Installing and Configuring ELK

– Part one(1) – Install OS (OEL 7.2), Tuning
– Part two(2) – Configure KVM, Tuning
– Part three(3) – install elasticsearch, configuration
– Part four(4) – Install logstash, configuration
– Part five(5) – Install Kibana, configuration
– Part six(6) – General platform tips & tricks
– Part six(7) Solaris logstash forwarder setup

This is Part five(5) – Install Kibana, configuration

Installing Kibana

Note: Make sure you have java 1.8 otherwise install as below

yum install java-1.8.0-openjdk.x86_64

Lets configure kibana repo

rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch

cat /etc/yum.repos.d/kibana.repo
[kibana-4.4]
name=Kibana repository for 4.4.x packages
baseurl=http://packages.elastic.co/kibana/4.4/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

Now install logstash

yum -y install kibana

Lets configure kibana

Note I have ran to an issue that yum install is not creating the kibana user, so created it manually

groupadd elastic
useradd -d /home/kibana -g elastic -m -s /bin/bash -c "Elastic Search kibana" kibana

Modify kibana.yml

cat /opt/kibana/config/kibana.yml |egrep -v "^$|^#"
server.host: "0.0.0.0"
elasticsearch.url: "http://elkcl1.domain.com:9200"

Enable and start kibana

systemctl daemon-reload
systemctl enable kibana.service
systemctl start kibana

Final configuration in Kibana

Login to kibana and create initial index

# Go to
http://elkcl1.domain.com:5601/

Click on create index on logstash-*
Note: Logstash has to first send some logs to get the create index
Alternative you can create other indexs like web-sql-log-* (* means any date)

Kibana and elasticsearch plugins

Install us-full tools & plugins

# Note replace /usr/share/elasticsearch/bin/plugin with /opt/elasticsearch-ins4/bin/plugin

# Head plugin is a must have
/usr/share/elasticsearch/bin/plugin -DproxyPort=8788 -DproxyHost=127.0.0.1 install royrusso/elasticsearch-HQ/v2.0.3 mobz/elasticsearch-head

# HQ Good plugin good for performance 
/usr/share/elasticsearch/bin/plugin -DproxyPort=8788 -DproxyHost=127.0.0.1 install royrusso/elasticsearch-HQ/v2.0.3

# Access by going to
http://elkcl1.domain.com:9200/_plugin/hq

# Good for performance but not working in latest releases
/usr/share/elasticsearch/bin/plugin -DproxyPort=8788 -DproxyHost=127.0.0.1 install lukas-vlcek/bigdesk/2.4.0
# Access by going to
http://elkcl1.domain.com:9200/_plugin/bigdesk/

# Older look and feel but very good
/usr/share/elasticsearch/bin/plugin -DproxyPort=8788 -DproxyHost=127.0.0.1 install lmenezes/elasticsearch-kopf/v2.1.1

# Access by going to
http://elkcl1.domain.com:9200/_plugin/kopf/

# show index/data usage
/usr/share/elasticsearch/bin/plugin -DproxyPort=8688 -DproxyHost=127.0.0.1 install xyu/elasticsearch-whatson
http://elkcl1.domain.com:9200/_plugin/whatson/

# Is not working
# shows nice cubism graphs
/usr/share/elasticsearch/bin/plugin -DproxyPort=8688 -DproxyHost=127.0.0.1 install karmi/elasticsearch-paramedic
http://elkcl1.domain.com:9200/_plugin/paramedic/index.html

Install Security plugin

# Install shileds (all nodes)
/usr/share/elasticsearch/bin/plugin -DproxyPort=8788 -DproxyHost=127.0.0.1 install license
/usr/share/elasticsearch/bin/plugin -DproxyPort=8788 -DproxyHost=127.0.0.1 install shield

# Create users
bin/shield/esusers useradd es_admin -r admin

Next Part six(6) – General platform tips & tricks