# Configure Elasticsearch and Kibana setup in ubuntu Elasticsearch components are not included in Ubuntu's default package repositories. However, they can be installed via APT by adding Elastic’s official package source. To ensure security and prevent package spoofing, all packages are signed with a GPG key, allowing the package manager to verify their authenticity. To proceed with the installation, let's import the public GPG key and add the Elastic package source list. ```bash wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg ```

* : Elasticsearch’s public **GPG key**, a cryptographic "signature" used to verify the authenticity of packages. * **`--dearmor`**: Converts the GPG key from human-readable text to **binary format** because Debian’s `apt` expects keys in binary format for verification. Next, let's add Elasticsearch Repository to APT Sources: ```bash echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list ```

* Here I'm telling `apt` where to find Elasticsearch packages ([https://artifacts.elastic.co/packages/8.x/apt](https://artifacts.elastic.co/packages/8.x/apt\).)). * The `[signed-by=...]` option ensures packages from this repository are verified using the GPG key. Next, let's update our APT packages index with the new Elastic source: ```bash sudo apt-get update ```

Next, let's install the Elasticsearch Debian package. ```bash sudo apt-get install elasticsearch ```

Next, we need to update the elasticsearch.yml with following network host and port configurations. ```bash sudo nano /etc/elasticsearch/elasticsearch.yml ```

Now, let's enable Elasticsearch to start automatically on system boot.

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch

Next, let's start the elasticsearch Service: ```bash sudo systemctl start elasticsearch sudo systemctl status elasticsearch ```

Now, we need to confirm that Elasticsearch is running correctly and is accessible via HTTPS on `localhost:9200`.

We can also confirm the service is up and accessible using this command: ```bash sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200 ```

* The file `/etc/elasticsearch/certs/http_ca.crt` is the CA certificate generated during Elasticsearch installation. Now, let's install and configure Kibana. It is part of the Elastic Stack, so it uses the same repository we added for Elasticsearch. ```bash sudo apt-get install kibana ``` Now, we need to edit **`kibana.yml`** file to determine how it connects to Elasticsearch and how it behaves. ```bash sudo nano /etc/kibana/kibana.yml ```

* **`server.port: 5601`** : the port on which Kibana will run * **`server.host: "0.0.0.0"`** : the IP address Kibana will bind to (Setting this to `0.0.0.0` allows Kibana to be accessed from other machines on the network.) * **`elasticsearch.hosts: ["http://localhost:9200"]`** : the Elasticsearch instance Kibana will connect to Next, let's enable Kibana to ensures it starts automatically when the system boots. ```bash sudo systemctl enable kibana ``` Then, let's start the Kibana service: ```bash sudo systemctl start kibana ```

Now, let's make sure Kibana is running:

Now, we need to generate an **enrollment token** for Kibana and using it to securely connect Kibana to Elasticsearch. ```bash sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana ```

Next, let's open Kibana, enter the copied token into the input field, and click **Configure Elastic** to proceed.

After this Kibana prompted for Verification code.

To generate Verification code , we need to navigate to Kibana installation directory and execute the following script. ```bash sudo /usr/share/kibana/bin/kibana-verification-code ```

Next, let's proceed with logging in using the provided username and password.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://faresbltagy.gitbook.io/footprintinglabs/build-elk-lab/configure-elasticsearch-and-kibana-setup-in-ubuntu.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.