Joseph Jude

Technology, Psychology, and Story Telling

Installing Logstash, ElasticSearch & Kibana on a Vagrant Box

Posted: Tags: code,elk,devops

Logtash + ElasticSearch + Kibana, awkwardly abbreviated as ELK, is a powerful combination of tools to collect, analyse and visualise events and logs. Below are my notes in installing these tools on a CentOS vagrant box.

Note: For creating a CentOS box on Vagrant, refer my earlier post

1. Install Tools

ELK tools are not available in the default repositories. So first add them.

sudo rpm --import http://packages.elasticsearch.org/GPG-KEY-elasticsearch
sudo vi /etc/yum.repos.d/elasticsearch.repo

add the below lines to the file:

[elasticsearch-1.0]
name=Elasticsearch repository for 1.2.x packages
baseurl=http://packages.elasticsearch.org/elasticsearch/1.2/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1

On to Logstash. Add the repo:

sudo vi /etc/yum.repos.d/logstash.repo

add these lines to the file:

[logstash-1.4]
name=logstash repository for 1.4.x packages
baseurl=http://packages.elasticsearch.org/logstash/1.4/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1

Kibanna needs a web server. So install Nginx:

sudo vi /etc/yum.repos.d/nginx.repo

add these lines to the file

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Now install Elasticsearch, Logstash and Nginx.

sudo yum -y install elasticsearch nginx logstash

Install Kibanna before tying all the tools to work together.

wget https://download.elasticsearch.org/kibana/kibana/kibana-3.1.0.tar.gz
tar -xvzf kibana-3.1.0.tar.gz

sudo cp -R kibana-3.1.0/ /usr/share/kibana

This will be the web server directory for nginx. Now configure nginx to look for files in this directory.

sudo vi /etc/nginx/conf.d/default.conf

The config file has to be similar to this. It says, the web server will serve at 8080 and the files from /usr/share/kibana will be served under root.

server {
    listen       8080;
    server_name  localhost;

    location / {
        root   /usr/share/kibana;
        index  index.html index.htm;
    }
}

2. Start Services & Verify

sudo service elasticsearch start
sudo service nginx start

By default elasticsearch runs at 9200. Test it out:

curl http://localhost:9200

This should return something like:

{
  "status" : 200,
  "name" : "Rigellian Recorder",
  "version" : {
    "number" : "1.2.1",
    "build_hash" : "6c95b759f9e7ef0f8e17f77d850da43ce8a4b364",
    "build_timestamp" : "2014-06-03T15:02:52Z",
    "build_snapshot" : false,
    "lucene_version" : "4.8"
  },
  "tagline" : "You Know, for Search"
}

Now test nginx, which is configured to run at 8080.

curl http://localhost:8080

It should return kibana index file.

3. Access ELK from Mac

If ELK has to be accessible from the host system, in this case MacOS, the VM ports need to be forwarded to the host system. Make the below changes in the VagrantFile.

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "centos65"

   config.vm.network "forwarded_port", guest: 8080, host: 8080
   config.vm.network "forwarded_port", guest: 9200, host: 9200
 end

After making the changes, restart vagrant.

vagrant reload

Now, on the MacOS, browse to http://localhost:8080 and http://localhost:9200 to view kibana and elasticsearch.



Like the post? Retweet it. Got comments? Reply.

Comments

comments powered by Disqus