Setting Up an ELK Stack

By Adrian | November 25, 2018

Splunk. Love it to bits, use it at work heaps, but sadly for personal use once you go past that 500Mb/day license requirement thats it, get your wallet out. This is where ELK comes into play. Being open source I thought i’d give it a crack. Here is my experience.

I know there are plenty of guides online for this, but went through a bit of trial and error for my setup. These were the steps that I took setting up my Elasticsearch Logstash Kibana (ELK) stack.

Install Ubuntu 16.04 Server from the ISO. Follow the bouncing ball through the wizard

Perform a system update using

sudo apt-get update && sudo apt-get upgrade

Install java

sudo apt-get install default-jre

Confirm the java installation using

java -version

Install Elasticsearch

wget -qO – | sudo apt-key add –
sudo apt-get install apt-transport-https
echo “deb stable main” | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt-get update
sudo apt-get install elasticsearch

Configure Elasticsearch and modify/uncomment the entries for and http.port

sudo vim /etc/elasticsearch/elasticsearch.yml

Set Elasticsearch to run as a service

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
sudo /bin/systemctl start elasticsearch.service

Test that Elasticsearch is running.

curl http://elasticsearch_ip:9200


Install Logstash

sudo apt-get install logstash

Install Kibana

sudo apt-get install kibana

Hope to follow up this entry with some of the joys of configuring logstash ready for data.