How to Install and Configure ELK stack on Fedora 32 using RPM method

How to Install and Configure ELK stack on Fedora 32 using RPM method

elk_stack.jpg

Test Environment –

Fedora 32 installed

ELK Stack

ELK Stack is used to analyze and index large datasets of logs and provide insights. Elasticsearch manages the data, Logstash reads the data from different sources, Kibana makes fine visualization of it. ELK stack now as evolved as Elastic Stack. Elastic stack helps with pipeline and other tools to add like security, notification and monitoring capabilities to the setup.

LogStash

– Has plugins to read data from multiple sources and output plugins to submit data to various destinations
– Elasticsearch plugin helps to send data to elasticsearch
– Collects raw data and modifies or transforms it to structured, formatted and meaniful data
– Allows for custom plugins to be built

Elasticsearch

– Helps in indexing the data read from Logstash
– Its a full text search engine
– Provides tools to query, access and aggregate the data using the API’s
– Its based on the Apache Lucene search engine

Kibana

– Reads/queries data from elasticsearch indices using its API’s
– visualizes and generates graphs and charts for the data

Beats

– These are ligthweight and are installed as agents
– Reads data, parses it and ships it to either elasticsearch or logstash
– Metricsbeat, Filebeat and Packetbeat are some of the beats available
– libbeat is the library which can be used to write custom beat

Step1: Verify Java JDK installated or not

Make sure JDK is installed if not install the openjdk development package available on the linux systems.

Verify JDK installation
[admin@fedser32.stack.com ~]$ javac -version
javac 1.8.0_292
[admin@fedser32.stack.com ~]$ java -version
openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)

Step2: Install Elasticsearch

Import the GPG key

Import Elastcisearch GPG key
[admin@fedser32.stack.com software]$ sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Setup the repostiory

Setup Elasticsearch repository
[admin@fedser32.stack.com software]$ cat /etc/yum.repos.d/elasticsearch.repo 

[elasticsearch]

name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=0 autorefresh=1 type=rpm-md

Install Elasticsearch

Install Elasticsearch
[admin@fedser32.stack.com software]$ sudo dnf install --enablerepo=elasticsearch elasticsearch
...
Installed:
  elasticsearch-7.13.2-1.x86_64

Step3: Enable and Start the Elasticsearch service

Start and Enable Elasticsearch service
[admin@fedser32.stack.com software]$ sudo systemctl daemon-reload
[admin@fedser32.stack.com software]$ sudo systemctl  enable elasticsearch.service 
Synchronizing state of elasticsearch.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.
[admin@fedser32.stack.com software]$ sudo systemctl start elasticsearch.service

Step4: Verify that Elasticsearch is up and running with a GET request

Once the installation is completed and services are restarted, we should be able to get the response from elasticsearch running on port 9200 as shown below.

Validate Elasticsearch installation
[admin@fedser32.stack.com software]$ curl -X GET "localhost:9200/?pretty"
{
  "name" : "fedser32.stack.com",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "kmsW5BHgSc6r-1z5_hwZGA",
  "version" : {
    "number" : "7.13.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "4d960a0733be83dd2543ca018aa4ddc42e956800",
    "build_date" : "2021-06-10T21:01:55.251515791Z",
    "build_snapshot" : false,
    "lucene_version" : "8.8.2",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Step5: Install Kibana

Setup Kibana repository

Setup Kibana repository
[admin@fedser32.stack.com software]$ cat /etc/yum.repos.d/kibana.repo 

[kibana-7.x]

name=Kibana repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md

Install Kibana

Install Kibana
[admin@fedser32.stack.com software]$ sudo dnf install kibana
...
Installed:
  kibana-7.13.2-1.x86_64

Step6: Enable and Start Kibana service

Enable and Start Kibana service
[admin@fedser32.stack.com software]$ sudo systemctl daemon-reload
[admin@fedser32.stack.com software]$ sudo systemctl start kibana.service 
[admin@fedser32.stack.com software]$ sudo systemctl enable kibana.service 
Synchronizing state of kibana.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable kibana
Created symlink /etc/systemd/system/multi-user.target.wants/kibana.service → /etc/systemd/system/kibana.service.

Step7: Verify the Kibana service by launching the below URL

Once the installation is completed and services restarted, we should be able to launch the Kibana web portal with the following URL.

Verify Kibana installation
URL - http://FQDN:5601/

Step8: Install Logstash

Setup Logstash repository

Setup Logstash repository
[admin@fedser32.stack.com software]$ cat /etc/yum.repos.d/logstash.repo 

[logstash-7.x]

name=Elastic repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md

Install Logstash

Install Logstash
[admin@fedser32.stack.com software]$ sudo dnf install logstash

Step9 : Enable and Start logstash service

Enable and Start Logstash service
[admin@fedser32.stack.com software]$ sudo systemctl daemon-reload
[admin@fedser32.stack.com software]$ sudo systemctl start logstash
[admin@fedser32.stack.com software]$ sudo systemctl enable logstash
Created symlink /etc/systemd/system/multi-user.target.wants/logstash.service → /etc/systemd/system/logstash.service.

Step10: Verify logstash installation

Verify the logstash installation by checking the version that is installed as shown below.

Verify Logstash installation
[admin@fedser32.stack.com software]$ /usr/share/logstash/bin/logstash --version
Using bundled JDK: /usr/share/logstash/jdk
logstash 7.13.2

Step11: Install, Start and Enable Filebeat service

Install filebeat

Install Filebeat
[admin@fedser32.stack.com software]$ sudo dnf install filebeat
...
Installed:
  filebeat-7.13.2-1.x86_64

Enable and Start the filebeat service

Enable and Start Filebeat service
[admin@fedser32.stack.com software]$ sudo systemctl enable filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
[admin@fedser32.stack.com software]$ sudo systemctl start filebeat
Verify Filebeat installation
[admin@fedser32.stack.com software]$ /usr/share/filebeat/bin/filebeat version
filebeat version 7.13.2 (amd64), libbeat 7.13.2 [686ba416a74193f2e69dcfa2eb142f4364a79307 built 2021-06-10 21:04:13 +0000 UTC]

Hope you enjoyed reading this article. Thank you.