How To Install Elasticsearch, Logstash, and Kibana (ELK Stack) on NethServer 7

Subtitle: Installation of the Elasticsearch ELK Stack on NethServer 7, using Elasticsearch 2.2.x, Logstash 2.2.x, and Kibana 4.4.x.

Version and revision: V1.0 / R 0.0.

For Nethserver 7

Accessible to: Intermediate

Date of presentation: 2016-09-14

Install Java

yum -y install java

Install Elasticsearch

rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch

cat > /etc/yum.repos.d/elasticsearch.repo << EOF
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF
yum -y install elasticsearch

systemctl start elasticsearch
systemctl enable elasticsearch

Install Kibana

cat > /etc/yum.repos.d/kibana.repo << EOF
[kibana-4.4.x]
name=Kibana repository for 4.4.x packages
baseurl=http://packages.elastic.co/kibana/4.4/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF

yum -y install kibana

systemctl start kibana
systemctl enable kibana

Install Logstash

cat > /etc/yum.repos.d/logstash.repo << EOF
[logstash-2.2]
name=logstash repository for 2.2 packages
baseurl=http://packages.elasticsearch.org/logstash/2.2/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1
EOF

yum -y install logstash

Edit logstash configuration

vi /etc/logstash/conf.d/logstash.conf

Logstash configuration define inputs, filters and outputs for logstash. This example take input from standard input and give it back on standard output and elasticsearch.

 
input { stdin { } }
output {
  stdout { codec => rubydebug }
  elasticsearch { }
}

This command is useful to test Logstash (exit on ctrl+D):

/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf  -v

Now start Logstash and enable it on boot

systemctl start logstash
systemctl enable logstash

Last steps

Open kibana port

config set fw_kibana service status enabled TCPPort 5601 access private
signal-event firewall-adjust

Now you can reach Kibana from your local network on http://SERVER_IP:5601/