ELK installation

Setting Up Elasticsearch, Kibana, and Fleet Server on Ubuntu (Step-by-Step Guide)

This guide walks through setting up a full Elastic Stack (Elasticsearch, Kibana, and Fleet Server) on a single Ubuntu server using DEB packages. This setup is ideal for local testing or small deployments.

Prerequisites

• Clean Ubuntu 20.04 or later

• Terminal command knowledge

• Root or sudo privileges

---

Step 1: Install Elasticsearch

1.1 Add Elasticsearch’s GPG Key

Ensure the downloaded packages are legitimate by adding the official GPG key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

1.2 Add Elasticsearch’s Repository

Add Elastic Stack's repository to your system:

sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" > /etc/apt/sources.list.d/elastic-8.x.list'

1.3 Install Elasticsearch

Update your package list and install Elasticsearch:

sudo apt update
sudo apt install elasticsearch

During installation, note the password for the built-in elastic superuser account and the command to start Elasticsearch.

1.4 Run Elasticsearch as a Service

Reload the system daemon and enable Elasticsearch to run as a service:

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service

1.5 Configure Elasticsearch

To allow external connections, modify the Elasticsearch config file:

sudo nano /etc/elasticsearch/elasticsearch.yml

Uncomment and update these lines:

network.host: 192.168.1.1   # Use your server's IP
transport.host: 0.0.0.0

1.6 Start Elasticsearch

Start the Elasticsearch service:

sudo systemctl start elasticsearch.service

Verify Elasticsearch is running:

sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200

Replace $ELASTIC_PASSWORD with the password from the install output.

Check Elasticsearch service status:

sudo systemctl status elasticsearch

---

Step 2: Install Kibana

2.1 Install Kibana

Install Kibana from the Elastic repository:

sudo apt install kibana

Generate an enrollment token for Kibana:

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

2.2 Configure Kibana

Edit the Kibana configuration to point it to your Elasticsearch instance:

sudo nano /etc/kibana/kibana.yml

Update the following with your server's IP:

server.host: 192.168.1.1

2.3 Start and Enable Kibana

Enable and start Kibana:

sudo systemctl daemon-reload
sudo systemctl enable kibana.service
sudo systemctl start kibana.service

Kibana will be accessible at http://your_server_ip:5601.

Check Kibana status:

sudo systemctl status kibana

When Kibana starts, a URL with a 6-digit code will be generated. Open the URL, paste the enrollment token, and log in with the elastic user credentials from the Elasticsearch installation.

---

Step 3: Secure Elasticsearch and Kibana

3.1 Set Up Built-in Users

Set passwords for the built-in users (elastic, kibana_system, etc.):

sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

Follow the prompts and note the passwords for future use.

3.2 Update Kibana with the Kibana System User Password

Edit the Kibana configuration to include the kibana_system user password:

sudo nano /etc/kibana/kibana.yml

Add:

elasticsearch.username: "kibana_system"
elasticsearch.password: "your_kibana_system_password"

Restart Kibana:

sudo systemctl restart kibana

---

Step 4: Install and Set Up Fleet Server

4.1 Install Elastic Agent

Download and install the Elastic Agent:

wget https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-amd64.deb
sudo dpkg -i elastic-agent-8.15.1-amd64.deb

4.2 Generate a Fleet Enrollment Token

In Kibana, go to Fleet > Agents and click Add agent. Choose the option to run Fleet Server on the host and generate a service token. Copy the token for use in the next step.

4.3 Enroll Elastic Agent as Fleet Server

Run the following command to enroll Elastic Agent as Fleet Server:

sudo elastic-agent install \
  --fleet-server-es=https://localhost:9200 \
  --fleet-server-service-token=YOUR_SERVICE_TOKEN \
  --fleet-server-policy=fleet-server-policy \
  --fleet-server-es-ca-trusted-fingerprint=YOUR_FLEET_SERVER_CA_FINGERPRINT

Replace YOUR_SERVICE_TOKEN with the token generated in Kibana and YOUR_FLEET_SERVER_CA_FINGERPRINT with the CA fingerprint from your Elasticsearch instance.

After enrolling, the Fleet Server will be up and running.

---

This process sets up the complete Elastic Stack (Elasticsearch, Kibana, and Fleet Server) on a single Ubuntu machine, ready for local testing or small-scale deployments.

Self-managed cluster | Elastic Docswww.elastic.co