-
Notifications
You must be signed in to change notification settings - Fork 4
/
ELK_Install_ReadMe.me
62 lines (51 loc) · 2.68 KB
/
ELK_Install_ReadMe.me
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# How to install ELK 7.10.1 on RHEL/CENTOS
Informations gathered from ELK website mainly
### Build a Linux VM (RHEL or CentOS)
Will be called "elkserver.example.com" in this document
Need TCP/9200 port reachable from AIX client
### Add elastic repo
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
### Import the Elasticsearch PGP Key
Create a file named "elasticsearch.repo" in the "/etc/yum.repos.d/" directory (for RedHat based distributions) containing:
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
### Install Kibana / Elasticsearch / Logstash (not mandatory) / Metrixbeat / Filebeat
sudo yum install --enablerepo=elasticsearch elasticsearch-7.10.1-1
sudo yum install --enablerepo=elasticsearch kibana-7.10.1-1
sudo yum install --enablerepo=elasticsearch logstash-7.10.1-1
sudo curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.10.1-x86_64.rpm
sudo curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.1-x86_64.rpm
sudo rpm -vi metricbeat-7.10.1-x86_64.rpm
sudo rpm -vi filebeat-7.10.1-x86_64.rpm
### Modify "/etc/elasticsearch/elasticsearch.yml" to include the following:
network.bind_host: 0.0.0.0
node.master: true
node.data: true
transport.host: localhost
transport.tcp.port: 9300
### Modify "/etc/kibana/kibana.yml" to include the following:
server.host: "elkserver.example.com"
elasticsearch.hosts: ["http://elkserver.example.com:9200"]
### Modify "/etc/metricbeat/metricbeat.yml" and "/etc/filebeat/filebeat.yml" host value :
From
hosts: ["localhost:9200"]
To
hosts: ["elkserver.example.com":9200"]
### Restart services to take new config into account
sudo systemctl restart elasticsearch.service
sudo systemctl restart kibana.service
sudo systemctl restart metricbeat.service
sudo systemctl restart filebeat.service (Will not send any data until configured to do so...)
sudo systemctl stop logstash.service (Stop Logstash if not used)
### Upload Index templates to Elastic
sudo metricbeat setup -E 'output.elasticsearch.hosts=["elkserver.example.com:9200"]' --index-management
sudo filebeat setup -E 'output.elasticsearch.hosts=["elkserver.example.com:9200"]' --index-management
### Upload Dashboard templates to Kibana
sudo metricbeat setup -E "setup.kibana.host=elkserver.example.com:5601" -E "output.elasticsearch.hosts=["elkserver.example.com:9200"]" --dashboards
sudo filebeat setup -E "setup.kibana.host=elkserver.example.com:5601" -E "output.elasticsearch.hosts=["elkserver.example.com:9200"]" --dashboards