Skip to content

Instantly share code, notes, and snippets.

@squarism

squarism/elk_stack_install.md

Last active May 20, 2022 11:04
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Quick Elasticsearch / Kibana / Logstash (ELK stack) Install (for your local mac dev box)
Raw
elk_stack_install.md

Elasticsearch / Kibana / Logstash Quick Install

Instructions for getting an ELK stack set up quick on Mac. Paths are opinionated. You'll have to infer and change. Sorry mate. 🍰

Install Homebrew if not already. You probably have. If not, you should.

brew install elasticsearch nginx

# do yourself a favor and get a better services command than launchctl
brew tap gapple/services

Download these guys:

  • logstash-1.4.2.tar.gz
  • logstash-contrib-1.4.2.tar.gz
  • kibana-3.1.2.tar.gz (or v4 if you prefer)

I usually throw app installs in /opt on Linux. Mac doesn't have this by default. This is up to you. Elasticsearch is going to be under /usr/local because of homebrew.

# your preference on /opt or not
mkdir /opt
sudo chown $USER /opt

# unpack logstash and very valuable contrib tarballs
cd /opt
tar xzf ~/Downloads/logstash-1.4.2.tar.gz
cd logstash-1.4.2
tar xzf ~/Downloads/logstash-contrib-1.4.2.tar.gz --strip-components=1

# put kibana in nginx
cd /usr/local/var/www
tar xzf ~/Downloads/kibana-3.1.2.tar.gz
mv kibana-3.1.2 kibana

# edit config.js with your hostname
vi kibana/config.js

# line 32 - read the comments on why you might not want localhost here
# for dev box only
elasticsearch: "http://localhost:9200",

# enable cors for kibana3 + elasticsearch 1.4
vi /usr/local/Cellar/elasticsearch/1.4.3/config/elasticsearch.yml

# kibana 3 compatibility
http.cors.enabled: true
http.cors.allow-origin: http://localhost:8080

# the services command is from the brew/tap at the top, love it
$ brew services restart elasticsearch


# make sure nginx starts by itself
# nginx config is in /usr/local/etc/nginx/nginx.conf if you need to look at it
# it won't need any edits for kibana.  it's just js/html in a directory.

# browse to http://localhost:8080/kibana  (you should see a kibana page)
# Now, let's change the default page to logstash.

cd /usr/local/var/www/kibana/app/dashboards
mv default.json default.json.orig
cp logstash.json default.json

# refresh the kibana page.  It will be logstash's default now.

Now you have to suck your logs into logstash. That's a different tutorial.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment