This article will show how to install two big software – Elasticsearch to store information and Kibana to visualize the information under CentOS 8. Elasticsearch is ideal to store big data such as logs from user activities or server logs – one central repository for data, which is structured properly and it could be easily accessed and manipulated with various software.
Kibana is used mainly for visualizing the data stored in the Elasticseach server and manage the Elasticsearch service by the web. ste
Here is a simple example: send the web servers logs in Elasticsearch and visual statistical data with Kibana.
Using the rpm repository for the two software is the best option for installation and in future upgrades.
STEP 1) Install the CentOS 8.
How to install CentOS 8 could be found here – How to do a network installation of CentOS 8 (8.0.1950) – minimal server installation.
Or if a container approach is needed, there is a how to with LXC container – Run LXC CentOS 8 container with bridged network under CentOS 8.
STEP 2) Install the Elasticsearch.
This installation and configuration is for single node server setup.
First, create a rpm repository file /etc/yum.repos.d/elasticsearch.repo and fill it with the Elasticsearch repository information:
[elasticsearch] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Then import the Elasticsearch GPG key and install the Elasticsearch software:
[root@loganalyzer ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch [root@loganalyzer ~]# dnf install elasticsearch Last metadata expiration check: 0:00:19 ago on 11.12.2021 (Sat) 12:43:24 UTC. Dependencies resolved. ========================================================================================================================================== Package Architecture Version Repository Size ========================================================================================================================================== Installing: elasticsearch x86_64 7.16.0-1 elasticsearch 327 M Transaction Summary ========================================================================================================================================= Install 1 Package Total download size: 327 M Installed size: 526 M Is this ok [y/N]: y Downloading Packages: elasticsearch-7.16.0-x86_64.rpm 43 MB/s | 327 MB 00:07 ------------------------------------------------------------------------------------------------------------------------------------------ Total 43 MB/s | 327 MB 00:07 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: elasticsearch-7.16.0-1.x86_64 1/1 Creating elasticsearch group... OK Creating elasticsearch user... OK Installing : elasticsearch-7.16.0-1.x86_64 1/1 Running scriptlet: elasticsearch-7.16.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore [/usr/lib/tmpfiles.d/elasticsearch.conf:1] Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly. Verifying : elasticsearch-7.16.0-1.x86_64 1/1 Installed: elasticsearch-7.16.0-1.x86_64 Complete!
The configuration files are placed in /etc/elasticsearch/:
[root@loganalyzer ~]# ls -altr /etc/elasticsearch/ total 60 -rw-rw----. 1 root elasticsearch 0 Dec 2 15:49 users_roles -rw-rw----. 1 root elasticsearch 0 Dec 2 15:49 users -rw-rw----. 1 root elasticsearch 197 Dec 2 15:49 roles.yml -rw-rw----. 1 root elasticsearch 473 Dec 2 15:49 role_mapping.yml -rw-rw----. 1 root elasticsearch 19095 Dec 2 15:49 log4j2.properties -rw-rw----. 1 root elasticsearch 3329 Dec 2 15:49 jvm.options -rw-rw----. 1 root elasticsearch 3431 Dec 2 15:49 elasticsearch.yml -rw-rw----. 1 root elasticsearch 1042 Dec 2 15:49 elasticsearch-plugins.example.yml drwxr-s---. 2 root elasticsearch 4096 Dec 2 15:53 jvm.options.d -rw-rw----. 1 root elasticsearch 199 Dec 11 12:44 elasticsearch.keystore drwxr-s---. 3 root elasticsearch 4096 Dec 11 12:44 . -rw-r--r--. 1 root elasticsearch 76 Dec 11 12:44 .elasticsearch.keystore.initial_md5sum drwxr-xr-x. 64 root root 4096 Dec 11 12:44 ..
The index data is placed in /var/lib/elasticsearch.
[root@loganalyzer ~]# ls -altr /var/lib/elasticsearch/ total 12 drwxr-sr-x. 3 elasticsearch elasticsearch 4096 Sep 12 2019 nodes drwxr-xr-x. 18 root root 4096 Sep 13 2019 .. drwxr-s---. 3 elasticsearch elasticsearch 4096 Oct 7 22:08 . [root@loganalyzer ~]# ls -altr /var/lib/elasticsearch/nodes/ total 12 drwxr-sr-x. 3 elasticsearch elasticsearch 4096 Sep 12 2019 . drwxr-s---. 3 elasticsearch elasticsearch 4096 Oct 7 22:08 .. drwxr-sr-x. 5 elasticsearch elasticsearch 4096 Dec 11 12:59 0 [root@loganalyzer ~]# ls -altr /var/lib/elasticsearch/nodes/0/ total 56 drwxr-sr-x. 3 elasticsearch elasticsearch 4096 Sep 12 2019 .. -rw-r--r--. 1 elasticsearch elasticsearch 0 Sep 12 2019 node.lock drwxr-sr-x. 2 elasticsearch elasticsearch 4096 Nov 22 13:05 snapshot_cache drwxr-sr-x. 826 elasticsearch elasticsearch 36864 Dec 11 00:00 indices drwxr-sr-x. 2 elasticsearch elasticsearch 4096 Dec 11 00:00 _state drwxr-sr-x. 5 elasticsearch elasticsearch 4096 Dec 11 12:59 .
Log files are in /var/log/elasticsearch directory:
[root@loganalyzer ~]# ls -altr /var/log/elasticsearch drwxr-xr-x. 4 root root 4096 Dec 5 04:02 .. -rw-r--r--. 1 elasticsearch elasticsearch 3400 Dec 6 00:00 elasticsearch-2021-12-05-1.json.gz -rw-r--r--. 1 elasticsearch elasticsearch 3074 Dec 6 00:00 elasticsearch-2021-12-05-1.log.gz -rw-r--r--. 1 elasticsearch elasticsearch 15597 Dec 7 00:00 elasticsearch-2021-12-06-1.json.gz -rw-r--r--. 1 elasticsearch elasticsearch 13588 Dec 7 00:00 elasticsearch-2021-12-06-1.log.gz -rw-r--r--. 1 elasticsearch elasticsearch 2796 Dec 8 00:00 elasticsearch-2021-12-07-1.log.gz -rw-r--r--. 1 elasticsearch elasticsearch 3082 Dec 8 00:00 elasticsearch-2021-12-07-1.json.gz -rw-r--r--. 1 elasticsearch elasticsearch 3276 Dec 9 00:00 elasticsearch-2021-12-08-1.json.gz -rw-r--r--. 1 elasticsearch elasticsearch 2974 Dec 9 00:00 elasticsearch-2021-12-08-1.log.gz -rw-r--r--. 1 elasticsearch elasticsearch 2020 Dec 10 00:00 elasticsearch-2021-12-09-1.json.gz -rw-r--r--. 1 elasticsearch elasticsearch 1833 Dec 10 00:00 elasticsearch-2021-12-09-1.log.gz -rw-r--r--. 1 elasticsearch elasticsearch 4676 Dec 11 00:00 elasticsearch-2021-12-10-1.json.gz -rw-r--r--. 1 elasticsearch elasticsearch 4309 Dec 11 00:00 elasticsearch-2021-12-10-1.log.gz drwxr-s---. 2 elasticsearch elasticsearch 118784 Dec 11 00:00 . -rw-r--r--. 1 elasticsearch elasticsearch 35257 Dec 11 12:12 elasticsearch_server.json -rw-r--r--. 1 elasticsearch elasticsearch 19679 Dec 11 12:12 elasticsearch.log -rw-r--r--. 1 elasticsearch elasticsearch 3554360 Dec 11 12:17 elasticsearch_deprecation.log -rw-r--r--. 1 elasticsearch elasticsearch 7864788 Dec 11 12:17 elasticsearch_deprecation.json -rw-r--r--. 1 elasticsearch elasticsearch 63958577 Dec 11 13:02 gc.log
As you can see the old logs are compressed.
STEP 3) Enable basic security in the Elasticsearch.
By default, the installation does not enable any security model, and the web interface of the Elasticsearch may be accessible by anyone in the network. So enabling, at least the minimum security model, is strongly suggested!
In the main Elasticsearch configuration file /etc/elasticsearch/elasticsearch.yml add:
discovery.seed_hosts: ["node-1"] discovery.type: single-node xpack.security.enabled: true
To enable the server to listen on a specific IP address like 192.168.0.2, the network option in /etc/elasticsearch/elasticsearch.yml should be modified as follow:
network.host: 192.168.0.2
Enable at boot and start the Elasticsearch service by:
[root@loganalyzer ~]# systemctl enable elasticsearch
Synchronizing state of elasticsearch.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.
