Skip to content

Instantly share code, notes, and snippets.

@inqueue

inqueue/elastic-pi.md

Forked from andig/elastic-pi.md
Last active January 15, 2018 02:17
Show Gist options
  • Save inqueue/85b0bcd7a07ffd4fa77e5856e049c433 to your computer and use it in GitHub Desktop.
Save inqueue/85b0bcd7a07ffd4fa77e5856e049c433 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
elastic-pi.md

Installing elastic beats on Raspberry Pi

At time of writing elastic.co does not provide ARM builds for raspberry. This tutorial describes how to compile e.g. filebeat and run in on Raspberry Pi3.

Prerequisites

You'll need Go (>1.8) and Pyhton with virtualenv.

Go 1.8

Raspian/Debian stretch comes with Go 1.7. To get 1.8 you'll need to add the next version buster to the package sources. Make sure your /etc/apt/preferences looks like this:

Package: *
Pin: release n=stretch
Pin-Priority: 500

Package: *
Pin: release n=buster
Pin-Priority: 10

Then update the package list:

sudo apt update

And install from buster:

sudo apt install -t buster golang

Python

Python 2.x should come preinstalled with Raspbian but you're likely missing virtualenv:

sudo pip install virtualenv

Memory

Compiling with Go, even using a single CPU core can take a lot of memory. Update /etc/dphys-swapfile to 1024MB instead of the default 100MB swap memory and enable it:

sudo nano /etc/dphys-swapfile
sudo dphys-swapfile setup
sudo dphys-swapfile swapon

Building

Get the sources

Set the root path for Go package management:

export GOPATH=~/go

Get sources:

go get github.com/elastic/beats

Goto desired beats folder:

cd ~/go/src/github.com/elastic/beats/filebeat/

Select desired version, should match your elasticsearch backend:

git checkout 6.0

Build binary

Run the go compiler:

GOPATH=~/go make

This wil output the executable filebeat in the current directory, verify by running:

./filebeat -v -e

where -e will output errors to the console instead of syslog. filebeat will now complain about missing config file filebeat.yml.

Copy filebeat.default.yml and modify as required.

Configuration templates

The fields.yml is required to configure the index. To build run:

make update

Build the Kibana template:

make kibana
mv _meta/kibana .

Now run filebeat setup:

./filebeat setup -v -e

Add-ons

For some beats plugins the elasticsearch core can be supplied with addons. Assuming you're running the elastic server in a docker image named elasticsearch install addons like this:

sudo docker exec -it elasticsearch bash
cd /opt/elasticsearch/
bin/elasticsearch-plugin install ingest-user-agent
bin/elasticsearch-plugin install ingest-geoip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment