Windows

Binary packages of Elasticsearch, Kibana and Logstash are no part of this distribution. Download them from elastic.co . Supported are the versions 7.17.x, which have been tested explicitly. Compatibility with all 7.17.x versions can be assumed.

There are several ways to install, configure and run Elasticsearch stack. This documentation provides a simple and direct approach, but the concrete configuration may differ in your environment.

Installation documentation

Please also get an understanding of installation by reading the according Elasticsearch documentation.

Elasticsearch

After you have unpacked the download package, you can create a Windows service via bin/elasticsearch-service.bat.

By default, Elasticsearch is available at http://localhost:9200/.

Elasticsearch normally uses port 9200. Please check if access to this port from outside is allowed by your firewall! In addition, how to configure authenticated access to Elasticsearch is described below.

Configuration

In addition, you can follow these steps to make your cluster fully functional. An elasticsearch.yml configuration file can contain this additional information:

xpack.monitoring.collection.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.audit.enabled: true
# enabling security is recommended and desired
xpack.security.enabled: true
# this also comprises ssl transport security
xpack.security.transport.ssl.enabled: true
# you may define your own elasticsearch cluster name
cluster.name: <company>-operations
# each node participating in the cluster may receive an individual node name
node.name: analytics-node-01
# define network binding of elasticsearch, defaults to localhost, which is not sufficient if you distribute components across different nodes
# example here: your host is named "elastic-host.example.com"
network.host: "elastic-host.example.com"
# some settings quite specific to the number of nodes participating in your elasticsearch cluster
# if there is only a single node in your cluster, stay with the default "single-node"
# please verify w/ elastic docs: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/bootstrap-checks.html
discovery.type: "single-node"
#discovery.seed_hosts: ["elastic-host.example.com"]
#cluster.initial_master_nodes: ["elastic-host.example.com"]
## Provide external paths for data and log storage
#path.data: E:/service.monitor/data/elastic
#path.logs: E:/service.monitor/logs/elastic

Enabling Transport Layer Security (TLS)

Running elasticsearch in production mode requires Transport Layer Security to be enabled. Elastic comes with some scripts to help set up this mode.

# generate new certificate authority
/usr/share/elasticsearch/bin/elasticsearch-certutil ca
# generates X.509 certificates and private keys
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

Please also see the Information from Elastic on TLS .

Create default users

Elastic provides a way to autogenerate default users.

# auto create passwords for the built-in user accounts (--> xpack.security.enabled)
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

Logstash

After unpacking the download package, it makes sense to create a Windows service that can start the process automatically, independent of logged in users. The best way to do this is to use the tool NSSM . The download is unpacked into a folder of the installation.

NSSM via GUI

Calling it from an administrative command line calls the NSSM GUI, which can be used to define further properties of the service execution.

.\bin\nssm.exe install elastic-logstash

Set Application Path to the logstash.bat of the concrete version.
If required, assign a display name.
Redirect console output best to files.

Define a log file rotation for these files. The value 10485760 bytes corresponds to 10 MBytes.
Since the logstash pipelines of service.monitor get values from environment variables, you can set in the Environment section.

If the path of JAVA_HOME contains spaces, inverted commas must be configured. This does not apply to possible spaces in PIPELINES_PATH.

NSSM via command line

Experienced users can alternatively call up NSSM via the command line.

nssm.exe install elastic-logstash E:\service.monitor\logstash-7.17.15\bin\logstash.bat
nssm.exe set elastic-logstash AppParameters "-l E:\\service.monitor\\logs\\logstash"
nssm.exe set elastic-logstash AppDirectory E:\service.monitor\logstash-7.17.15\bin
nssm.exe set elastic-logstash AppExit Default Restart
nssm.exe set elastic-logstash AppEnvironmentExtra :PIPELINES_PATH=E:\\service.monitor\\data\\logstash
nssm.exe set elastic-logstash AppEnvironmentExtra +CA_CERT_PATH=E:\\service.monitor\\data\\logstash\\dummyCa.crt
nssm.exe set elastic-logstash AppEnvironmentExtra +ES_HOST=http://<HOST>:9200
nssm.exe set elastic-logstash AppEnvironmentExtra +ES_PASSWORD=<PASSWORD>
nssm.exe set elastic-logstash AppEnvironmentExtra +ES_USER=elastic
nssm.exe set elastic-logstash AppStdout E:\service.monitor\logs\logstash\logstash.log
nssm.exe set elastic-logstash AppStderr E:\service.monitor\logs\logstash\logstash-err.log
nssm.exe set elastic-logstash AppRotateFiles 1
nssm.exe set elastic-logstash AppRotateOnline 1
nssm.exe set elastic-logstash AppRotateBytes 10485760
nssm.exe set elastic-logstash DisplayName "Elastic Logstash"
nssm.exe set elastic-logstash ObjectName LocalSystem
nssm.exe set elastic-logstash Start SERVICE_DELAYED_AUTO_START
nssm.exe set elastic-logstash Type SERVICE_WIN32_OWN_PROCESS

In the example above, an elastic-logstash service is created. The installation files are available under E:\service.monitor in version 7.17.5. The details of paths and storage locations must be adapted individually.

Kibana

Configuration of kibana.yml

Configuration

A kibana.yml configuration file shall contain this additional information/configuration:

server.publicBaseUrl: "http://HOSTNAME:5601"
server.host: "HOSTNAME"
elasticsearch.hosts: ["http://HOSTNAME:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "******"
xpack.encryptedSavedObjects.encryptionKey: ee7b4780fc5cc492e60f365ac12788fa
xpack.reporting.encryptionKey: d4ad47d7ca8b09e650c0f0fa9baad4aa
xpack.security.encryptionKey: 3876cd060838af800da749acc9c604ff
vis_type_vega.enableExternalUrls: true

Generate encryption key

Kibana offers a command line tool to generate the keys mentioned in the example above:

\kibana\bin>kibana-encryption-keys.bat generate

Create Windows Service

Do the creation of the Windows service for Kibana in the same way as for Logstash.

NSSM via GUI

.\bin\nssm.exe install elastic-kibana

The two screenshots show possible configuration options for the Windows service settings. Setting environment variables is not necessary here.

NSSM via command line

Experienced users can alternatively call up NSSM via the command line.

nssm.exe install elastic-kibana E:\service.monitor\kibana-7.17.15-windows-x86_64\bin\kibana.bat
nssm.exe set elastic-kibana AppDirectory E:\service.monitor\kibana-7.17.15-windows-x86_64\bin
nssm.exe set elastic-kibana AppExit Default Restart
nssm.exe set elastic-kibana AppStdout E:\service.monitor\logs\kibana\kibana.log
nssm.exe set elastic-kibana AppStderr E:\service.monitor\logs\kibana\kibana-err.log
nssm.exe set elastic-kibana AppRotateFiles 1
nssm.exe set elastic-kibana AppRotateOnline 1
nssm.exe set elastic-kibana AppRotateBytes 10485760
nssm.exe set elastic-kibana DisplayName "Elastic Kibana"
nssm.exe set elastic-kibana ObjectName LocalSystem
nssm.exe set elastic-kibana Start SERVICE_DELAYED_AUTO_START
nssm.exe set elastic-kibana Type SERVICE_WIN32_OWN_PROCESS

The entries of NSSM can be found in the Windows Registry under the key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.