[root@loganalyzer ~]# systemctl start elasticsearch
[root@loganalyzer ~]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Drop-In: /run/systemd/system/elasticsearch.service.d
└─zzz-lxc-service.conf
Active: active (running) since Sat 2021-12-11 13:34:08 UTC; 6s ago
Docs: https://www.elastic.co
Main PID: 3106 (java)
Tasks: 58 (limit: 26213)
Memory: 8.0G
CGroup: /user.slice/user-0.slice/session-12.scope/system.slice/elasticsearch.service
├─3106 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headles
s=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty
.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/
java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-4506073123971287958 -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms7787m -Xmx7787m -XX:
MaxDirectMemorySize=4083154944 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearc
h -Des.distribution.flavor=default -Des.distribution.type=rpm -Des.bundled_jdk=true -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -p /var/run/elasticsearch/el
asticsearch.pid --quiet
└─3308 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Dec 11 13:33:41 loganalyzer systemd[1]: Starting Elasticsearch...
Dec 11 13:34:08 loganalyzer systemd[1]: Started Elasticsearch.
[root@loganalyzer ~]# ps axuf|grep elastic
root 3361 0.0 0.0 3024 184 pts/0 D+ 13:34 0:00 \_ grep --color=auto elastic
elastic+ 3106 91.0 53.0 14407056 8467804 ? Ssl 13:33 0:52 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-4506073123971287958 -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms7787m -Xmx7787m -XX:MaxDirectMemorySize=4083154944 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -Des.distribution.flavor=default -Des.distribution.type=rpm -Des.bundled_jdk=true -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet
elastic+ 3308 0.0 0.0 120656 4548 ? Sl 13:33 0:00 \_ /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
The java process is running and some of the JDK options are visible from the command line arguments.
With the first start the default indexes will be created. Here is the Elasticsearch log of the first run and the creation of the default indexes:
[root@loganalyzer elasticsearch]# cat elasticsearch.log
[2021-12-11T13:33:51,322][INFO ][o.e.n.Node ] [loganalyzer] version[7.16.0], pid[3106], build[default/rpm/6fc81662312141fe7691d7c1c91b8658ac17aa0d/2021-12-02T15:46:35.697268109Z], OS[Linux/3.10.0-862.9.1.el7.x86_64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.1/17.0.1+12]
[2021-12-11T13:33:51,327][INFO ][o.e.n.Node ] [loganalyzer] JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]
[2021-12-11T13:33:51,327][INFO ][o.e.n.Node ] [loganalyzer] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-4506073123971287958, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms7787m, -Xmx7787m, -XX:MaxDirectMemorySize=4083154944, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
[2021-12-11T13:33:56,160][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [aggs-matrix-stats]
[2021-12-11T13:33:56,161][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [analysis-common]
[2021-12-11T13:33:56,161][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [constant-keyword]
[2021-12-11T13:33:56,161][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [frozen-indices]
[2021-12-11T13:33:56,161][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [ingest-common]
[2021-12-11T13:33:56,161][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [ingest-geoip]
[2021-12-11T13:33:56,162][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [ingest-user-agent]
[2021-12-11T13:33:56,162][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [kibana]
[2021-12-11T13:33:56,162][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [lang-expression]
[2021-12-11T13:33:56,162][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [lang-mustache]
[2021-12-11T13:33:56,162][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [lang-painless]
[2021-12-11T13:33:56,163][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [legacy-geo]
[2021-12-11T13:33:56,163][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [mapper-extras]
[2021-12-11T13:33:56,163][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [mapper-version]
[2021-12-11T13:33:56,163][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [parent-join]
[2021-12-11T13:33:56,163][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [percolator]
[2021-12-11T13:33:56,163][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [rank-eval]
[2021-12-11T13:33:56,164][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [reindex]
[2021-12-11T13:33:56,164][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [repositories-metering-api]
[2021-12-11T13:33:56,164][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [repository-encrypted]
[2021-12-11T13:33:56,164][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [repository-url]
[2021-12-11T13:33:56,164][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [runtime-fields-common]
[2021-12-11T13:33:56,164][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [search-business-rules]
[2021-12-11T13:33:56,165][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [searchable-snapshots]
[2021-12-11T13:33:56,165][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [snapshot-repo-test-kit]
[2021-12-11T13:33:56,165][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [spatial]
[2021-12-11T13:33:56,165][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [systemd]
[2021-12-11T13:33:56,165][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [transform]
[2021-12-11T13:33:56,166][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [transport-netty4]
[2021-12-11T13:33:56,166][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [unsigned-long]
[2021-12-11T13:33:56,166][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [vector-tile]
[2021-12-11T13:33:56,166][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [vectors]
[2021-12-11T13:33:56,166][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [wildcard]
[2021-12-11T13:33:56,166][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-aggregate-metric]
[2021-12-11T13:33:56,167][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-analytics]
[2021-12-11T13:33:56,167][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-async]
[2021-12-11T13:33:56,167][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-async-search]
[2021-12-11T13:33:56,167][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-autoscaling]
[2021-12-11T13:33:56,167][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-ccr]
[2021-12-11T13:33:56,167][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-core]
[2021-12-11T13:33:56,168][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-data-streams]
[2021-12-11T13:33:56,168][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-deprecation]
[2021-12-11T13:33:56,168][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-enrich]
[2021-12-11T13:33:56,168][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-eql]
[2021-12-11T13:33:56,168][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-fleet]
[2021-12-11T13:33:56,168][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-graph]
[2021-12-11T13:33:56,168][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-identity-provider]
[2021-12-11T13:33:56,169][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-ilm]
[2021-12-11T13:33:56,169][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-logstash]
[2021-12-11T13:33:56,169][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-ml]
[2021-12-11T13:33:56,169][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-monitoring]
[2021-12-11T13:33:56,169][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-ql]
[2021-12-11T13:33:56,170][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-rollup]
[2021-12-11T13:33:56,170][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-security]
[2021-12-11T13:33:56,170][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-shutdown]
[2021-12-11T13:33:56,170][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-sql]
[2021-12-11T13:33:56,170][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-stack]
[2021-12-11T13:33:56,170][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-text-structure]
[2021-12-11T13:33:56,171][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-voting-only-node]
[2021-12-11T13:33:56,171][INFO ][o.e.p.PluginsService ] [loganalyzer] loaded module [x-pack-watcher]
[2021-12-11T13:33:56,171][INFO ][o.e.p.PluginsService ] [loganalyzer] no plugins loaded
[2021-12-11T13:33:56,357][INFO ][o.e.e.NodeEnvironment ] [loganalyzer] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [1.4tb], net total_space [2.6tb], types [rootfs]
[2021-12-11T13:33:56,358][INFO ][o.e.e.NodeEnvironment ] [loganalyzer] heap size [7.6gb], compressed ordinary object pointers [true]
[2021-12-11T13:33:56,406][INFO ][o.e.n.Node ] [loganalyzer] node name [loganalyzer], node ID [OJH0IV74RNORXhoJH_2Avg], cluster name [elasticsearch], roles [transform, data_frozen, master, remote_cluster_client, data, ml, data_content, data_hot, data_warm, data_cold, ingest]
[2021-12-11T13:34:03,314][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [loganalyzer] [controller/3308] [Main.cc@122] controller (64 bit): Version 7.16.0 (Build 7b1479ee4c17c2) Copyright (c) 2021 Elasticsearch BV
[2021-12-11T13:34:03,792][INFO ][o.e.x.s.a.Realms ] [loganalyzer] license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]
[2021-12-11T13:34:03,811][INFO ][o.e.x.s.a.s.FileRolesStore] [loganalyzer] parsed [0] roles from file [/etc/elasticsearch/roles.yml]
[2021-12-11T13:34:04,625][INFO ][o.e.i.g.ConfigDatabases ] [loganalyzer] initialized default databases [[GeoLite2-Country.mmdb, GeoLite2-City.mmdb, GeoLite2-ASN.mmdb]], config databases [[]] and watching [/etc/elasticsearch/ingest-geoip] for changes
[2021-12-11T13:34:04,627][INFO ][o.e.i.g.DatabaseNodeService] [loganalyzer] initialized database registry, using geoip-databases directory [/tmp/elasticsearch-4506073123971287958/geoip-databases/OJH0IV74RNORXhoJH_2Avg]
[2021-12-11T13:34:05,406][INFO ][o.e.t.NettyAllocator ] [loganalyzer] creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=4mb}]
[2021-12-11T13:34:05,497][INFO ][o.e.d.DiscoveryModule ] [loganalyzer] using discovery type [single-node] and seed hosts providers [settings]
[2021-12-11T13:34:06,011][INFO ][o.e.g.DanglingIndicesState] [loganalyzer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2021-12-11T13:34:06,646][INFO ][o.e.n.Node ] [loganalyzer] initialized
[2021-12-11T13:34:06,646][INFO ][o.e.n.Node ] [loganalyzer] starting ...
