Getting started with Elasticsearch and Kibana
Install elasticsearch
Add user for elasticsearch
[root@vm1 home]# groupadd es
[root@vm1 home]# useradd es -g es
[root@vm1 home]# passwd es
[root@vm1 home]# cd es
Download elasticsearch
[root@vm1 es]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.4.3-linux-x86_64.tar.gz
[root@vm1 es]# tar zxf elasticsearch-8.4.3-linux-x86_64.tar.gz
[root@vm1 es]# chown -R es:es /home/es
[root@vm1 es]# su es
[es@vm1 ~]$ cd elasticsearch-8.4.3/
Start elasticsearch
[es@vm1 elasticsearch-8.4.3]$ bin/elasticsearch
[...]
[2022-10-17T17:07:49,984][INFO ][o.e.h.AbstractHttpServerTransport] [vm1] publish_address {127.0.0.1:9200}, bound_addresses {[::]:9200}
[...]
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
[...]
ℹ️ HTTP CA certificate SHA-256 fingerprint:
[...]
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
[...]
ℹ️ Configure other nodes to join this cluster:
• On this node:
⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
⁃ Restart Elasticsearch.
• On other nodes:
⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
Verify elasticsearch
[root@vm2 es]# curl 10.10.10.1:9200
curl: (52) Empty reply from server
Modify elastic config file:
[es@vm1 elasticsearch-8.4.3]$ vim config/elasticsearch.yml
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
network.host: 10.10.10.1
# Enable security features
xpack.security.enabled: false
Restart elasticsearch process and verify again:
[root@vm2 es]# curl 10.10.10.1:9200
{
"name" : "vm1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "ZZ_MBiS5Qi-3RFSdyk_-Kg",
"version" : {
"number" : "8.4.3",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "42f05b9372a9a4a470db3b52817899b99a76ee73",
"build_date" : "2022-10-04T07:17:24.662462378Z",
"build_snapshot" : false,
"lucene_version" : "9.3.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Install Kibana
Download Kibana
[root@vm2 es]# wget https://artifacts.elastic.co/downloads/kibana/kibana-8.4.3-linux-x86_64.tar.gz
[root@vm2 es]# tar zxf kibana-8.4.3-linux-x86_64.tar.gz
[root@vm2 es]# cd kibana-8.4.3/
[root@vm2 kibana-8.4.3]# chown -R es:es /home/es
Start Kibana
[root@vm2 kibana-8.4.3]# bin/kibana
Kibana should not be run as root. Use --allow-root to continue.
[root@vm2 kibana-8.4.3]# su es
[es@vm2 kibana-8.4.3]$ bin/kibana
[2022-10-17T17:41:59.539-07:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2022-10-17T17:42:06.604-07:00][INFO ][http.server.Preboot] http server running at http://localhost:5601
[2022-10-17T17:42:06.644-07:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2022-10-17T17:42:06.646-07:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
[2022-10-17T17:42:06.681-07:00][INFO ][root] Holding setup until preboot stage is completed.
i Kibana has not been configured.
Go to http://localhost:5601/?code=263178 to get started.
Allow connections from remote users:
[root@vm2 kibana-8.4.3]# vim config/kibana.yml
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
server.host: "10.10.10.2"
Restart the kibana to reflect the change:
[root@vm2 kibana-8.4.3]# su es
[es@vm2 kibana-8.4.3]$ bin/kibana
[...]
Go to http://10.10.10.2:5601/?code=293334 to get started.
Connect Kibana to Elasticsearch
From the Browser, enter “http://10.10.10.2:5601/?code=293334“.
If you run into the following issue when to connect to elasticsearch server from kibana web UI, you can change the URL from “https://10.10.10.1:9200“ to “http://10.10.10.1:9200“ for testing purpose.
[2022-11-09T10:55:02.691-08:00][ERROR][plugins.interactiveSetup.elasticsearch] Unable to connect to host "https://10.10.10.1:9200": write EPROTO 139880583923648:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
Use Dev Tools in Kibana
GET _cluster/health
{
"cluster_name": "elasticsearch",
"status": "green",
"timed_out": false,
"number_of_nodes": 1,
"number_of_data_nodes": 1,
"active_primary_shards": 10,
"active_shards": 10,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 0,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 100
}
GET _nodes/stats
{
"_nodes": {
"total": 1,
"successful": 1,
"failed": 0
},
"cluster_name": "elasticsearch",
"nodes": {
[...]
}
}