06/02/i
nstalling-mongodb-onred-hat-enterpriselinux/)
In "Red Hat Enterprise
Linux"

Posted in Red Hat Enterprise Linux

RHEL

LeaveaReply
Enteryourcommenthere...

ElasticSearch

(http://developers.redhat
.com/blog/2016/08/23/
setting-up-a-lamp-stackon-rhel/)
Setting up a LAMP stack
on Red Hat Enterprise
Linux
(http://developers.redhat
.com/blog/2016/08/23/
setting-up-a-lamp-stackon-rhel/)
In "PHP"

ELK

rhdfx8

<

DEVNATION 2016 MAGIC: THE GATHERING MINI-TOURNEY

DEVNATION 2016: TIM PETTERSEN ON TRACKING HUGE
>
FILES WITH GITLFS
Search Blog

SEARCH

Follow us:
(https://twitter.com/#!/rheldevelop)
(http://www.facebook.com/rheldevelop)
(https://www.linkedin.com/in/rheldevelop)
(https://rhdevelopers.wordpress.com/feed/)
(https://plus.google.com/s/rhel%20develop)

(https://developers.redhat.com/register)

Tweetsby@rhdevelopers
RedHatDevelopers@rhdevelopers
AsimpleguidetoprovisioningVagrantboxeswithAnsible
wp.me/p2WBxv1MX7
AsimpleguidetoprovisioningVagrantboxeswithAnsible
Overthelastcoupleofweeks,IvebeenworkingonsomeRedH
developerblog.redhat.com

1h

RedHatDevelopers@rhdevelopers
FourbestpracticesforsecuringRedHatEnterpriseLinux
wp.me/p2WBxv1MU3
FourbestpracticesforsecuringRedHatEnterpriseLinux

FourbestpracticesforsecuringRedHatEnterpriseLinux
Deployinganoperatingsystemonyourshinynewserverorvirtua
developerblog.redhat.com

07Sep

RedHatDevelopersRetweeted

BurrSutter@burrsutter
#Kubernetesisthe"LinuxKernel"oftheDockercontainerplatform
@TheSteve0

05Sep

RedHatDevelopers@rhdevelopers
Debugging.NETonRedHatEnterpriseLinuxfromVisualStudio
wp.me/p2WBxv1N1m

Debugging.NETonRedHatEnterpriseLinuxfromVisualStudio
BeingabletoedityourC#(orF#forthatmatter)codeonyourLin
developerblog.redhat.com

06Sep

RedHatDevelopers@rhdevelopers
PuttingtheMicroinMicroserviceswithWildFlySwarmwp.me/p2WBxv
1MU0

OTHER RED HAT BLOGS

Cloudforms Blog (http://cloudformsblog.redhat.com)
Middleware Blog (http://middlewareblog.redhat.com)
Mobile Blog (http://redhat.com/blog/mobile)
Red Hat Stack Blog (http://redhatstackblog.redhat.com/)
RHEL Blog (http://rhelblog.wordpress.com)
Services Speak (http://servicesblog.redhat.com)
Storage Blog (http://redhatstorage.redhat.com)
Vertical Industries Blog
(http://redhat.com/blog/verticalindustries)

POPULAR TAGS
Accelerated Development and Management
(http://developers.redhat.com/blog/tag/accelerated-developmentmanagement/)
containers (http://developers.redhat.com/blog/tag/containers/)
DevNation (http://developers.redhat.com/blog/tag/devnation/)
DevOps (http://developers.redhat.com/blog/tag/devops/)
Docker (http://developers.redhat.com/blog/tag/docker/)
gcc (http://developers.redhat.com/blog/tag/gcc/)
OpenShift Enterprise by Red Hat
(http://developers.redhat.com/blog/tag/openshift/)
python (http://developers.redhat.com/blog/tag/python/)
RHEL (http://developers.redhat.com/blog/tag/rhel/)
software collections
(http://developers.redhat.com/blog/tag/software-collections/)