[2021-12-11T13:34:06,808][INFO ][o.e.x.s.c.f.PersistentCache] [loganalyzer] persistent cache index loaded
[2021-12-11T13:34:06,810][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [loganalyzer] deprecation component started
[2021-12-11T13:34:07,020][INFO ][o.e.t.TransportService ] [loganalyzer] publish_address {192.168.0.2:9300}, bound_addresses {192.168.0.2:9300}
[2021-12-11T13:34:07,565][INFO ][o.e.c.c.Coordinator ] [loganalyzer] setting initial configuration to VotingConfiguration{OJH0IV74RNORXhoJH_2Avg}
[2021-12-11T13:34:08,260][INFO ][o.e.c.s.MasterService ] [loganalyzer] elected-as-master ([1] nodes joined)[{loganalyzer}{OJH0IV74RNORXhoJH_2Avg}{-jRGKvPES7y7sMBGuhJvMA}{192.168.0.2}{192.168.0.2:9300}{cdfhilmrstw} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{loganalyzer}{OJH0IV74RNORXhoJH_2Avg}{-jRGKvPES7y7sMBGuhJvMA}{192.168.0.2}{192.168.0.2:9300}{cdfhilmrstw}]}
[2021-12-11T13:34:08,483][INFO ][o.e.c.c.CoordinationState] [loganalyzer] cluster UUID set to [nkmq-v6CTsa1Yq_ZPWPv_Q]
[2021-12-11T13:34:08,692][INFO ][o.e.c.s.ClusterApplierService] [loganalyzer] master node changed {previous [], current [{loganalyzer}{OJH0IV74RNORXhoJH_2Avg}{-jRGKvPES7y7sMBGuhJvMA}{192.168.0.2}{192.168.0.2:9300}{cdfhilmrstw}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
[2021-12-11T13:34:08,756][INFO ][o.e.h.AbstractHttpServerTransport] [loganalyzer] publish_address {192.168.0.2:9200}, bound_addresses {192.168.0.2:9200}
[2021-12-11T13:34:08,756][INFO ][o.e.n.Node ] [loganalyzer] started
[2021-12-11T13:34:08,972][INFO ][o.e.g.GatewayService ] [loganalyzer] recovered [0] indices into cluster_state
[2021-12-11T13:34:09,398][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [.ml-stats] for index patterns [.ml-stats-*]
[2021-12-11T13:34:09,875][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [.ml-notifications-000002] for index patterns [.ml-notifications-000002]
[2021-12-11T13:34:10,249][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [.ml-anomalies-] for index patterns [.ml-anomalies-*]
[2021-12-11T13:34:10,546][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [.ml-state] for index patterns [.ml-state*]
[2021-12-11T13:34:11,108][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [data-streams-mappings]
[2021-12-11T13:34:11,398][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [logs-settings]
[2021-12-11T13:34:11,668][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [logs-mappings]
[2021-12-11T13:34:11,902][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [synthetics-settings]
[2021-12-11T13:34:12,232][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [synthetics-mappings]
[2021-12-11T13:34:12,438][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [metrics-settings]
[2021-12-11T13:34:12,648][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [metrics-mappings]
[2021-12-11T13:34:12,988][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [.watch-history-13] for index patterns [.watcher-history-13*]
[2021-12-11T13:34:13,211][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [ilm-history] for index patterns [ilm-history-5*]
[2021-12-11T13:34:13,463][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [.slm-history] for index patterns [.slm-history-5*]
[2021-12-11T13:34:13,808][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [.deprecation-indexing-mappings]
[2021-12-11T13:34:14,021][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding component template [.deprecation-indexing-settings]
[2021-12-11T13:34:14,342][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding template [.monitoring-alerts-7] for index patterns [.monitoring-alerts-7]
[2021-12-11T13:34:14,560][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding template [.monitoring-es] for index patterns [.monitoring-es-7-*]
[2021-12-11T13:34:14,840][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-7-*]
[2021-12-11T13:34:15,403][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-7-*]
[2021-12-11T13:34:15,646][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding template [.monitoring-beats] for index patterns [.monitoring-beats-7-*]
[2021-12-11T13:34:15,988][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [logs] for index patterns [logs-*-*]
[2021-12-11T13:34:16,263][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [synthetics] for index patterns [synthetics-*-*]
[2021-12-11T13:34:16,620][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [metrics] for index patterns [metrics-*-*]
[2021-12-11T13:34:16,839][INFO ][o.e.c.m.MetadataIndexTemplateService] [loganalyzer] adding index template [.deprecation-indexing-template] for index patterns [.logs-deprecation.*]
[2021-12-11T13:34:17,118][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [ml-size-based-ilm-policy]
[2021-12-11T13:34:17,333][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [metrics]
[2021-12-11T13:34:17,533][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [synthetics]
[2021-12-11T13:34:17,835][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [logs]
[2021-12-11T13:34:18,085][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [7-days-default]
[2021-12-11T13:34:18,355][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [180-days-default]
[2021-12-11T13:34:18,614][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [90-days-default]
[2021-12-11T13:34:18,895][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [365-days-default]
[2021-12-11T13:34:19,111][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [30-days-default]
[2021-12-11T13:34:19,423][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [watch-history-ilm-policy]
[2021-12-11T13:34:19,732][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [ilm-history-ilm-policy]
[2021-12-11T13:34:20,260][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [slm-history-ilm-policy]
[2021-12-11T13:34:20,546][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [.deprecation-indexing-ilm-policy]
[2021-12-11T13:34:20,767][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [loganalyzer] adding index lifecycle policy [.fleet-actions-results-ilm-policy]
[2021-12-11T13:34:21,214][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] updating geoip databases
[2021-12-11T13:34:21,214][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] fetching geoip databases overview from [https://geoip.elastic.co/v1/database?elastic_geoip_service_tos=agree]
[2021-12-11T13:34:21,550][INFO ][o.e.l.LicenseService ] [loganalyzer] license [5490b670-5e01-47b8-a871-cf0601623c1a] mode [basic] - valid
[2021-12-11T13:34:21,551][INFO ][o.e.x.s.a.Realms ] [loganalyzer] license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]
[2021-12-11T13:34:21,552][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [loganalyzer] Active license is now [BASIC]; Security is enabled
[2021-12-11T13:34:22,267][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] updating geoip database [GeoLite2-ASN.mmdb]
[2021-12-11T13:34:22,599][INFO ][o.e.c.m.MetadataCreateIndexService] [loganalyzer] [.geoip_databases] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]
[2021-12-11T13:34:23,688][INFO ][o.e.c.r.a.AllocationService] [loganalyzer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.geoip_databases][0]]]).
