In this blog post, I’ll show you how to install and configure ELK Stack on RHEL 8 / Rocky Linux 8. “ELK” is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Below is a short description of each tool in the stack.
- Elasticsearch: This is an open source, distributed, RESTful, JSON-based search engine. It is scalable, easy to use, and flexible
- Logstash : This is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch.
- Kibana lets users visualize data with charts and graphs in Elasticsearch.
Our last article covered the installation of Elasticsearch on RHEL 8. For simplicity and convenience, we will cover steps to install all the three ELK stack tools on RHEL 8.
Step 1: Install Java runtime
As Elasticsearch depends on Java, you need it installed on your system prior to installing Elasticsearch.
Step 2: Add ELK repository
Once you have Java installed, add ELK stack repository. Please run the commands below as root user:
For Elasticsearch 7.x
cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOFFor Elasticsearch 6.x.
cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOFAfter adding the repo, import GPG key:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearchClear and update your YUM package index.
sudo yum clean allStep 3: Install and Configure Elasticsearch
Elasticsearch repository is ready for use. You can install Elasticsearch using the command below:
sudo yum -y install elasticsearchConfirm package installation.
$ rpm -qi elasticsearch
Name : elasticsearch
Epoch : 0
Version : 7.17.26
Release : 1
Architecture: x86_64
Install Date: Thu 09 Jan 2025 06:14:29 AM UTC
Group : Application/Internet
Size : 541751868
License : Elastic License
Signature : RSA/SHA512, Thu 28 Nov 2024 08:46:12 AM UTC, Key ID d27d666cd88e42b4
Source RPM : elasticsearch-7.17.26-1-src.rpm
Build Date : Thu 28 Nov 2024 08:11:46 AM UTC
Build Host : bk-agent-prod-gcp-1732781011116187025
Relocations : /usr
Packager : Elasticsearch
Vendor : Elasticsearch
URL : https://www.elastic.co/
Summary : Distributed RESTful search engine built for the cloud
...You can set JVM options like memory limits by editing the file: /etc/elasticsearch/jvm.options
Example below sets initial/maximum size of total heap space
-Xms1g
-Xmx1gIf your system has less memory, you can configure it to use small megabytes of ram.
-Xms256m
-Xmx512mStart and enable elasticsearch service on boot:
$ sudo systemctl enable --now elasticsearch.service
Synchronizing state of elasticsearch.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.Test to verify that it is working:
$ curl http://127.0.0.1:9200
{
"name" : "bBzN5Kg",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "LKyqXXSvRvCpX9QAwKlP2Q",
"version" : {
"number" : "6.5.4",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "d2ef93d",
"build_date" : "2018-12-17T21:17:40.758843Z",
"build_snapshot" : false,
"lucene_version" : "7.5.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}Create a test index:
$ curl -X PUT "http://127.0.0.1:9200/mytest_index"
{"acknowledged":true,"shards_acknowledged":true,"index":"mytest_index"}Step 3: Install and Configure Kibana
Download and install Kibana from added Elasticsearch repository.
sudo yum -y install kibanaAfter a successful installation, configure Kibana:
$ sudo vim /etc/kibana/kibana.yml
server.host: "0.0.0.0"
server.name: "kibana.example.com"
elasticsearch.url: "http://localhost:9200"Change other settings as desired then start kibana service:
sudo systemctl enable --now kibanaAccess http://ip-address:5601 to open Kibana Dashboard:
If you have an active firewall service, allow TCP port 5601
sudo firewall-cmd --add-port=5601/tcp --permanent
sudo firewall-cmd --reloadStep 4: Install and Configure Logstash
The last installation is for Logstash. It will act as a centralized logs server for your client systems which runs an agent like filebeat.
sudo yum -y install logstashLogstash custom configurations can be placed under /etc/logstash/conf.d/
Step 5: Install other ELK tools – Bonus
Other ELK tools that can be installed include:
- Filebeat: Lightweight Shipper for Logs. It helps you keep the simple things simple by offering a lightweight way to forward and centralize logs and files
- Metricbeat: Collect metrics from your systems and services. From CPU to memory, Redis to NGINX, and much more, Metricbeat is a lightweight way to send system and service statistics.
- Packetbeat: Lightweight Shipper for Network Data
- Heartbeat: Lightweight Shipper for Uptime Monitoring. It helps you monitor services for their availability with active probing
- Auditbeat: Lightweight shipper that helps you audit the activities of users and processes on your systems
These tools can be installed yum
sudo yum install filebeat auditbeat metricbeat packetbeat heartbeat-elasticRefer to official ELK stack documentation for each tool configuration. You can also learn online on Resources and Training page by watching videos.
