Automated install (not config) of the entire Elastic Stack.

elasticStackInstall.sh

#!/bin/sh
# ------------------------------------------------------------------------------
#
# install epel gpg key
echo "Installing EPEL gpg key."
rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
# install epel
echo "Installing EPEL repository"
yum install epel* -y
#
# install updates and needed programs
echo "Installing packages and helpful tools"
yum install  net-tools java-1.8* chrony htop unzip nfs-utils epel* lsof* libevent* nano epel* chrony* libgcrypt* libseccomp* libtool-ltdl* systemd-libs* device-mapper-libs* libevent* lsof* net-tools* nfs-utils* keyutils* htop git wget unzip nano -y && yum update -y
#
# install Group packages
echo "Group installing Development Tools, Web Server, & Compatibility Libraries"
yum groupinstall "Development Tools" "Web Server" "Compatibility Libraries" -y
#
# turn off firewalld
echo "Turning off the firewall, since this is a lab; DO NOT DO THIS IN PRODUCTION! ☺"
service firewalld stop
systemctl stop firewalld
systemctl disable firewalld
#
# import Elastic gpg key
echo "Import Elastic gpg key"
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
#
#
# create Elastic repo
echo "Creating Elastic, Kibana, & Logstash repositories"
touch /etc/yum.repos.d/elasticsearch.repo
echo "[elasticsearch-6.x]" >>  /etc/yum.repos.d/elasticsearch.repo
echo "name=Elasticsearch repository for 6.x packages" >> /etc/yum.repos.d/elasticsearch.repo
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum"  >> /etc/yum.repos.d/elasticsearch.repo
echo "gpgcheck=1"  >> /etc/yum.repos.d/elasticsearch.repo
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch"  >> /etc/yum.repos.d/elasticsearch.repo
echo "enabled=1"  >> /etc/yum.repos.d/elasticsearch.repo
echo "autorefresh=1"  >> /etc/yum.repos.d/elasticsearch.repo
echo "type=rpm-md" >> /etc/yum.repos.d/elasticsearch.repo
#
# create Kibana repo
touch /etc/yum.repos.d/kibana.repo
echo "[kibana-6.x]" >>  /etc/yum.repos.d/kibana.repo
echo "name=Elasticsearch repository for 6.x packages" >> /etc/yum.repos.d/kibana.repo
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum"  >> /etc/yum.repos.d/kibana.repo
echo "gpgcheck=1"  >> /etc/yum.repos.d/kibana.repo
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch"  >> /etc/yum.repos.d/kibana.repo
echo "enabled=1"  >> /etc/yum.repos.d/kibana.repo
echo "autorefresh=1"  >> /etc/yum.repos.d/kibana.repo
echo "type=rpm-md" >> /etc/yum.repos.d/kibana.repo
#
# create Logstash repo
touch /etc/yum.repos.d/logstash.repo
echo "[logstash-6.x]" >>  /etc/yum.repos.d/logstash.repo
echo "name=Elasticsearch repository for 6.x packages" >> /etc/yum.repos.d/logstash.repo
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum"  >> /etc/yum.repos.d/logstash.repo
echo "gpgcheck=1"  >> /etc/yum.repos.d/logstash.repo
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch"  >> /etc/yum.repos.d/logstash.repo
echo "enabled=1"  >> /etc/yum.repos.d/logstash.repo
echo "autorefresh=1"  >> /etc/yum.repos.d/logstash.repo
echo "type=rpm-md" >> /etc/yum.repos.d/logstash.repo
#
# install Elastic, Kibana, Logstash, Beats
yum install elasticsearch kibana logstash metricbeat filebeat packetbeat auditbeat heartbeat-elastic -y
#
#
echo "Congratulations, Elasticsearch, Kibana, Logstash, and the myriad of Beats have been installed."
echo "The system will now reboot and rub your feet, well maybe not rub your feet.  ☺"
reboot now

COMMAND TO START LOGSTASH:

ONLY CONNECTORS

bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=smartconnector" -M "arcsight.var.input.smartconnector.port=5050" -M "arcsight.var.input.eventbroker.topics=CEF-U" -M "arcsight.var.elasticsearch.hosts=10.0.100.5:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.5:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &

ONLY 1 TOPIC

bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=eventbroker" -M "arcsight.var.input.eventbroker.bootstrap_servers=10.0.100.4:9092" -M "arcsight.var.input.eventbroker.topics=CEF-U" -M "arcsight.var.elasticsearch.hosts=10.0.100.5:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.5:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &

MULTIPLE TOPICS

bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=eventbroker" -M "arcsight.var.input.eventbroker.bootstrap_servers=10.0.100.4:9092" -M "arcsight.var.input.eventbroker.topics=CEF-C,CEF-U" -M "arcsight.var.elasticsearch.hosts=10.0.100.5:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.5:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &

CONNECTORS & MULTIPLE TOPICS

bash /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=eventbroker,smartconnector" -M "arcsight.var.input.eventbroker.bootstrap_servers=10.0.100.4:9092" -M "arcsight.var.input.eventbroker.topics=CEF-C,CEF-U" -M "arcsight.var.input.smartconnector.port=5050" -M "arcsight.var.elasticsearch.hosts=10.0.100.9:9200" -M "var.elasticsearch.ssl.enabled=false" -M "arcsight.var.kibana.host=10.0.100.9:5601" -M "arcsight.var.kibana.ssl.enabled=false" -M "arcsight.var.kibana.ssl.verfication_mode=false" &

Append to the top of your logstash.yml file; it is located here: /etc/logstash/logstash.yml

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: 10.0.100.5:9200