[2021-12-11T13:34:24,828][WARN ][o.e.m.j.JvmGcMonitorService] [loganalyzer] [gc][18] overhead, spent [520ms] collecting in the last [1s]
[2021-12-11T13:34:26,585][INFO ][o.e.i.g.DatabaseNodeService] [loganalyzer] downloading geoip database [GeoLite2-ASN.mmdb] to [/tmp/elasticsearch-4506073123971287958/geoip-databases/OJH0IV74RNORXhoJH_2Avg/GeoLite2-ASN.mmdb.tmp.gz]
[2021-12-11T13:34:26,598][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] updated geoip database [GeoLite2-ASN.mmdb]
[2021-12-11T13:34:26,615][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] updating geoip database [GeoLite2-City.mmdb]
[2021-12-11T13:34:26,762][INFO ][o.e.i.g.DatabaseNodeService] [loganalyzer] successfully reloaded changed geoip database file [/tmp/elasticsearch-4506073123971287958/geoip-databases/OJH0IV74RNORXhoJH_2Avg/GeoLite2-ASN.mmdb]
[2021-12-11T13:34:31,893][INFO ][o.e.m.j.JvmGcMonitorService] [loganalyzer] [gc][young][25][9] duration [863ms], collections [1]/[1s], total [863ms]/[1.5s], memory [402.4mb]->[96.9mb]/[7.6gb], all_pools {[young] [316mb]->[0b]/[0b]}{[old] [26.8mb]->[66.2mb]/[7.6gb]}{[survivor] [59.6mb]->[30.6mb]/[0b]}
[2021-12-11T13:34:31,893][WARN ][o.e.m.j.JvmGcMonitorService] [loganalyzer] [gc][25] overhead, spent [863ms] collecting in the last [1s]
[2021-12-11T13:34:34,738][INFO ][o.e.i.g.DatabaseNodeService] [loganalyzer] downloading geoip database [GeoLite2-City.mmdb] to [/tmp/elasticsearch-4506073123971287958/geoip-databases/OJH0IV74RNORXhoJH_2Avg/GeoLite2-City.mmdb.tmp.gz]
[2021-12-11T13:34:34,747][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] updated geoip database [GeoLite2-City.mmdb]
[2021-12-11T13:34:34,749][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] updating geoip database [GeoLite2-Country.mmdb]
[2021-12-11T13:34:35,511][INFO ][o.e.i.g.DatabaseNodeService] [loganalyzer] successfully reloaded changed geoip database file [/tmp/elasticsearch-4506073123971287958/geoip-databases/OJH0IV74RNORXhoJH_2Avg/GeoLite2-City.mmdb]
[2021-12-11T13:34:36,351][INFO ][o.e.i.g.DatabaseNodeService] [loganalyzer] downloading geoip database [GeoLite2-Country.mmdb] to [/tmp/elasticsearch-4506073123971287958/geoip-databases/OJH0IV74RNORXhoJH_2Avg/GeoLite2-Country.mmdb.tmp.gz]
[2021-12-11T13:34:36,362][INFO ][o.e.i.g.GeoIpDownloader ] [loganalyzer] updated geoip database [GeoLite2-Country.mmdb]
[2021-12-11T13:34:36,411][INFO ][o.e.i.g.DatabaseNodeService] [loganalyzer] successfully reloaded changed geoip database file [/tmp/elasticsearch-4506073123971287958/geoip-databases/OJH0IV74RNORXhoJH_2Avg/GeoLite2-Country.mmdb]
Generating the passwords for all built-in users with Elasticsearch tool – elasticsearch-setup-passwords:
[root@loganalyzer elasticsearch]# cd /usr/share/elasticsearch/ [root@loganalyzer elasticsearch]# ./bin/elasticsearch-setup-passwords auto Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N]y Changed password for user apm_system PASSWORD apm_system = voh8auj7Yo4iphohNgow Changed password for user kibana_system PASSWORD kibana_system = eNgein6beenahyug0eif Changed password for user kibana PASSWORD kibana = Muphua3Yiemai7Chieth Changed password for user logstash_system PASSWORD logstash_system = aeWee1baig6PhoonooK9 Changed password for user beats_system PASSWORD beats_system = mohk9ei8vae5Oox9pahl Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = Aephohng2ua2ophionah Changed password for user elastic PASSWORD elastic = IkeeshahfaimeeJie3ia [root@loganalyzer elasticsearch]#
Now the Elasticsearch listens on the local IP 192.168.0.2 and it is protected with users’ credentials. Save the above output in a safe place!
Testing the access to the server by listing the indexes with the curl command like tool, for example:
[root@loganalyzer elasticsearch]# curl --user elastic:IkeeshahfaimeeJie3ia -X GET "http:/192.168.0.2:9200/_cat/indices?v" health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .geoip_databases f4yFunynTBOGhLM2ioP1KQ 1 0 42 0 41.1mb 41.1mb green open .security-7 MzwsKQ1rTmK2JD-0K1zvAw 1 0 7 0 25.1kb 25.1kb
The elastic user is with administrative privileges and it could be used to create more roles and users.
Omitting the user credentials will result in an error:
[root@loganalyzer elasticsearch]# curl -X GET "http:/192.168.0.2:9200/_cat/indices?v"
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/_cat/indices?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/_cat/indices?v]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
STEP 4) Install Kibana.
Installation of Kibana rpm repository and software.
First, add the official rpm repository to the system creating the repo file /etc/yum.repos.d/kibana.repo:
[kibana-7.x] name=Kibana repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Install Kibana software with
[root@loganalyzer ~]# dnf install kibana Kibana repository for 7.x packages 30 MB/s | 36 MB 00:01 Last metadata expiration check: 0:00:09 ago on 11.12.2021 (Sat) 23:19:39 UTC. Dependencies resolved. =================================================================================================================== Package Architecture Version Repository Size =================================================================================================================== Installing: kibana x86_64 7.16.0-1 elasticsearch 274 M Transaction Summary =================================================================================================================== Install 1 Package Total download size: 274 M Installed size: 730 M Is this ok [y/N]: y Downloading Packages: kibana-7.16.0-x86_64.rpm 42 MB/s | 274 MB 00:06 -------------------------------------------------------------------------------------------------------------------- Total 42 MB/s | 274 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: kibana-7.16.0-1.x86_64 1/1 Installing : kibana-7.16.0-1.x86_64 [=========================== ] 1/1 Installing : kibana-7.16.0-1.x86_64 1/1 Running scriptlet: kibana-7.16.0-1.x86_64 1/1 Creating kibana group... OK Creating kibana user... OK Created Kibana keystore in /etc/kibana/kibana.keystore [/usr/lib/tmpfiles.d/elasticsearch.conf:1] Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly. Verifying : kibana-7.16.0-1.x86_64 1/1 Installed: kibana-7.16.0-1.x86_64 Complete!
The configuration files are stored in:
[root@loganalyzer ~]# ls -altr /etc/kibana/ total 36 -rw-r--r--. 1 root kibana 5243 Sep 16 02:25 kibana.yml.rpmnew -rw-rw----. 1 root kibana 130 Oct 6 07:48 kibana.keystore -rw-r--r--. 1 root kibana 62 Oct 6 07:48 .kibana.keystore.initial_md5sum -rw-r--r--. 1 root kibana 216 Oct 7 21:19 node.options drwxr-s---. 2 root kibana 4096 Oct 31 02:28 . drwxr-xr-x. 68 root root 4096 Oct 31 08:23 .. -rw-rw----. 1 root kibana 5220 Nov 22 13:19 kibana.yml
The metafiles and logs are in:
[root@loganalyzer ~]# ls -altr /var/lib/kibana/ total 20 drwxr-xr-x. 18 root root 4096 Sep 13 2019 .. -rw-r--r--. 1 kibana kibana 36 Sep 13 2019 uuid drwxr-xr-x. 2 kibana kibana 4096 Apr 23 2020 optimize drwxr-xr-x. 4 kibana kibana 4096 Apr 25 2020 headless_shell-linux drwxr-s---. 4 kibana kibana 4096 Oct 7 21:28 . [root@loganalyzer ~]# ls -altr /var/log/kibana/ total 29012 drwxr-s---. 2 kibana kibana 4096 Oct 6 08:16 . drwxr-xr-x. 4 root root 4096 Dec 19 04:02 .. -rw-r--r--. 1 kibana kibana 29692716 Dec 25 21:16 kibana.log
STEP 5) Configure Kibana to use Elasticsearch.
At least, five options in the Kibana configuration are important to connect Kibana with the Elasticsearch service. Change the main Kibana configuration file /etc/kibana/kibana.yml. Some of the lines may differ from the setup proposed below like the IP or the publicBaseUrl or the elasticsearch.password, which was generated in the previous step! The options are simple enough and they are self-explanatory.
server.host: "192.168.0.2" server.publicBaseUrl: "https://kibana.example.com" elasticsearch.hosts: ["http://192.168.0.2:9200"] elasticsearch.username: "kibana_system" elasticsearch.password: "iHOcAndyZsINnwDMGYJL"
Use the kibana_system user credentials to access the Elasticsearch service from Kibana. The Elasticsearch listens on 192.168.0.2, which was manually set in its configuration above. And the publicBaseUrl is the public domain name, with which the user will load the Kibana web interface.
Enable and start the Kibana service:
[root@loganalyzer ~]# systemctl enable kibana
Synchronizing state of kibana.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable kibana
Created symlink /etc/systemd/system/multi-user.target.wants/kibana.service → /etc/systemd/system/kibana.service.
[root@loganalyzer ~]# systemctl start kibana
[root@loganalyzer ~]# systemctl status kibana
● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
Drop-In: /run/systemd/system/kibana.service.d
└─zzz-lxc-service.conf
Active: active (running) since Sat 2021-12-11 23:43:44 UTC; 3s ago
Docs: https://www.elastic.co
Main PID: 4908 (node)
Tasks: 7 (limit: 26213)
Memory: 95.7M
CGroup: /user.slice/user-0.slice/session-12.scope/system.slice/kibana.service
└─4908 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist --logging.dest=/var/log/kibana/kibana.log --pid.file=/run/kibana/kibana.pid
Dec 11 23:43:44 loganalyzer systemd[1]: Started Kibana.
