Configure Elasticsearch and Kibana setup in ubuntu

Elasticsearch components are not included in Ubuntu's default package repositories. However, they can be installed via APT by adding Elastic’s official package source. To ensure security and prevent package spoofing, all packages are signed with a GPG key, allowing the package manager to verify their authenticity. To proceed with the installation, let's import the public GPG key and add the Elastic package source list.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

• https://artifacts.elastic.co/GPG-KEY-elasticsearch: Elasticsearch’s public GPG key, a cryptographic "signature" used to verify the authenticity of packages.

• --dearmor: Converts the GPG key from human-readable text to binary format because Debian’s apt expects keys in binary format for verification.

Next, let's add Elasticsearch Repository to APT Sources:

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

• Here I'm telling apt where to find Elasticsearch packages (https://artifacts.elastic.co/packages/8.x/apt).

• The [signed-by=...] option ensures packages from this repository are verified using the GPG key.

Next, let's update our APT packages index with the new Elastic source:

sudo apt-get update

Next, let's install the Elasticsearch Debian package.

sudo apt-get install elasticsearch

Next, we need to update the elasticsearch.yml with following network host and port configurations.

sudo nano /etc/elasticsearch/elasticsearch.yml

Now, let's enable Elasticsearch to start automatically on system boot.

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch

Next, let's start the elasticsearch Service:

sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

Now, we need to confirm that Elasticsearch is running correctly and is accessible via HTTPS on localhost:9200.

We can also confirm the service is up and accessible using this command:

sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

• The file /etc/elasticsearch/certs/http_ca.crt is the CA certificate generated during Elasticsearch installation.

Now, let's install and configure Kibana. It is part of the Elastic Stack, so it uses the same repository we added for Elasticsearch.

sudo apt-get install kibana

Now, we need to edit kibana.yml file to determine how it connects to Elasticsearch and how it behaves.

sudo nano /etc/kibana/kibana.yml

• server.port: 5601 : the port on which Kibana will run

• server.host: "0.0.0.0" : the IP address Kibana will bind to (Setting this to 0.0.0.0 allows Kibana to be accessed from other machines on the network.)

• elasticsearch.hosts: ["http://localhost:9200"] : the Elasticsearch instance Kibana will connect to

Next, let's enable Kibana to ensures it starts automatically when the system boots.

sudo systemctl enable kibana

Then, let's start the Kibana service:

sudo systemctl start kibana

Now, let's make sure Kibana is running:

Now, we need to generate an enrollment token for Kibana and using it to securely connect Kibana to Elasticsearch.

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Next, let's open Kibana, enter the copied token into the input field, and click Configure Elastic to proceed.

After this Kibana prompted for Verification code.

To generate Verification code , we need to navigate to Kibana installation directory and execute the following script.

sudo /usr/share/kibana/bin/kibana-verification-code

Next, let's proceed with logging in using the provided username and password.