Configure Elasticsearch and Kibana setup in ubuntu

Ubuntu’s default package repositories do not include Elasticsearch components. However, you can install them via APT by adding Elastic’s official package source. To enhance security and prevent package spoofing, all packages are signed with a GPG key, enabling the package manager to verify their authenticity. Before proceeding with the installation, let’s import the public GPG key and add the Elastic package source list.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

https://artifacts.elastic.co/GPG-KEY-elasticsearch: Elasticsearch’s public GPG key, a cryptographic "signature" used to verify the authenticity of packages.
--dearmor: Converts the GPG key from human-readable text to binary format because Debian’s apt expects keys in binary format for verification.

Next, let's add Elasticsearch Repository to APT Sources:

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

apt where to find Elasticsearch packages https://artifacts.elastic.co/packages/8.x/apt).
[signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] option ensures packages from repository are verified using the GPG key.

Next, update APT packages.

sudo apt update

Next, install the Elasticsearch Debian package.

sudo apt install elasticsearch

Next, we need to update the elasticsearch.yml with nano to configure network host and port.

sudo nano /etc/elasticsearch/elasticsearch.yml

Now, enable Elasticsearch to start automatically on system boot.

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch

Next, start the Elasticsearch Service.

sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

We need to confirm that Elasticsearch is running correctly and is accessible via HTTPS on https://localhost:9200, when it need login username & password click cancel.

We can also confirm the service is up and accessible using this command:

sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

The file /etc/elasticsearch/certs/http_ca.crt is the CA certificate generated during Elasticsearch installation.

In case you forget your elastic user password, you can use the following command:

cd /usr/share/elasticsearch
./bin/elasticsearch-reset-password  -u elastic

Now, we install and configure Kibana

sudo apt install kibana

Now, we need to edit kibana.yml file to determine how it connects to Elasticsearch and how it behaves.

sudo nano /etc/kibana/kibana.yml

server.port: 5601 : the port on which Kibana will run
server.host: "0.0.0.0" : the IP address Kibana will bind to
elasticsearch.hosts: ["http://localhost:9200"] : the Elasticsearch instance Kibana will connect to

Next, start and enable Kibana to ensures it starts automatically when the system boots.

sudo systemctl start kibana
sudo systemctl enable kibana

Access with address http://localhost:5601, make sure Kibana is running.

Now, we need to generate an enrollment token for Kibana and using it to securely connect Kibana to Elasticsearch.

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Next, let's open Kibana, enter the copied token into the input field, and click Configure Elastic to proceed.

After this Kibana prompted for Verification code.

To generate Verification code , we need to navigate to Kibana installation directory and execute the following script.

sudo /usr/share/kibana/bin/kibana-verification-code

Next, log in with your account and password.

PreviousBuild ELK Lab NextFluent Bit – Sending Logs to ELK with Fluent Bit

Last updated 5 months ago

Was this helpful?