Linux

On Linux based systems we recommend installing the Logstash, Elasticsearch and Kibana packages using the distribution’s package manager. Supported are the versions 7.17.x, which have been tested explicitly. Compatibility with all 7.17.x versions can be assumed. However, provided Kibana dashboards require version 7.17.x.

Elasticsearch

To install Elasticsearch, follow the instructions provided on Installation .

Elasticsearch normally uses port 9200. Please check if access to this port from outside is allowed by your firewall! In addition, how to configure authenticated access to Elasticsearch is described below.

Configuration

In addition, you can follow these steps to make your cluster fully functional. An elasticsearch.yml configuration file can contain this additional information:

# enabling security is recommended and desired
xpack.security.enabled: true
# this also comprises ssl transport security
xpack.security.transport.ssl.enabled: true
# you may define your own elasticsearch cluster name
cluster.name: <company>-operations
# each node participating in the cluster may receive an individual node name
node.name: analytics-node-01
# define network binding of elasticsearch, defaults to localhost, which is not sufficient if you distribute components across different nodes
# example here: your host is named "elastic.ops.company-vnet.de"
network.host: "elastic.ops.company-vnet.de"
# some settings quite specific to the number of nodes participating in your elasticsearch cluster
# if there is only a single node in your cluster, stay with the default "single-node"
# please verify w/ elastic docs: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/bootstrap-checks.html
discovery.type: "single-node"
#discovery.seed_hosts: ["elastic.ops.company-vnet.de"]
#cluster.initial_master_nodes: ["elastic.ops.company-vnet.de"]

At /resources/analytics/elasticsearch/elasticsearch/elasticsearch-analytics.yml you will find some configuration parameters that are suitable for the operation of an Elasticsearch cluster.

Enabling Transport Layer Security (TLS)

Running elasticsearch in production mode requires Transport Layer Security to be enabled. Elastic comes with some scripts to help set up this mode.

# generate new certificate authority
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
# generates X.509 certificates and private keys
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
# auto create passwords for the built-in user accounts (--> xpack.security.enabled)
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

Please also see the Information from Elastic on TLS .

Logstash

To install Logstash, see the instructions .

Kibana

To install Kibana, see the instructions .