{"id":739,"date":"2015-11-23T12:21:31","date_gmt":"2015-11-23T12:21:31","guid":{"rendered":"https:\/\/blog.ngocha.biz\/?p=739"},"modified":"2015-11-23T12:21:31","modified_gmt":"2015-11-23T12:21:31","slug":"setup-elk-stack-amazon-ec2","status":"publish","type":"post","link":"https:\/\/blog.ngocha.biz\/?p=739","title":{"rendered":"How to setup ELK stack on Amazon EC2 &#8211; Getting Started Guide"},"content":{"rendered":"<p><a href=\"https:\/\/www.elastic.co\/products?ref=devopscube.com\" rel=\"noopener noreferrer\">ELK<\/a> is the most popular log aggreration and analysis stack. ELK stands for Elasticsearch, Logstash and Kibana.<\/p>\n<p>Elasticsearch &#8211; It is a NoSQL, analytics and search engine.<\/p>\n<p>Logstash &#8211; It is a log aggregation tool.<\/p>\n<p>Kibana &#8211; It is a dashboarding tool.<\/p>\n<h2 id=\"elk-stack-on-amazon-ec2\">ELK stack on Amazon EC2<\/h2>\n<p>This guide will walk you through setting up a test ELK stack on amazon ec2 Ubuntu 14.04  instance. Follow the steps given below to have a working ELK stack.<\/p>\n<p>Note: I assume that you have a ubuntu 14.04 server up and running in a public subnet.<\/p>\n<ol>\n<li>Login and update the server.<\/li>\n<\/ol>\n<pre><code>sudo apt-get update<\/code><\/pre>\n<ol start=\"2\">\n<li>ELK stack need openjdk. Install it using the following command.<\/li>\n<\/ol>\n<pre><code>sudo apt-get install openjdk-7-jre-headless<\/code><\/pre>\n<p>3. Chef the jdk installion by checking its verison.<\/p>\n<pre><code>java -version<\/code><\/pre>\n<h2 id=\"installing-elasticsearch\">Installing Elasticsearch<\/h2>\n<p>4. Add the elasticsearch repository using the following command.<\/p>\n<pre><code>wget -qO - https:\/\/packages.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add -<\/code><\/pre>\n<p>5. Elasticsearch key has to be added to the list using the following command.<\/p>\n<pre><code>echo \"deb http:\/\/packages.elastic.co\/elasticsearch\/1.7\/debian stable main\" | sudo tee -a \/etc\/apt\/sources.list.d\/elasticsearch-1.7.list<\/code><\/pre>\n<p>6. Update the server<\/p>\n<pre><code>sudo apt-get update<\/code><\/pre>\n<p>7. Install elasticsearch using the following command.<\/p>\n<pre><code>sudo apt-get install elasticsearch<\/code><\/pre>\n<p>8. Execute the following command to start the elasticsearch server.<\/p>\n<pre><code>sudo service elasticsearch start<\/code><\/pre>\n<p>9. Test the elasticsearch service using curl<\/p>\n<pre><code>curl localhost:9200<\/code><\/pre>\n<p>The output should look like the following.<\/p>\n<pre><code>{\n  \"status\" : 200,\n  \"name\" : \"Merlin\",\n  \"cluster_name\" : \"elasticsearch\",\n  \"version\" : {\n    \"number\" : \"1.7.3\",\n    \"build_hash\" : \"05d4530971ef0ea46d0f4fa6ee64dbc8df659682\",\n    \"build_timestamp\" : \"2015-10-15T09:14:17Z\",\n    \"build_snapshot\" : false,\n    \"lucene_version\" : \"4.10.4\"\n  },\n  \"tagline\" : \"You Know, for Search\"\n}<\/code><\/pre>\n<h2 id=\"installing-and-setting-up-logstash\">Installing and setting up Logstash<\/h2>\n<p>1. Add logstash to the list. <\/p>\n<pre><code>echo \"deb http:\/\/packages.elasticsearch.org\/logstash\/1.5\/debian stable main\" | sudo tee -a \/etc\/apt\/sources.list<\/code><\/pre>\n<p>2. Update the server.<\/p>\n<pre><code>sudo apt-get update<\/code><\/pre>\n<p>3. Install logstash.<\/p>\n<pre><code>sudo apt-get install logstash<\/code><\/pre>\n<p>4. Update the server.<\/p>\n<pre><code>sudo apt-get update<\/code><\/pre>\n<p>5. Start and check the status of logstash using the following commands.<\/p>\n<pre><code>sudo service logstash start\nsudo service logstash status<\/code><\/pre>\n<p>Since it is a single host installation, we will direct all our logs to logstash using a configuration file.<\/p>\n<p>6. create a file named \/etc\/logstash\/conf.d\/logstash-syslog.conf and copy the following contents on to the file.<\/p>\n<pre><code>    input {\n    file {\n    type =&gt; \"syslog\"\n    path =&gt; [ \"\/var\/log\/messages\", \"\/var\/log\/*.log\" ]\n    }\n    }\n    output {\n    stdout {\n    codec =&gt; rubydebug\n    }\n    elasticsearch {\n    host =&gt; \"localhost\" # If you are running elasticsearch in different instance, use #the prive ip instead of localhost.\n    }\n    }<\/code><\/pre>\n<p>7. Now, restart the logstash server to make necessary changes.<\/p>\n<pre><code>sudo service logstash restart<\/code><\/pre>\n<h2 id=\"installing-and-configuring-kibana\">Installing and configuring Kibana<\/h2>\n<p>1. Download the kibana source file. <\/p>\n<pre><code>wget https:\/\/download.elastic.co\/kibana\/kibana\/kibana-4.1.1-linux-x64.tar.gz<\/code><\/pre>\n<p>2. Extract the source content<\/p>\n<pre><code>tar -xzf kibana<\/code><\/pre>\n<p>3. Create a kibana directory under \/opt<\/p>\n<pre><code>sudo mkdir -p \/opt\/kibana<\/code><\/pre>\n<p>4. Move the extracted folder contents to the \/opt\/kibana directory.<\/p>\n<pre><code>sudo mv kibana-4.1.1-linux-x64\/* \/opt\/kibana<\/code><\/pre>\n<p>5. Create a service file for startup using the following commands.<\/p>\n<pre><code>cd \/etc\/init.d &amp;&amp; sudo wget https:\/\/raw.githubusercontent.com\/akabdog\/scripts\/master\/kibana4_init -O kibana4\nsudo chmod +x \/etc\/init.d\/kibana4\nsudo update-rc.d kibana4 defaults 96 9<\/code><\/pre>\n<p>6. Start the kibana dashboard service.<\/p>\n<pre><code>sudo service kibana4 start<\/code><\/pre>\n<p>The above command would start Kibana service on port 5601.<\/p>\n<p>Now you can access the Kibana dashboard on 5601 port with the public ip of your instance.<\/p>\n<hr>\n<p><strong>Ngu\u1ed3n:<\/strong> <a href=\"https:\/\/devopscube.com\/setup-elk-stack-amazon-ec2\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to setup ELK stack on Amazon EC2 &#8211; Getting Started Guide \u2014 DevOpsCube<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Source: https:\/\/devopscube.com\/setup-elk-stack-amazon-ec2\/<\/p>\n","protected":false},"author":1,"featured_media":740,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-739","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts\/739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=739"}],"version-history":[{"count":0,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/posts\/739\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=\/wp\/v2\/media\/740"}],"wp:attachment":[{"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ngocha.biz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}