On the first start, Kibana will create the needed index and metadata in the Elasticsearch. Here is the first start log output:
[root@loganalyzer ~]# cat /var/log/kibana/kibana.log
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["info","plugins-service"],"pid":4908,"message":"Plugin \"metricsEntities\" is disabled."}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["info","http","server","Preboot"],"pid":4908,"message":"http server running at http://192.168.0.2:5601"}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["warning","config","deprecation"],"pid":4908,"message":"\"logging.dest\" has been deprecated and will be removed in 8.0. To set the destination moving forward, you can use the \"console\" appender in your logging configuration or define a custom one."}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["warning","config","deprecation"],"pid":4908,"message":"Use Kibana application privileges to grant reporting privileges. Using \"xpack.reporting.roles.allow\" to grant reporting privileges is deprecated. The \"xpack.reporting.roles.enabled\" setting will default to false in a future release."}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["warning","config","deprecation"],"pid":4908,"message":"User sessions will automatically time out after 8 hours of inactivity starting in 8.0. Override this value to change the timeout."}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["warning","config","deprecation"],"pid":4908,"message":"Users are automatically required to log in again after 30 days starting in 8.0. Override this value to change the timeout."}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["info","plugins-system","standard"],"pid":4908,"message":"Setting up [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,share,embeddable,uiActionsEnhanced,screenshotMode,banners,telemetry,newsfeed,mapsEms,mapsLegacy,kibanaLegacy,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,canvas,lists,ingestPipelines,fileUpload,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,alerting,triggersActionsUi,transform,stackAlerts,ruleRegistry,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,expressionTagcloud,expressionMetricVis,console,graph,fleet,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,dashboard,maps,dashboardMode,dashboardEnhanced,visualize,visTypeTimeseries,rollup,indexPatternFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,savedObjectsManagement,indexPatternManagement]"}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["info","plugins","taskManager"],"pid":4908,"message":"TaskManager is identified by the Kibana UUID: c779c0a3-451a-41eb-af8c-044d9ebb839b"}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["warning","plugins","security","config"],"pid":4908,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-12-11T23:44:00+00:00","tags":["warning","plugins","security","config"],"pid":4908,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["warning","plugins","security","config"],"pid":4908,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["warning","plugins","security","config"],"pid":4908,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["warning","plugins","reporting","config"],"pid":4908,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":4908,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["warning","plugins","actions"],"pid":4908,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["warning","plugins","alerting"],"pid":4908,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["info","plugins","ruleRegistry"],"pid":4908,"message":"Installing common resources shared between all indices"}
{"type":"log","@timestamp":"2021-12-11T23:44:01+00:00","tags":["warning","plugins","reporting","config"],"pid":4908,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.5.2111\n OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
{"type":"log","@timestamp":"2021-12-11T23:44:03+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2021-12-11T23:44:03+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2021-12-11T23:44:04+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana] INIT -> CREATE_NEW_TARGET. took: 73ms."}
{"type":"log","@timestamp":"2021-12-11T23:44:04+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 75ms."}
{"type":"log","@timestamp":"2021-12-11T23:44:07+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana_task_manager] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY. took: 3024ms."}
{"type":"log","@timestamp":"2021-12-11T23:44:08+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana_task_manager] MARK_VERSION_INDEX_READY -> DONE. took: 1791ms."}
{"type":"log","@timestamp":"2021-12-11T23:44:08+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana_task_manager] Migration completed after 4891ms"}
{"type":"log","@timestamp":"2021-12-11T23:44:09+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY. took: 5294ms."}
{"type":"log","@timestamp":"2021-12-11T23:44:09+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana] MARK_VERSION_INDEX_READY -> DONE. took: 317ms."}
{"type":"log","@timestamp":"2021-12-11T23:44:09+00:00","tags":["info","savedobjects-service"],"pid":4908,"message":"[.kibana] Migration completed after 5684ms"}
{"type":"log","@timestamp":"2021-12-11T23:44:09+00:00","tags":["info","plugins-system","standard"],"pid":4908,"message":"Starting [113] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,licenseApiGuard,code,usageCollection,xpackLegacy,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,share,embeddable,uiActionsEnhanced,screenshotMode,banners,telemetry,newsfeed,mapsEms,mapsLegacy,kibanaLegacy,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,canvas,lists,ingestPipelines,fileUpload,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,alerting,triggersActionsUi,transform,stackAlerts,ruleRegistry,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,tileMap,regionMap,expressionTagcloud,expressionMetricVis,console,graph,fleet,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,dashboard,maps,dashboardMode,dashboardEnhanced,visualize,visTypeTimeseries,rollup,indexPatternFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,savedObjectsManagement,indexPatternManagement]"}
{"type":"log","@timestamp":"2021-12-11T23:44:11+00:00","tags":["info","plugins","monitoring","monitoring"],"pid":4908,"message":"config sourced from: production cluster"}
{"type":"log","@timestamp":"2021-12-11T23:44:12+00:00","tags":["info","http","server","Kibana"],"pid":4908,"message":"http server running at http://192.168.0.2:5601"}
{"type":"log","@timestamp":"2021-12-11T23:44:13+00:00","tags":["info","status"],"pid":4908,"message":"Kibana is now degraded"}
{"type":"log","@timestamp":"2021-12-11T23:44:14+00:00","tags":["info","plugins","monitoring","monitoring","kibana-monitoring"],"pid":4908,"message":"Starting monitoring stats collection"}
{"type":"log","@timestamp":"2021-12-11T23:44:21+00:00","tags":["info","plugins","reporting","chromium"],"pid":4908,"message":"Browser executable: /usr/share/kibana/x-pack/plugins/reporting/chromium/headless_shell-linux_x64/headless_shell"}
{"type":"log","@timestamp":"2021-12-11T23:44:21+00:00","tags":["warning","plugins","reporting","chromium"],"pid":4908,"message":"Enabling the Chromium sandbox provides an additional layer of protection."}
{"type":"log","@timestamp":"2021-12-11T23:44:25+00:00","tags":["info","plugins","reporting","store"],"pid":4908,"message":"Creating ILM policy for managing reporting indices: kibana-reporting"}
STEP 6) Configure NGINX to proxy web connection to Kibana service.
It is a good idea to install a generic web service like NGINX to proxy web requests to Kibana service. Kibana could be used without such service, but a generic web server like NGINX would add an additional layer and functionalities of security with HTTPS connectivity, IP/network limitation, HTTP/2, and many more! Here is the sample configuration for it. Install the Nginx web server:
[root@loganalyzer ~]# dnf install nginx Last metadata expiration check: 0:34:20 ago on 11.12.2021 (Sat) 23:19:39 UTC. Dependencies resolved. ============================================================================================================================ Package Architecture Version Repository Size ============================================================================================================================ Installing: nginx x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 570 k Installing dependencies: dejavu-fonts-common noarch 2.35-7.el8 baseos 74 k dejavu-sans-fonts noarch 2.35-7.el8 baseos 1.6 M fontconfig x86_64 2.13.1-4.el8 baseos 274 k fontpackages-filesystem noarch 1.44-22.el8 baseos 16 k freetype x86_64 2.9.1-4.el8_3.1 baseos 394 k gd x86_64 2.2.5-7.el8 appstream 144 k groff-base x86_64 1.22.3-18.el8 baseos 1.0 M jbigkit-libs x86_64 2.1-14.el8 appstream 55 k libX11 x86_64 1.6.8-5.el8 appstream 611 k libX11-common noarch 1.6.8-5.el8 appstream 158 k libXau x86_64 1.0.9-3.el8 appstream 37 k libXpm x86_64 3.5.12-8.el8 appstream 58 k libjpeg-turbo x86_64 1.5.3-12.el8 appstream 157 k libpng x86_64 2:1.6.34-5.el8 baseos 126 k libtiff x86_64 4.0.9-20.el8 appstream 188 k libwebp x86_64 1.0.0-5.el8 appstream 272 k libxcb x86_64 1.13.1-1.el8 appstream 229 k libxslt x86_64 1.1.32-6.el8 baseos 250 k nginx-all-modules noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 23 k nginx-filesystem noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 24 k nginx-mod-http-image-filter x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 35 k nginx-mod-http-perl x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 45 k nginx-mod-http-xslt-filter x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 33 k nginx-mod-mail x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 64 k nginx-mod-stream x86_64 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 85 k perl-Carp noarch 1.42-396.el8 baseos 30 k perl-Data-Dumper x86_64 2.167-399.el8 baseos 58 k perl-Digest noarch 1.17-395.el8 appstream 27 k perl-Digest-MD5 x86_64 2.55-396.el8 appstream 37 k perl-Encode x86_64 4:2.97-3.el8 baseos 1.5 M perl-Errno x86_64 1.28-420.el8 baseos 76 k perl-Exporter noarch 5.72-396.el8 baseos 34 k perl-File-Path noarch 2.15-2.el8 baseos 38 k perl-File-Temp noarch 0.230.600-1.el8 baseos 63 k perl-Getopt-Long noarch 1:2.50-4.el8 baseos 63 k perl-HTTP-Tiny noarch 0.074-1.el8 baseos 58 k perl-IO x86_64 1.38-420.el8 baseos 142 k perl-MIME-Base64 x86_64 3.15-396.el8 baseos 31 k perl-Net-SSLeay x86_64 1.88-1.module_el8.3.0+410+ff426aa3 appstream 379 k perl-PathTools x86_64 3.74-1.el8 baseos 90 k perl-Pod-Escapes noarch 1:1.07-395.el8 baseos 20 k perl-Pod-Perldoc noarch 3.28-396.el8 baseos 86 k perl-Pod-Simple noarch 1:3.35-395.el8 baseos 213 k perl-Pod-Usage noarch 4:1.69-395.el8 baseos 34 k perl-Scalar-List-Utils x86_64 3:1.49-2.el8 baseos 68 k perl-Socket x86_64 4:2.027-3.el8 baseos 59 k perl-Storable x86_64 1:3.11-3.el8 baseos 98 k perl-Term-ANSIColor noarch 4.06-396.el8 baseos 46 k perl-Term-Cap noarch 1.17-395.el8 baseos 23 k perl-Text-ParseWords noarch 3.30-395.el8 baseos 18 k perl-Text-Tabs+Wrap noarch 2013.0523-395.el8 baseos 24 k perl-Time-Local noarch 1:1.280-1.el8 baseos 34 k perl-URI noarch 1.73-3.el8 appstream 116 k perl-Unicode-Normalize x86_64 1.25-396.el8 baseos 82 k perl-constant noarch 1.33-396.el8 baseos 25 k perl-interpreter x86_64 4:5.26.3-420.el8 baseos 6.3 M perl-libnet noarch 3.11-3.el8 appstream 121 k perl-libs x86_64 4:5.26.3-420.el8 baseos 1.6 M perl-macros x86_64 4:5.26.3-420.el8 baseos 72 k perl-parent noarch 1:0.237-1.el8 baseos 20 k perl-podlators noarch 4.11-1.el8 baseos 118 k perl-threads x86_64 1:2.21-2.el8 baseos 61 k perl-threads-shared x86_64 1.58-2.el8 baseos 48 k Installing weak dependencies: perl-IO-Socket-IP noarch 0.39-5.el8 appstream 47 k perl-IO-Socket-SSL noarch 2.066-4.module_el8.3.0+410+ff426aa3 appstream 298 k perl-Mozilla-CA noarch 20160104-7.module_el8.3.0+416+dee7bcef appstream 15 k Enabling module streams: nginx 1.14 perl 5.26 perl-IO-Socket-SSL 2.066 perl-libwww-perl 6.34 Transaction Summary ============================================================================================================================ Install 67 Packages Total download size: 19 M Installed size: 55 M Is this ok [y/N]: y Downloading Packages: (1/67): jbigkit-libs-2.1-14.el8.x86_64.rpm 362 kB/s | 55 kB 00:00 (2/67): gd-2.2.5-7.el8.x86_64.rpm 592 kB/s | 144 kB 00:00 (3/67): libX11-common-1.6.8-5.el8.noarch.rpm 610 kB/s | 158 kB 00:00 (4/67): libXau-1.0.9-3.el8.x86_64.rpm 159 kB/s | 37 kB 00:00 (5/67): libXpm-3.5.12-8.el8.x86_64.rpm 572 kB/s | 58 kB 00:00 (6/67): libjpeg-turbo-1.5.3-12.el8.x86_64.rpm 1.8 MB/s | 157 kB 00:00 (7/67): libX11-1.6.8-5.el8.x86_64.rpm 984 kB/s | 611 kB 00:00 (8/67): libtiff-4.0.9-20.el8.x86_64.rpm 1.2 MB/s | 188 kB 00:00 (9/67): libwebp-1.0.0-5.el8.x86_64.rpm 1.8 MB/s | 272 kB 00:00 (10/67): libxcb-1.13.1-1.el8.x86_64.rpm 1.7 MB/s | 229 kB 00:00 (11/67): nginx-all-modules-1.14.1-9.module_el8.0.0+184+e34fea82.noarch.rpm 313 kB/s | 23 kB 00:00 (12/67): nginx-filesystem-1.14.1-9.module_el8.0.0+184+e34fea82.noarch.rpm 292 kB/s | 24 kB 00:00 (13/67): nginx-mod-http-image-filter-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm 261 kB/s | 35 kB 00:00 (14/67): nginx-mod-http-perl-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm 364 kB/s | 45 kB 00:00 (15/67): nginx-mod-http-xslt-filter-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm 399 kB/s | 33 kB 00:00 (16/67): nginx-mod-mail-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm 712 kB/s | 64 kB 00:00 (17/67): nginx-mod-stream-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm 933 kB/s | 85 kB 00:00 (18/67): perl-Digest-1.17-395.el8.noarch.rpm 348 kB/s | 27 kB 00:00 (19/67): nginx-1.14.1-9.module_el8.0.0+184+e34fea82.x86_64.rpm 1.1 MB/s | 570 kB 00:00 (20/67): perl-Digest-MD5-2.55-396.el8.x86_64.rpm 341 kB/s | 37 kB 00:00 (21/67): perl-IO-Socket-IP-0.39-5.el8.noarch.rpm 316 kB/s | 47 kB 00:00 (22/67): perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch.rpm 125 kB/s | 15 kB 00:00 (23/67): perl-IO-Socket-SSL-2.066-4.module_el8.3.0+410+ff426aa3.noarch.rpm 1.6 MB/s | 298 kB 00:00 (24/67): perl-Net-SSLeay-1.88-1.module_el8.3.0+410+ff426aa3.x86_64.rpm 1.7 MB/s | 379 kB 00:00 (25/67): perl-URI-1.73-3.el8.noarch.rpm 551 kB/s | 116 kB 00:00 (26/67): perl-libnet-3.11-3.el8.noarch.rpm 604 kB/s | 121 kB 00:00 (27/67): dejavu-fonts-common-2.35-7.el8.noarch.rpm 399 kB/s | 74 kB 00:00 (28/67): fontpackages-filesystem-1.44-22.el8.noarch.rpm 240 kB/s | 16 kB 00:00 (29/67): fontconfig-2.13.1-4.el8.x86_64.rpm 1.3 MB/s | 274 kB 00:00 (30/67): freetype-2.9.1-4.el8_3.1.x86_64.rpm 2.0 MB/s | 394 kB 00:00 (31/67): libpng-1.6.34-5.el8.x86_64.rpm 1.5 MB/s | 126 kB 00:00 (32/67): groff-base-1.22.3-18.el8.x86_64.rpm 3.0 MB/s | 1.0 MB 00:00 (33/67): libxslt-1.1.32-6.el8.x86_64.rpm 1.5 MB/s | 250 kB 00:00 (34/67): dejavu-sans-fonts-2.35-7.el8.noarch.rpm 2.2 MB/s | 1.6 MB 00:00 (35/67): perl-Carp-1.42-396.el8.noarch.rpm 172 kB/s | 30 kB 00:00 (36/67): perl-Data-Dumper-2.167-399.el8.x86_64.rpm 347 kB/s | 58 kB 00:00 (37/67): perl-Errno-1.28-420.el8.x86_64.rpm 762 kB/s | 76 kB 00:00 (38/67): perl-Exporter-5.72-396.el8.noarch.rpm 245 kB/s | 34 kB 00:00 (39/67): perl-File-Path-2.15-2.el8.noarch.rpm 176 kB/s | 38 kB 00:00 (40/67): perl-File-Temp-0.230.600-1.el8.noarch.rpm 349 kB/s | 63 kB 00:00 (41/67): perl-Getopt-Long-2.50-4.el8.noarch.rpm 498 kB/s | 63 kB 00:00 (42/67): perl-HTTP-Tiny-0.074-1.el8.noarch.rpm 386 kB/s | 58 kB 00:00 (43/67): perl-IO-1.38-420.el8.x86_64.rpm 789 kB/s | 142 kB 00:00 (44/67): perl-MIME-Base64-3.15-396.el8.x86_64.rpm 153 kB/s | 31 kB 00:00 (45/67): perl-PathTools-3.74-1.el8.x86_64.rpm 587 kB/s | 90 kB 00:00 (46/67): perl-Pod-Escapes-1.07-395.el8.noarch.rpm 223 kB/s | 20 kB 00:00 (47/67): perl-Encode-2.97-3.el8.x86_64.rpm 1.5 MB/s | 1.5 MB 00:00 (48/67): perl-Pod-Perldoc-3.28-396.el8.noarch.rpm 476 kB/s | 86 kB 00:00 (49/67): perl-Pod-Usage-1.69-395.el8.noarch.rpm 317 kB/s | 34 kB 00:00 (50/67): perl-Pod-Simple-3.35-395.el8.noarch.rpm 826 kB/s | 213 kB 00:00 (51/67): perl-Scalar-List-Utils-1.49-2.el8.x86_64.rpm 470 kB/s | 68 kB 00:00 (52/67): perl-Socket-2.027-3.el8.x86_64.rpm 392 kB/s | 59 kB 00:00 (53/67): perl-Term-ANSIColor-4.06-396.el8.noarch.rpm 459 kB/s | 46 kB 00:00 (54/67): perl-Storable-3.11-3.el8.x86_64.rpm 530 kB/s | 98 kB 00:00 (55/67): perl-Term-Cap-1.17-395.el8.noarch.rpm 161 kB/s | 23 kB 00:00 (56/67): perl-Text-ParseWords-3.30-395.el8.noarch.rpm 126 kB/s | 18 kB 00:00 (57/67): perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch.rpm 161 kB/s | 24 kB 00:00 (58/67): perl-Time-Local-1.280-1.el8.noarch.rpm 224 kB/s | 34 kB 00:00 (59/67): perl-constant-1.33-396.el8.noarch.rpm 278 kB/s | 25 kB 00:00 (60/67): perl-Unicode-Normalize-1.25-396.el8.x86_64.rpm 430 kB/s | 82 kB 00:00 (61/67): perl-macros-5.26.3-420.el8.x86_64.rpm 714 kB/s | 72 kB 00:00 (62/67): perl-parent-0.237-1.el8.noarch.rpm 353 kB/s | 20 kB 00:00 (63/67): perl-podlators-4.11-1.el8.noarch.rpm 1.2 MB/s | 118 kB 00:00 (64/67): perl-threads-2.21-2.el8.x86_64.rpm 381 kB/s | 61 kB 00:00 (65/67): perl-threads-shared-1.58-2.el8.x86_64.rpm 722 kB/s | 48 kB 00:00 (66/67): perl-libs-5.26.3-420.el8.x86_64.rpm 2.1 MB/s | 1.6 MB 00:00 (67/67): perl-interpreter-5.26.3-420.el8.x86_64.rpm 3.7 MB/s | 6.3 MB 00:01 ---------------------------------------------------------------------------------------------------------------------------- Total 2.9 MB/s | 19 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libpng-2:1.6.34-5.el8.x86_64 1/67 Installing : freetype-2.9.1-4.el8_3.1.x86_64 2/67 Installing : fontpackages-filesystem-1.44-22.el8.noarch 3/67 Installing : libjpeg-turbo-1.5.3-12.el8.x86_64 4/67 Installing : dejavu-fonts-common-2.35-7.el8.noarch 5/67 Installing : dejavu-sans-fonts-2.35-7.el8.noarch 6/67 Installing : fontconfig-2.13.1-4.el8.x86_64 7/67 Running scriptlet: fontconfig-2.13.1-4.el8.x86_64 7/67 Installing : libxslt-1.1.32-6.el8.x86_64 8/67 Installing : groff-base-1.22.3-18.el8.x86_64 9/67 Installing : perl-Digest-1.17-395.el8.noarch 10/67 Installing : perl-Digest-MD5-2.55-396.el8.x86_64 11/67 Installing : perl-Data-Dumper-2.167-399.el8.x86_64 12/67 Installing : perl-libnet-3.11-3.el8.noarch 13/67 Installing : perl-Net-SSLeay-1.88-1.module_el8.3.0+410+ff426aa3.x86_64 14/67 Installing : perl-URI-1.73-3.el8.noarch 15/67 Installing : perl-Pod-Escapes-1:1.07-395.el8.noarch 16/67 Installing : perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch 17/67 Installing : perl-IO-Socket-IP-0.39-5.el8.noarch 18/67 Installing : perl-Time-Local-1:1.280-1.el8.noarch 19/67 Installing : perl-IO-Socket-SSL-2.066-4.module_el8.3.0+410+ff426aa3.noarch 20/67 Installing : perl-Term-ANSIColor-4.06-396.el8.noarch 21/67 Installing : perl-Term-Cap-1.17-395.el8.noarch 22/67 Installing : perl-File-Temp-0.230.600-1.el8.noarch 23/67 Installing : perl-Pod-Simple-1:3.35-395.el8.noarch 24/67 Installing : perl-HTTP-Tiny-0.074-1.el8.noarch 25/67 Installing : perl-podlators-4.11-1.el8.noarch 26/67 Installing : perl-Pod-Perldoc-3.28-396.el8.noarch 27/67 Installing : perl-Text-ParseWords-3.30-395.el8.noarch 28/67 Installing : perl-Pod-Usage-4:1.69-395.el8.noarch 29/67 Installing : perl-MIME-Base64-3.15-396.el8.x86_64 30/67 Installing : perl-Storable-1:3.11-3.el8.x86_64 31/67 Installing : perl-Getopt-Long-1:2.50-4.el8.noarch 32/67 Installing : perl-Errno-1.28-420.el8.x86_64 33/67 Installing : perl-Socket-4:2.027-3.el8.x86_64 34/67 Installing : perl-Encode-4:2.97-3.el8.x86_64 35/67 Installing : perl-Carp-1.42-396.el8.noarch 36/67 Installing : perl-Exporter-5.72-396.el8.noarch 37/67 Installing : perl-libs-4:5.26.3-420.el8.x86_64 38/67 Installing : perl-Scalar-List-Utils-3:1.49-2.el8.x86_64 39/67 Installing : perl-parent-1:0.237-1.el8.noarch 40/67 Installing : perl-macros-4:5.26.3-420.el8.x86_64 41/67 Installing : perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch 42/67 Installing : perl-Unicode-Normalize-1.25-396.el8.x86_64 43/67 Installing : perl-File-Path-2.15-2.el8.noarch 44/67 Installing : perl-IO-1.38-420.el8.x86_64 45/67 Installing : perl-PathTools-3.74-1.el8.x86_64 46/67 Installing : perl-constant-1.33-396.el8.noarch 47/67 Installing : perl-threads-1:2.21-2.el8.x86_64 48/67 Installing : perl-threads-shared-1.58-2.el8.x86_64 49/67 Installing : perl-interpreter-4:5.26.3-420.el8.x86_64 50/67 Running scriptlet: nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch 51/67 Installing : nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch 51/67 Installing : libwebp-1.0.0-5.el8.x86_64 52/67 Installing : libXau-1.0.9-3.el8.x86_64 53/67 Installing : libxcb-1.13.1-1.el8.x86_64 54/67 Installing : libX11-common-1.6.8-5.el8.noarch 55/67 Installing : libX11-1.6.8-5.el8.x86_64 56/67 Installing : libXpm-3.5.12-8.el8.x86_64 57/67 Installing : jbigkit-libs-2.1-14.el8.x86_64 58/67 Running scriptlet: jbigkit-libs-2.1-14.el8.x86_64 58/67 Installing : libtiff-4.0.9-20.el8.x86_64 59/67 Installing : gd-2.2.5-7.el8.x86_64 60/67 Running scriptlet: gd-2.2.5-7.el8.x86_64 60/67 Installing : nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 61/67 Running scriptlet: nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 61/67 Installing : nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 62/67 Running scriptlet: nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 62/67 Installing : nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 63/67 Running scriptlet: nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 63/67 Installing : nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 64/67 Running scriptlet: nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 64/67 Installing : nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 65/67 Running scriptlet: nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 65/67 Installing : nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 66/67 Running scriptlet: nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 66/67 Installing : nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch 67/67 Running scriptlet: nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch 67/67 Running scriptlet: fontconfig-2.13.1-4.el8.x86_64 67/67 Verifying : gd-2.2.5-7.el8.x86_64 1/67 Verifying : jbigkit-libs-2.1-14.el8.x86_64 2/67 Verifying : libX11-1.6.8-5.el8.x86_64 3/67 Verifying : libX11-common-1.6.8-5.el8.noarch 4/67 Verifying : libXau-1.0.9-3.el8.x86_64 5/67 Verifying : libXpm-3.5.12-8.el8.x86_64 6/67 Verifying : libjpeg-turbo-1.5.3-12.el8.x86_64 7/67 Verifying : libtiff-4.0.9-20.el8.x86_64 8/67 Verifying : libwebp-1.0.0-5.el8.x86_64 9/67 Verifying : libxcb-1.13.1-1.el8.x86_64 10/67 Verifying : nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 11/67 Verifying : nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch 12/67 Verifying : nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch 13/67 Verifying : nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 14/67 Verifying : nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 15/67 Verifying : nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 16/67 Verifying : nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 17/67 Verifying : nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 18/67 Verifying : perl-Digest-1.17-395.el8.noarch 19/67 Verifying : perl-Digest-MD5-2.55-396.el8.x86_64 20/67 Verifying : perl-IO-Socket-IP-0.39-5.el8.noarch 21/67 Verifying : perl-IO-Socket-SSL-2.066-4.module_el8.3.0+410+ff426aa3.noarch 22/67 Verifying : perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch 23/67 Verifying : perl-Net-SSLeay-1.88-1.module_el8.3.0+410+ff426aa3.x86_64 24/67 Verifying : perl-URI-1.73-3.el8.noarch 25/67 Verifying : perl-libnet-3.11-3.el8.noarch 26/67 Verifying : dejavu-fonts-common-2.35-7.el8.noarch 27/67 Verifying : dejavu-sans-fonts-2.35-7.el8.noarch 28/67 Verifying : fontconfig-2.13.1-4.el8.x86_64 29/67 Verifying : fontpackages-filesystem-1.44-22.el8.noarch 30/67 Verifying : freetype-2.9.1-4.el8_3.1.x86_64 31/67 Verifying : groff-base-1.22.3-18.el8.x86_64 32/67 Verifying : libpng-2:1.6.34-5.el8.x86_64 33/67 Verifying : libxslt-1.1.32-6.el8.x86_64 34/67 Verifying : perl-Carp-1.42-396.el8.noarch 35/67 Verifying : perl-Data-Dumper-2.167-399.el8.x86_64 36/67 Verifying : perl-Encode-4:2.97-3.el8.x86_64 37/67 Verifying : perl-Errno-1.28-420.el8.x86_64 38/67 Verifying : perl-Exporter-5.72-396.el8.noarch 39/67 Verifying : perl-File-Path-2.15-2.el8.noarch 40/67 Verifying : perl-File-Temp-0.230.600-1.el8.noarch 41/67 Verifying : perl-Getopt-Long-1:2.50-4.el8.noarch 42/67 Verifying : perl-HTTP-Tiny-0.074-1.el8.noarch 43/67 Verifying : perl-IO-1.38-420.el8.x86_64 44/67 Verifying : perl-MIME-Base64-3.15-396.el8.x86_64 45/67 Verifying : perl-PathTools-3.74-1.el8.x86_64 46/67 Verifying : perl-Pod-Escapes-1:1.07-395.el8.noarch 47/67 Verifying : perl-Pod-Perldoc-3.28-396.el8.noarch 48/67 Verifying : perl-Pod-Simple-1:3.35-395.el8.noarch 49/67 Verifying : perl-Pod-Usage-4:1.69-395.el8.noarch 50/67 Verifying : perl-Scalar-List-Utils-3:1.49-2.el8.x86_64 51/67 Verifying : perl-Socket-4:2.027-3.el8.x86_64 52/67 Verifying : perl-Storable-1:3.11-3.el8.x86_64 53/67 Verifying : perl-Term-ANSIColor-4.06-396.el8.noarch 54/67 Verifying : perl-Term-Cap-1.17-395.el8.noarch 55/67 Verifying : perl-Text-ParseWords-3.30-395.el8.noarch 56/67 Verifying : perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch 57/67 Verifying : perl-Time-Local-1:1.280-1.el8.noarch 58/67 Verifying : perl-Unicode-Normalize-1.25-396.el8.x86_64 59/67 Verifying : perl-constant-1.33-396.el8.noarch 60/67 Verifying : perl-interpreter-4:5.26.3-420.el8.x86_64 61/67 Verifying : perl-libs-4:5.26.3-420.el8.x86_64 62/67 Verifying : perl-macros-4:5.26.3-420.el8.x86_64 63/67 Verifying : perl-parent-1:0.237-1.el8.noarch 64/67 Verifying : perl-podlators-4.11-1.el8.noarch 65/67 Verifying : perl-threads-1:2.21-2.el8.x86_64 66/67 Verifying : perl-threads-shared-1.58-2.el8.x86_64 67/67 Installed: dejavu-fonts-common-2.35-7.el8.noarch dejavu-sans-fonts-2.35-7.el8.noarch fontconfig-2.13.1-4.el8.x86_64 fontpackages-filesystem-1.44-22.el8.noarch freetype-2.9.1-4.el8_3.1.x86_64 gd-2.2.5-7.el8.x86_64 groff-base-1.22.3-18.el8.x86_64 jbigkit-libs-2.1-14.el8.x86_64 libX11-1.6.8-5.el8.x86_64 libX11-common-1.6.8-5.el8.noarch libXau-1.0.9-3.el8.x86_64 libXpm-3.5.12-8.el8.x86_64 libjpeg-turbo-1.5.3-12.el8.x86_64 libpng-2:1.6.34-5.el8.x86_64 libtiff-4.0.9-20.el8.x86_64 libwebp-1.0.0-5.el8.x86_64 libxcb-1.13.1-1.el8.x86_64 libxslt-1.1.32-6.el8.x86_64 nginx-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 nginx-all-modules-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch nginx-mod-http-image-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 nginx-mod-http-perl-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 nginx-mod-http-xslt-filter-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 nginx-mod-mail-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 nginx-mod-stream-1:1.14.1-9.module_el8.0.0+184+e34fea82.x86_64 perl-Carp-1.42-396.el8.noarch perl-Data-Dumper-2.167-399.el8.x86_64 perl-Digest-1.17-395.el8.noarch perl-Digest-MD5-2.55-396.el8.x86_64 perl-Encode-4:2.97-3.el8.x86_64 perl-Errno-1.28-420.el8.x86_64 perl-Exporter-5.72-396.el8.noarch perl-File-Path-2.15-2.el8.noarch perl-File-Temp-0.230.600-1.el8.noarch perl-Getopt-Long-1:2.50-4.el8.noarch perl-HTTP-Tiny-0.074-1.el8.noarch perl-IO-1.38-420.el8.x86_64 perl-IO-Socket-IP-0.39-5.el8.noarch perl-IO-Socket-SSL-2.066-4.module_el8.3.0+410+ff426aa3.noarch perl-MIME-Base64-3.15-396.el8.x86_64 perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch perl-Net-SSLeay-1.88-1.module_el8.3.0+410+ff426aa3.x86_64 perl-PathTools-3.74-1.el8.x86_64 perl-Pod-Escapes-1:1.07-395.el8.noarch perl-Pod-Perldoc-3.28-396.el8.noarch perl-Pod-Simple-1:3.35-395.el8.noarch perl-Pod-Usage-4:1.69-395.el8.noarch perl-Scalar-List-Utils-3:1.49-2.el8.x86_64 perl-Socket-4:2.027-3.el8.x86_64 perl-Storable-1:3.11-3.el8.x86_64 perl-Term-ANSIColor-4.06-396.el8.noarch perl-Term-Cap-1.17-395.el8.noarch perl-Text-ParseWords-3.30-395.el8.noarch perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch perl-Time-Local-1:1.280-1.el8.noarch perl-URI-1.73-3.el8.noarch perl-Unicode-Normalize-1.25-396.el8.x86_64 perl-constant-1.33-396.el8.noarch perl-interpreter-4:5.26.3-420.el8.x86_64 perl-libnet-3.11-3.el8.noarch perl-libs-4:5.26.3-420.el8.x86_64 perl-macros-4:5.26.3-420.el8.x86_64 perl-parent-1:0.237-1.el8.noarch perl-podlators-4.11-1.el8.noarch perl-threads-1:2.21-2.el8.x86_64 perl-threads-shared-1.58-2.el8.x86_64 Complete!
Add the following configuration file /etc/nginx/conf.d/kibana.example.com.conf:
server {
listen 443 http2 ssl;
server_name kibana.example.com;
ssl_certificate /etc/ssl/nginx/kibana.example.com.crt;
ssl_certificate_key /etc/ssl/nginx/kibana.example.com.key;
location / {
proxy_pass http://192.168.0.2:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Replace the server_name and IP with proper values.
STEP 7) Open the Kibana web.
Here are the login screen and the welcome screen. For more information check out the other articles on the subject. Use the elastic and the password generated in STEP 3) to log in for the first time. The elastic user is built-in and it has administrative privileges.
SCREENSHOT 1) The login page of Kibana. Use the elastic search user to login. The elastic user is a built-in administrative user.
SCREENSHOT 2) Kibana welcome home page. The right menu shows some of the Kibana main funtionality like Analytics, Security, Managements and more.
