How to Install ELK on Ubuntu 20.04

How to Install ELK on Ubuntu 20.04

Elasticsearch, Logstash, Kibana (ELK) allows for managing large amounts of log data on Ubuntu 20.04 Focal Fossa. The ELK stack combines Elasticsearch, Logstash, and Kibana, which are open source tools that work in tandem to provide you with the ability to manage log data from a convenient graphical web interface.

I'll show you the steps required to get ELK up and running on your Ubuntu 20.04 system.

Category Requirements Used
System Ubuntu 20.04
Software ELK, Nginx,openjdk-11-jdk, wget, apt-transport-https, curl, gpgv, gpgsm, gnupg-l10n, gnupg, dirmngr

Update and Upgrade Distro

apt-get update -y
apt-get upgrade -y

Install Required Dependencies

apt-get install openjdk-11-jdk wget apt-transport-https curl gpgv gpgsm gnupg-l10n gnupg dirmngr -y

Install and Configure Java

sudo apt -y install openjdk-11-jdk
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64


Add Elastic Repository

Download and install the PGP Key using wget command.
wget -qO - | sudo apt-key add -
Next is to add the Elasticsearch repository to the system:
echo "deb stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Install Elasticsearch

Update the apt packages and install the Elasticsearch by issuing the following command:

apt-get update
apt-get install elasticsearch -y
sudo systemctl stop elasticsearch
systemctl enable elasticsearch

Configure Elasticsearch


echo ' localhost' >> /etc/elasticsearch/elasticsearch.yml

Add Transport TCP Port

echo 'transport.tcp.port: 9300' >> /etc/elasticsearch/elasticsearch.yml


echo ' localhost' >> /etc/elasticsearch/elasticsearch.yml

Add http.port

echo 'http.port: 9200' >> /etc/elasticsearch/elasticsearch.yml

Add discovery.type

echo 'discovery.type: single-node' >> /etc/elasticsearch/elasticsearch.yml

Add setup.ilm.overwrite

echo 'setup.ilm.overwrite: true' >> /etc/elasticsearch/elasticsearch.yml

Add JVM heap

echo '-Xms512m' >> /etc/elasticsearch/jvm.options

echo '-Xmx512m' >> /etc/elasticsearch/jvm.options

Reload and Start Elasticsearch

Start Elasticsearch at system startup:
systemctl daemon-reload
systemctl start elasticsearch
systemctl restart elasticsearch

Elasticsearch Status

systemctl status elasticsearch



Install Logstash

sudo apt install logstash -y
Start Logstash at system startup:
systemctl daemon-reload
systemctl enable logstash
systemctl start logstash

Logstash Status

systemctl status logstash



Install Kibana

sudo apt install kibana -y

systemctl stop kibana

systemctl enable kibana

Configure Kibana

Add Server.port

echo -e "server.port: 5601" >> /etc/kibana/kibana.yml


echo -e " $HOSTNAME" >> /etc/kibana/kibana.yml

Add Elasticsearch.hosts

echo -e 'elasticsearch.hosts: ["http://localhost:9200"]' >> /etc/kibana/kibana.yml

Reload and Start Kibana

systemctl daemon-reload

systemctl start kibana

Kibana Status

Start Kibana at system startup:
systemctl status kibana


Access Kibana

http://<IP Address>:5601