Sunday, November 13, 2016

How to install ELK 5.0 (Elastic Stack) on Oracle Enterprise Linux




 

This document explains how to install Elasticsearch, Logstash and Kibana on same host. I am using the latest stable version (version 5.0) for all three. There are multiple options to install ELK. I have downloaded rpm for all three components and installed it using yum.


ELK Stack aka Elastic Stack


The ELK Stack
Logstash agents running on remote hosts collect logs and forward them to a central server for further processing using Filters. Filters are used to convert  unstructured log data to structured format. And the output is saved into Elasticsearch. Elasticsearch is a text indexer and search engine. Searches are very fast as they are performed on the index. Elastic search will index the data coming in from Logstash and later make it available for search using the powerful query language.  Kibana is the web interface for Elastic stack. It enables data visualization, search and dash-boarding. Kibana supports add-on functionalities via plugin model. Kibana supports search using the Apache Lucene query syntax.



Download / Install latest Oracle jdk rpm









Install jdk


# yum -y localinstall jdk-8u111-linux-x64.rpm



Sample output

Loaded plugins: aliases, changelog, downloadonly, kabi, presto, refresh-packagekit, security, tmprepo, verify, versionlock
Loading support for kernel ABI
Setting up Local Package Process
Examining jdk-8u111-linux-x64.rpm: 2000:jdk1.8.0_111-1.8.0_111-fcs.x86_64
Marking jdk-8u111-linux-x64.rpm to be installed
oel6_addons                                                                                                           | 1.2 kB     00:00
oel6_addons/primary                                                                                                   | 128 kB     00:00
oel6_addons                                                                                                                          410/410
ol6_UEK_latest                                                                                                        | 1.2 kB     00:00
ol6_UEK_latest/primary                                                                                                |  28 MB     00:09
ol6_UEK_latest                                                                                                                       603/603
ol6_latest                                                                                                            | 1.4 kB     00:00
ol6_latest/primary                                                                                                    |  60 MB     00:20
ol6_latest                                                                                                                       36584/36584
Resolving Dependencies
--> Running transaction check
---> Package jdk1.8.0_111.x86_64 2000:1.8.0_111-fcs will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================
 Package                        Arch                     Version                                Repository                              Size
=============================================================================================================================================
Installing:
 jdk1.8.0_111                   x86_64                   2000:1.8.0_111-fcs                     /jdk-8u111-linux-x64                   258 M

Transaction Summary
=============================================================================================================================================
Install       1 Package(s)

Total size: 258 M
Installed size: 258 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows:
openssl098e-0.9.8e-18.0.1.el6_5.2.x86_64 is a duplicate with openssl098e-0.9.8e-17.0.1.el6_2.2.i686
  Installing : 2000:jdk1.8.0_111-1.8.0_111-fcs.x86_64                                                                                    1/1
Unpacking JAR files...
        tools.jar...
        plugin.jar...
        javaws.jar...
        deploy.jar...
        rt.jar...
        jsse.jar...
        charsets.jar...
        localedata.jar...
  Verifying  : 2000:jdk1.8.0_111-1.8.0_111-fcs.x86_64                                                                                    1/1

Installed:
  jdk1.8.0_111.x86_64 2000:1.8.0_111-fcs

Complete!

Check installation location:


By default jdk is installed under /usr/java/jdk1.8.0_111

We need this location to update Logstash config file.

Install ElasticSearch


Download latest version of elastic search from https://www.elastic.co/downloads/elasticsearch

I have downloaded version 5.0.0 (elasticsearch-5.0.0.rpm)

#  yum -y localinstall elasticsearch-5.0.0.rpm


Loaded plugins: aliases, changelog, downloadonly, kabi, presto, refresh-packagekit, security, tmprepo, verify, versionlock
Loading support for kernel ABI
Setting up Local Package Process
Examining elasticsearch-5.0.0.rpm: elasticsearch-5.0.0-1.noarch
Marking elasticsearch-5.0.0.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package elasticsearch.noarch 0:5.0.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================
 Package                            Arch                        Version                      Repository                                 Size
=============================================================================================================================================
Installing:
 elasticsearch                      noarch                      5.0.0-1                      /elasticsearch-5.0.0                       35 M

Transaction Summary
=============================================================================================================================================
Install       1 Package(s)

Total size: 35 M
Installed size: 35 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : elasticsearch-5.0.0-1.noarch                                                                                              1/1
Creating elasticsearch group... OK
Creating elasticsearch user... OK
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using chkconfig
 sudo chkconfig --add elasticsearch
### You can start elasticsearch service by executing
 sudo service elasticsearch start
  Verifying  : elasticsearch-5.0.0-1.noarch                                                                                              1/1

Installed:
  elasticsearch.noarch 0:5.0.0-1

Complete!

Start elastic search


Elasticsearch config file is at /etc/elasticsearch/elasticsearch.yml



cd /etc/init.d

[root@host init.d]# ./elasticsearch start
Starting elasticsearch:                                    [  OK  ]

[root@host init.d]# ./elasticsearch status
elasticsearch (pid  21985) is running...


Check status of elasticsearch


ElasticSearch runs on port 9200 by default.

