1080*80 ad
Home » Blog » Install ELK Stack 8.x on Ubuntu

Install ELK Stack 8.x on Ubuntu

Benhcmark Administrator Benhcmark Administrator
16/08/2025
0 Views 0
Install ELK Stack 8.x on Ubuntu

A Comprehensive Guide to Installing the ELK Stack 8.x on Ubuntu

In the world of data management and observability, the ELK Stack is a powerhouse. Comprised of Elasticsearch, Logstash, and Kibana, this trio provides a robust, scalable solution for centralized logging, data analysis, and real-time visualization. Whether you’re managing application logs, security events, or business metrics, mastering the ELK Stack is an invaluable skill.

This guide provides a detailed, step-by-step walkthrough for installing and configuring the latest version of the ELK Stack (version 8.x) on an Ubuntu server. We will cover the installation of each component and the essential initial configurations to create a functional, single-node cluster.

What is the ELK Stack?

Before we begin, let’s briefly define the role of each component:

  • Elasticsearch: A distributed search and analytics engine at the heart of the stack. It stores your data and provides fast, scalable search capabilities.
  • Logstash: A server-side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch.
  • Kibana: The visualization layer. It provides a web-based user interface for exploring, visualizing, and discovering insights from your data in Elasticsearch.

Prerequisites

To successfully complete this installation, you will need:

  • An Ubuntu 22.04 or 20.04 server.
  • A non-root user with sudo privileges.
  • At least 4GB of RAM. Elasticsearch is memory-intensive, and running it with less can lead to performance issues. 8GB or more is recommended for production environments.
  • Access to the command line/terminal.

Step 1: Install and Configure Elasticsearch

Elasticsearch is the foundation of our stack, so we’ll install it first. The installation process involves adding the official Elastic repository to our system.

1. Add the Elastic Repository GPG Key

First, import the Public GPG key for Elastic to ensure the software packages are authentic.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

2. Add the Elastic Repository

Next, add the repository definition to your system’s sources list.

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

3. Install the Elasticsearch Package

Now, update your package lists and install Elasticsearch.

sudo apt update
sudo apt install elasticsearch

4. Configure Elasticsearch

For a single-node setup, it’s crucial to make a few configuration changes. Open the primary configuration file with a text editor like nano.

sudo nano /etc/elasticsearch/elasticsearch.yml

Find the following lines and make these adjustments:

  • Set the discovery type: To prevent the node from trying to find other nodes, set it to single-node. This is essential for a standalone installation.
    yaml
    discovery.type: single-node
  • Configure network host (Security Tip): By default, Elasticsearch binds to localhost only. For initial setup and security, it is highly recommended to leave this setting as is. If you need to access it from other machines, you would change network.host, but this should only be done after implementing proper security measures like a firewall and user authentication.

Save and close the file.

5. Start and Enable the Elasticsearch Service

Now, start the Elasticsearch service and enable it to launch on boot.

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Elasticsearch can take a minute to start. You can check its status with sudo systemctl status elasticsearch.

Important: Retrieve Your Superuser Password

A major feature of ELK Stack 8.x is built-in security, enabled by default. When Elasticsearch starts for the first time, it generates a password for the elastic superuser. You will need this password for everything.

Retrieve the password by running the following command:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

Save this password in a secure location. You will need it to configure Kibana and Logstash.

Step 2: Install and Configure Kibana

With Elasticsearch running, we can now install Kibana to visualize our data.

1. Install the Kibana Package

Since we already have the Elastic repository configured, installation is straightforward.

sudo apt install kibana

2. Configure Kibana

Open the Kibana configuration file.

sudo nano /etc/kibana/kibana.yml

You need to make sure Kibana can be accessed from your browser. Find and uncomment the following lines:

  • Set the server port: The default port is 5601.
    yaml
    server.port: 5601
  • Set the server host: To access Kibana from your network, set the host to 0.0.0.0. For security, if you only need to access it from the server itself (e.g., via an SSH tunnel), you can use localhost.
    yaml
    server.host: "0.0.0.0"

Save and close the file.

3. Start and Enable the Kibana Service

sudo systemctl start kibana
sudo systemctl enable kibana

4. Accessing Kibana and Initial Setup

When you first start Kibana, it needs to be connected to the Elasticsearch cluster. The setup process is secured with an enrollment token.

Generate a Kibana enrollment token from your server terminal by running:

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Copy the generated token. It is only valid for 30 minutes.

Now, open your web browser and navigate to http://your_server_ip:5601.

  • You will be prompted to enter the enrollment token you just copied.
  • Next, you will be asked to log in. Use the username elastic and the password you saved from the Elasticsearch setup step.

Once logged in, you have successfully set up Kibana.

Step 3: Install and Configure Logstash

The final piece of the stack is Logstash, which will process and forward data into Elasticsearch.

1. Install the Logstash Package

sudo apt install logstash

2. Configure a Basic Logstash Pipeline

Logstash’s power comes from its configuration files, which define the data pipeline. We will create a simple configuration to accept syslog data, process it, and send it to Elasticsearch.

Create a new configuration file:

sudo nano /etc/logstash/conf.d/02-syslog-pipeline.conf

Paste the following configuration into the file. This defines an input, a filter, and an output.

input {
  tcp {
    port => 5044
    type => syslog
  }
  udp {
    port => 5044
    type => syslog
  }
}

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
    }
  }
}

output {
  elasticsearch {
    hosts => ["https://localhost:9200"]
    user => "elastic"
    password => "YOUR_ELASTIC_PASSWORD"
    ssl_certificate_authorities => ["/etc/elasticsearch/certs/http_ca.crt"]
  }
}

Important:

  • Replace YOUR_ELASTIC_PASSWORD with the actual password you saved for the elastic user.
  • This configuration uses the default self-signed SSL certificate created by Elasticsearch for secure communication.

Save and close the file.

3. Start and Enable the Logstash Service

sudo systemctl start logstash
sudo systemctl enable logstash

Logstash may take a moment to initialize as it loads the JVM. You can check its status with sudo systemctl status logstash.

Conclusion and Next Steps

You have now successfully installed and configured a complete ELK Stack 8.x on your Ubuntu server. Elasticsearch is storing data, Kibana is ready for visualization, and Logstash is listening for data to process.

Actionable Security Tips:

  • Configure a Firewall: Use ufw (Uncomplicated Firewall) to restrict access to essential ports. Only allow access to Kibana’s port 5601 from trusted IP addresses.
  • Set up HTTPS: For production environments, configure a reverse proxy like Nginx in front of Kibana to enable HTTPS/TLS encryption.
  • Use Role-Based Access Control (RBAC): Explore Kibana’s security features to create new users with limited permissions instead of only using the elastic superuser.

From here, you can start sending data from your applications and services to Logstash or by using Elastic Beats—lightweight data shippers that are often the next component to add to your observability platform.

Source: https://kifarunix.com/install-elk-stack-8-x-on-ubuntu/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket