Setting up an ELK Stack on AWS

ELK Stack – this was a new term to me before I undertook this process, it seems overwhelming the first time you take on a new task.

ELK stands for Elasticsearch, Logstash and Kibana. Elasticsearch is a NoSQL database that allows NRT (near real time) queries. Kibana offers a nice interactive interface for analyzing data contained in the Elasticsearch data. Logstash is the intermediary between Elasticsearch and Kibana.

ELK has a large open source community, making this set of utilities quite popular. There are plenty of guides out there and the documentation is helpful. This article will not cover using an ELK stack in a production evironment, we will be setting up a test stack and getting familiar with the process. However, to set up an ELK stack for a production environment would not need too much changing of this process.


Getting Started:

Every component of our ELK stack requires Java. Let’s get busy and start setting up java on an Ubuntu AWS instance via SSH and shell commands. Make sure you have root access: sudo su

Installing Java:

  1. apt-get update
  2. apt-get upgrade
  3. apt-get install openjdk-7-jre-headless

Installing Elasticsearch:

  1. wget qO | sudo aptkey add
  2. echo “deb stable main” | sudo tee a /etc/apt/sources.list.d/elasticsearch1.7.list
  3. apt-get update
  4. apt-get install elasticsearch
  5. service elasticsearch restart

Installing Logstash:

  1. echo “deb stable main” | sudo tee a /etc/apt/sources.list
  2. apt-get update
  3. apt-get install logstash
  4. service logstash start

Create config file for logstash:

vi /etc/logstash/conf.d/10-syslog.conf

  1. input {
  2. file {
  3. type => “syslog”
  4. path => [ “/var/log/messages”, “/var/log/*.log” ]
  5. }
  6. }
  7. output {
  8. stdout {
  9. codec => rubydebug
  10. }
  11. elasticsearch {
  12. host => “localhost” # Use the internal IP of your Elasticsearch server
  13. # for production
  14. }
  15. }
  16. :wq

service logstash restart

Kibana Installation:

  1. wget
  2. tar -xzf kibana-4.1.1-linux-x64.tar.gz
  3. cd /kibana-4.1.1-linux-x64/
  4. mkdir -p /opt/kibana
  5. mv kibana-4.1.1-linux-x64/* /opt/kibana
  6. cd /etc/init.d && sudo wget O kibana4
  7. chmod +x /etc/init.d/kabana4
  8. service kibana4 start

Testing our installs:

Point your browser to ‘http://YOUR_ELASTIC_IP:5601’ after Kibana is started


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s