Connect to http://localhost:9200/

Sample output:

{
  "name" : "arB5Gic",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "zjTZpHcUTRqBFQj6ZpFR6g",
  "version" : {
    "number" : "5.0.0",
    "build_hash" : "253032b",
    "build_date" : "2016-10-26T04:37:51.531Z",
    "build_snapshot" : false,
    "lucene_version" : "6.2.0"
  },
  "tagline" : "You Know, for Search"
}


Install Kibana


# yum -y localinstall kibana-5.0.0-x86_64.rpm

Loaded plugins: aliases, changelog, downloadonly, kabi, presto, refresh-packagekit, security, tmprepo, verify, versionlock
Loading support for kernel ABI
Setting up Local Package Process
Examining kibana-5.0.0-x86_64.rpm: kibana-5.0.0-1.x86_64
Marking kibana-5.0.0-x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package kibana.x86_64 0:5.0.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================
 Package                      Arch                         Version                          Repository                                  Size
=============================================================================================================================================
Installing:
 kibana                       x86_64                       5.0.0-1                          /kibana-5.0.0-x86_64                       140 M

Transaction Summary
=============================================================================================================================================
Install       1 Package(s)

Total size: 140 M
Installed size: 140 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : kibana-5.0.0-1.x86_64                                                                                                     1/1
  Verifying  : kibana-5.0.0-1.x86_64                                                                                                     1/1

Installed:
  kibana.x86_64 0:5.0.0-1

Complete!

Start Kibana

By default Kibana connects to the Elasticsearch instance running on same host.
So we can just start Kibana.
Kibana configuration file is at  /etc/kibana/kibana.yml

cd /etc/init.d

./kibana start
kibana started

[root@host init.d]# ./kibana status
kibana is running


Check status of Kibana



Access localhost:5601 from browser. You should see below screen.







 Install Logstash


I have downloaded logstash-5.0.0.rpm and installed it using yum.


 yum -y localinstall logstash-5.0.0.rpm


Loaded plugins: aliases, changelog, downloadonly, kabi, presto, refresh-packagekit, security, tmprepo, verify, versionlock
Loading support for kernel ABI
Setting up Local Package Process
Examining logstash-5.0.0.rpm: 1:logstash-5.0.0-1.noarch
Marking logstash-5.0.0.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package logstash.noarch 1:5.0.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================
 Package                         Arch                          Version                          Repository                              Size
=============================================================================================================================================
Installing:
 logstash                        noarch                        1:5.0.0-1                        /logstash-5.0.0                        189 M

Transaction Summary
=============================================================================================================================================
Install       1 Package(s)

Total size: 189 M
Installed size: 189 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 1:logstash-5.0.0-1.noarch                                                                                                 1/1
Using provided startup.options file: /etc/logstash/startup.options
Successfully created system startup script for Logstash
  Verifying  : 1:logstash-5.0.0-1.noarch                                                                                                 1/1

Installed:
  logstash.noarch 1:5.0.0-1

Complete!


Start logstash

Somehow the /etc/init.d/logstash was not present after install. Looks like system-install script didn't get executed at the end of the rpm installation. So I ran it manually.

Check /etc/logstash/startup.options to see where its installed. 
In my host LS_HOME in /etc/logstash/startup.option points to /usr/share/logstash

Run system-install script manually


I have installed it manually using system-install script. Before that modified /etc/logstash/startup.options to set the correct path to JDK 1.8

I have changed jdk location to below
# Override Java location
#JAVACMD=/usr/bin/java
JAVACMD=/usr/java/jdk1.8.0_111/bin/java

 /usr/share/logstash/bin/system-install /etc/logstash/startup.options
Using provided startup.options file: /etc/logstash/startup.options
Sending all logs to /tmp/tmp.ADeV3QdriK
Successfully created system startup script for Logstash


#cd /etc/init.d

# ./logstash start
logstash started

[root@host init.d]# ./logstash status
logstash is running


Stop all three

./logstash status
./kibana stop
./elasticsearch stop


  Install x-pack plugin

 
 Refer https://www.elastic.co/start

Download  x-pack-5.0.0.zip and use the offline installation option.
I have downloaded latest version from https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.0.0.zip

This zip file contains Elasticsearch and Kibana plugin.

# cd /usr/share/elasticsearch/bin
 # ./elasticsearch-plugin install file:///scratch/softwares/elk/x-pack-5.0.0.zip


-> Downloading file:///scratch/softwares/elk/x-pack-5.0.0.zip
[=================================================] 100% Â
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission sun.nio.ch.bugLevel write
* javax.net.ssl.SSLPermission setHostnameVerifier
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
-> Installed x-pack

Now install Kibana plugin

# cd /usr/share/kibana/bin
# ./kibana-plugin install file:///scratch/rkuriako/softwares/elk/x-pack-5.0.0.zip

Attempting to transfer from file:///scratch/rkuriako/softwares/elk/x-pack-5.0.0.zip
Transferring 72364732 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete

Refer xpack docs for more deails.


X-Pack security provides a built-in elastic superuser.
This elastic user has full access to the cluster, including all indices and data.
The default password for the elastic user is changeme.

Start Elasticsearch and Kibana


[root@host bin]# cd /etc/init.d/
[root@host init.d]# ./elasticsearch start
Starting elasticsearch:                                    [  OK  ]
[root@host init.d]# ./kibana start
kibana started

Navigate to http://localhost:5601/

Kibana Login



X-Pack Home Page








Posted by at 1 comment:
Labels: ,
Subscribe to: Posts (Atom)