How to Install ELK Stack on Ubuntu 16.04

How to Install ELK Stack on Ubuntu 16.04
installing elk stack on ubuntu 16.04

Today we will cover a tutorial on how to install and configure the ELK Stack on Ubuntu 16.04. ELK stands for Elasticsearch, Logstash, and Kibana and is a robust open source solution for searching, analyzing and visualizing data. Elasticsearch is a distributed, RESTful search and analytics engine based on Lucene, Logstash is a data processing pipeline for managing events and logs and Kibana is a web application for visualizing data in Elasticsearch. This ELK Stack tutorial should work on other Linux VPS systems as well but it was tested and written for an Ubuntu 16.04 VPS. Installing ELK Stack on Ubuntu 16.04 is an easy task, just follow the steps below, and you should have it installed in less than 15 minutes.

1. Requirements

For this tutorial to work, there are a couple of requirements:

If you get a VPS from us, we’ll do all of this for you for free.

2. Update the system and install necessary packages

sudo apt update && apt -y upgrade
sudo apt install apt-transport-https software-properties-common wget

Make sure to always update the software on your Linux VPS or set up automatic updates.

3. Install Oracle Java JDK via PPA

We will use the PPA repository maintained by the Webupd8 Team. The install script will ask you to accept the license agreement and it will download the Java archive file from the Oracle download page and set everything up for you.

To add the Webupd8 Team PPA repository, run the following commands on your server:

sudo add-apt-repository ppa:webupd8team/java
sudo apt update

You can now install JDK8 with the following command:

sudo apt install oracle-java8-installer

To check if everything is set correctly, run:

java -version

and you should see something like the following:

java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

4. Install and configure Elasticsearch

We will install Elasticsearch using the package manager from the Elastic repository.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
sudo apt update
sudo apt install elasticsearch

Once the installation is completed, open the elasticsearch.yml file and restrict the remote access to the Elasticsearch instance:

sudo nano /etc/elasticsearch/elasticsearch.yml
network.host: localhost

Start the Elasticsearch service and set it to automatically start on boot:

sudo systemctl restart elasticsearch
sudo systemctl enable elasticsearch

5. Install and configure Kibana

Same as Elasticsearch, we will install Kibana using the package manager from the Elastic repository.

sudo apt install kibana

Once the installation is completed, open the kibana.yml file and restrict the remote access to the Kibana instance:

sudo nano /etc/kibana/kibana.yml
server.host: "localhost"
Start the Elasticsearch service and set it to start automatically on boot:
sudo systemctl restart kibana
sudo systemctl enable kibana

Kibana will now run on localhost on port 5601

6. Install and configure Nginx as a reverse proxy

We will use Nginx as a reverse proxy to access Kibana from the public IP address. To install Nginx, run:

sudo apt-get install nginx

Create a basic authentication file with the OpenSSL command:

echo "admin:$(openssl passwd -apr1 YourStrongPassword)" | sudo tee -a /etc/nginx/htpasswd.kibana

Note: always use a strong password.

Generate a self-signed SSL certificate:

Delete the default nginx virtual host:

sudo rm /etc/nginx/sites-enabled/default

and create a virtual host configuration file for our Kibana instance:

sudo nano /etc/nginx/sites-available/kibana
server {
    listen 80 default_server;
    server_name _;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 default_server ssl http2;
 
    server_name _;
 
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    ssl_session_cache shared:SSL:10m;
 
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.kibana;
 
    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Activate the server block by creating a symbolic link:

Need a fast and easy fix?
✔ Unlimited Managed Support
✔ Supports Your Software
✔ 2 CPU Cores
✔ 2 GB RAM
✔ 50 GB PCIe4 NVMe Disk
✔ 1854 GeekBench Score
✔ Unmetered Data Transfer
NVME 2 VPS

Now just $43 .99
/mo

GET YOUR VPS
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana

Test the Nginx configuration and restart nginx:

sudo nginx -t
sudo service nginx restart

7. Install Logstash

The final step is to install Logstash using the package manager from the Elastic repository.

sudo apt install logstash

The Logstash configuration depends on your personal preferences and the plugins you will use.

That’s it. You have successfully installed the ELK Stack on your Ubuntu 16.04 VPS.

Follow this guide on how to Install ELK stack on Ubuntu 20.04


install-elk-stack-on-ubuntu

Of course, you don’t have to Install and Configure the ELK Stack on Ubuntu 16.04, if you use one of our Managed VPS Hosting services, in which case you can simply ask our expert Linux admins to install the ELK stack for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.

 

13 thoughts on “How to Install ELK Stack on Ubuntu 16.04”

  1. Is it possible to get an article about the basic usage of an ELK stack? I thi k the installation is the easy part compared to the configuration. The needs are of course unique per environment but at least the first steps in configuration should be quite similar in every envirinment.

    Reply
    • Thank you for the suggestion. Although the configuration can be different in every environment, we’ll still try to do a more general tutorial. Stay tuned. In the meantime, you can check their official documentation for more instructions.

      Reply
  2. Yeah this,tutorial was by fay the most simplest and fastest one i have found to date, however as mentioned by the previous user a config tutorial would be helpfull too
    .

    Reply
  3. Thanks for this tutorial.

    It seems the part about generating a self-signed ssl certificate went missing.

    Can You complete that?

    Thanks again

    Reply
  4. Hi,
    Very nice tutorial. Why is there “localhost” in kibana.yml but localhost without quotes in elasticsearch.yml? Is it correct?

    Reply
  5. Hello. Nice tutorial but in order to generate the certificate in the format that you enter in the nginx configuration file (pem format), the link you provided is not enough. I don’t know enough about the subject but apparently in the link you provided the certificate is generated in two parts: crt and key. Maybe some kind of conversion is required (in order to produce the pem format) or you would need to modify the instructions you provided.
    Any thoughts/suggestions?
    Thanks,
    Yannis.

    Reply
    • To convert the .crt to .pem you can try using the following command:

      openssl x509 -in certificate.crt -out certificate.pem -outform PEM

      Thanks.

      Reply
  6. Thanks for the great tutorial!
    I followed ur tutorial and able to install ELK stack in my ubuntu 18.04 system.
    As elastic run on default port 9200 when I try localhost:9200 it is showing me the last date which I have installed.
    Note: Before I follow this tutorial I do installed ELK stack on my system and also worked with that. The thing is I uninstalled ELk stack from my system then followed your tutorial I am able to view kibana but for elastic it is by default showing me the old one which I have installed earlier. now I am not able to get the data from the elastic when I try to configure it through kibana.
    can you help me out what to do now it will be very grateful!
    Thank you

    Reply

Leave a Comment