Install ELK on Ubuntu 20.04 Focal Fossa Linux

ELK is the answer to managing large amounts of log data on Ubuntu 20.04 Focal Fossa. The ELK stack combines Elasticsearch, Logstash, and Kibana, which are open source tools that work in tandem to provide you with the ability to manage log data from a convenient graphical web interface.

These three tools are developed by Elastic and specifically designed to work together. In this guide, we’ll show you the steps required to get ELK up and running on your Ubuntu 20.04 system.

In this tutorial you will learn:

  • How to install ELK dependencies
  • How to configure Nginx for Kibana
  • How to install ELK
  • how to configure and access ELK

Fully operational Kibana dashboard on Ubuntu 20.04

Fully operational Kibana dashboard on Ubuntu 20.04
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa
Software ELK, Nginx, Java, apt-transport-https, wget
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user


Installing the dependencies

Get started by installing the dependencies, which are fairly common packages anyway. Keep in mind that ELK is nginx-based, so we’ll be setting up a web server through nginx. If you already have Apache installed, you’ll need to disable it or change the port so that the two don’t conflict.

Logstash requires Java 8 or Java 11. In our examples, we’re going to install Java 11; however, you can check what’s installed on your system with this command:

$ java -version

If it’s something other than 8 or 11, you’ll need to remove it before proceeding.

Open a terminal and enter the following command to get all of the ELK dependencies installed:

$ sudo apt install openjdk-11-jre apt-transport-https wget nginx
Checking Java version and installing dependencies

Checking Java version and installing dependencies


Add the Elastic repository

Elastic has a complete repository available for Debian based systems, which includes the three pieces of the ELK stack that we’ll be installing. Follow these steps to get the repository added to your system:

  1. First, import Elastic’s GPG key:
    wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
    
  2. Next, use nano or your preferred text editor to create the following file:
    $ sudo nano /etc/apt/sources.list.d/elastic.list
    
  3. Inside that file, paste the following line, then exit and save the file:
    deb https://artifacts.elastic.co/packages/6.x/apt stable main
    
  4. Finally, you can update apt now that the repository is added:
    $ sudo apt update
    


Install Elasticsearch and Kibana

Now you’ll be able to install Elasticsearch and Kibana through apt like you would an ordinary package.

  1. Enter the following command in your terminal to install Elasticsearch and Kibana:
    $ sudo apt install elasticsearch kibana
    
  2. Next, you need to edit the Kibana configuration file to set the host server as localhost:
    $ sudo nano /etc/kibana/kibana.yml
    
  3. Inside kibana.yml, find the following line and uncomment it:
    server.host: "localhost"
    
    Uncomment the server.host line

    Uncomment the server.host line
  4. Save your changes to the configuration file and exit it. Then, restart Kibana and start up Elasticsearch:
    $ sudo systemctl restart kibana
    $ sudo systemctl start elasticsearch
    

Setting up Nginx

You will be accessing Kibana through Nginx, so we’ll need to set up a basic Nginx configuration to serve your instance of Kibana. Follow these steps to setup Nginx and put the finishing touches on Kibana.

  1. Start by creating a password for Kibana. This way, your server isn’t accessible openly on the Internet. The following line will use OpenSSL to generate the password, and place it in /etc/nginx/htpasswd.kibana. In this example, the username is set to admin and the password is set to YourPassword, but you can replace those values with anything you want:


    $ echo "admin:`openssl passwd -apr1 YourPassword`" | sudo tee -a /etc/nginx/htpasswd.kibana
    
  2. After your password has been generated, we need to create a new Nginx configuration file to serve our instance of Kibana:
    $ sudo nano /etc/nginx/sites-available/kibana
    
  3. Inside this new file, you can paste the following code:
    server {
            listen 80;
    
            server_name your-site.com;
    
            auth_basic "Restricted Access";
            auth_basic_user_file /etc/nginx/htpasswd.kibana;
    
            location / {
                proxy_pass http://localhost:5601;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;        
            }
        }


    Nginx configuration file for Kibana

    Nginx configuration file for Kibana

    Just make sure that you replace your-site.com with the hostname or IP address of your server, and then save and exit the file.

  4. Once the new configuration is saved, you need to remove the existing default config, and create a new symlink in sites-enabled for Kibana.
    $ sudo rm /etc/nginx/sites-enabled/default
    $ sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
    
  5. Lastly, restart Nginx for all of the changes to take effect:
    $ sudo systemctl restart nginx
    

Install Logstash

Now, we can finish by installing Logstash. Use the following command to install it with your package manager:

$ sudo apt install logstash

Sign into Kibana

Open up a browser and navigate to the address that you assigned to Kibana. To login, you’ll need to enter the admin username and password you set up earlier.

Logging into Kibana

Logging into Kibana


After logging in, you’ll be brought to the fully operational Kibana dashboard. Now you can begin using Kibana and setting up your preferences.

Fully operational Kibana dashboard

Fully operational Kibana dashboard

Conclusion

In this article, we learned how to install ELK and its required dependencies on Ubuntu 20.04 Focal Fossa. We also saw how to configure ELK, which required setting a username and password, as well as some Nginx configuration in order to access the Kibana dashboard.

ELK can help you manage your logs, and Kibana specifically has some excellent tools to help you visualize and organize that data.