1080*80 ad
Home » Blog » Install Elastic Stack 7 on Ubuntu/Debian

Install Elastic Stack 7 on Ubuntu/Debian

Benhcmark Administrator Benhcmark Administrator
06/09/2025
0 Views 0
Install Elastic Stack 7 on Ubuntu/Debian

A Step-by-Step Guide to Installing the Elastic Stack on Ubuntu & Debian

The Elastic Stack—comprised of Elasticsearch, Kibana, Logstash, and Beats—is a powerful open-source platform for searching, analyzing, and visualizing data in real-time. Whether you’re managing server logs, monitoring application performance, or analyzing business metrics, deploying the Elastic Stack is a crucial first step.

This comprehensive guide will walk you through the complete installation and configuration of the core components (Elasticsearch, Kibana, and Logstash) on modern Ubuntu and Debian systems.

Prerequisites

Before we begin, ensure you have the following:

  • A server running a recent version of Ubuntu (e.g., 20.04, 22.04) or Debian (e.g., 10, 11).
  • Access to a user account with sudo privileges.
  • At least 4GB of RAM is recommended for a smooth experience.

The Elastic Stack is built on Java, so the first step is to install the Java Development Kit (JDK). We’ll use OpenJDK, which is readily available in the default repositories.

sudo apt update
sudo apt install default-jdk -y

You can verify the installation by checking the Java version:

java -version

Step 1: Add the Official Elastic Repository

To ensure we install trusted and up-to-date versions, we’ll add the official Elastic repository to our system. This process involves importing the Elastic GPG key and adding the repository source list.

First, import the GPG key to authenticate the packages:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

Next, add the repository definition. This command is suitable for both Debian and Ubuntu:

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Finally, update your package lists to include the new Elastic repository:

sudo apt update

Step 2: Install and Configure Elasticsearch

Elasticsearch is the heart of the stack—a distributed search and analytics engine. Now that the repository is configured, installation is straightforward.

Install the Elasticsearch package:

sudo apt install elasticsearch -y

Configure Elasticsearch:

The primary configuration file is located at /etc/elasticsearch/elasticsearch.yml. For a basic, single-node setup, you need to make a few important changes. Open the file with a text editor like nano:

sudo nano /etc/elasticsearch/elasticsearch.yml

  1. Network Host: To allow access from outside the server (e.g., from Kibana), uncomment and change network.host. Setting it to 0.0.0.0 binds it to all network interfaces. For better security, you can set this to your server’s private IP address.
    network.host: 0.0.0.0

  2. Discovery Type: Since we are setting up a single node, specify this to avoid discovery errors.
    discovery.type: single-node

Save the file and exit the editor.

Start and Enable the Elasticsearch Service:

Now, start the service and configure it to launch automatically on boot.

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Verify the Installation:

Give the service a minute to start up, then test it by sending an HTTP request to port 9200.

curl -X GET "localhost:9200"

You should see a JSON response with details about your new Elasticsearch node, including the version number and a tagline.

Step 3: Install and Configure Kibana

Kibana is the visualization layer of the stack, providing a web interface to explore and visualize your Elasticsearch data.

Install the Kibana package:

sudo apt install kibana -y

Configure Kibana:

The main configuration file is /etc/kibana/kibana.yml. Let’s edit it to connect to Elasticsearch and make it accessible.

sudo nano /etc/kibana/kibana.yml

  1. Server Host: To access the Kibana dashboard from your browser, uncomment and change server.host to 0.0.0.0.
    server.host: "0.0.0.0"

  2. Elasticsearch Hosts: Ensure Kibana knows where to find your Elasticsearch instance. By default, it’s set to localhost:9200, which is correct for our single-server setup.
    elasticsearch.hosts: ["http://localhost:9200"]

Save the file and exit.

Start and Enable the Kibana Service:

sudo systemctl start kibana
sudo systemctl enable kibana

You can now access the Kibana web interface by navigating to http://your_server_ip:5601 in your web browser.

Step 4: Install and Configure Logstash

Logstash is a server-side data processing pipeline that ingests data from multiple sources, transforms it, and then sends it to a “stash” like Elasticsearch.

Install the Logstash package:

sudo apt install logstash -y

Configure Logstash:

Logstash configuration files are located in /etc/logstash/conf.d/. We will create a simple configuration to read system log messages (syslog) as input and send them to our Elasticsearch instance as output.

Create a new configuration file:

sudo nano /etc/logstash/conf.d/02-syslog.conf

Paste the following configuration into the file. This defines a pipeline with an input (syslog), a filter (grok to parse the messages), and an output (Elasticsearch).

input {
  syslog {
    port => 514
    type => "syslog"
  }
}

filter {
  grok {
    match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
  }
}

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
  }
}

Save and close the file.

Start and Enable the Logstash Service:

sudo systemctl start logstash
sudo systemctl enable logstash

Logstash will now listen for syslog data and automatically forward it to Elasticsearch, where it will be indexed and made available for searching in Kibana.

Essential Security Best Practices

A default installation of the Elastic Stack is not secure. It is critical to secure your deployment before sending sensitive data to it.

  1. Configure a Firewall: Use a firewall like UFW (Uncomplicated Firewall) to restrict access to your server. Only allow traffic on necessary ports.

    sudo ufw allow ssh          # Port 22 for server access
sudo ufw allow 5601/tcp     # Kibana Web UI
sudo ufw allow 9200/tcp     # Elasticsearch (restrict this to trusted IPs)
sudo ufw enable

  2. Enable Built-in Security: The Elastic Stack includes free, built-in security features for authentication and encryption. To enable them, add the following line to /etc/elasticsearch/elasticsearch.yml:
    xpack.security.enabled: true

    After restarting Elasticsearch, run the password setup tool to create passwords for built-in users:
    /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

    You will then need to update your Kibana and Logstash configuration files with the new credentials.

  3. Use TLS Encryption: For production environments, configure TLS/SSL to encrypt all communication between the components of the stack and between clients and the stack. This prevents data from being intercepted in transit.

Source: https://kifarunix.com/install-elastic-stack-7-on-ubuntu-18-04-debian-9-8/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket