elk // install v8

logging | elk | fluentbit

tested on debian12

install

apt install gnupg1 apt-transport-https file jq

ls -lF /usr/share/keyrings/elasticsearch-keyring.gpg # no exist
ls -lF /etc/apt/sources.list.d/elastic-8.x.list # no exist

curl https://artifacts.elastic.co/GPG-KEY-elasticsearch | \
    gpg1 --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

cat > /etc/apt/sources.list.d/elastic-8.x.list <<EOF
deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main
EOF

apt update
apt install elasticsearch

==> save the elastic super-user password somewhere

# before
sysctl vm.max_map_count

tail -F /var/log/elasticsearch/elasticsearch.log

systemctl daemon-reload
systemctl restart elasticsearch
systemctl status elasticsearch
systemctl enable elasticsearch

# after
sysctl vm.max_map_count

ready to go

netstat -lntup | grep 9300
netstat -lntup | grep 9200

user=elastic
pass=THAT-PASSWORD-FROM-ABOVE

curl -sk https://localhost:9200/ -u $user:$pass | jq

and see install kibana

additional notes

start from scratch

apt purge elasticsearch
rm -rf /var/lib/elasticsearch/
rm -rf /etc/elasticsearch/

apt purge kibana
rm -rf /etc/kibana/
rm -rf /var/lib/kibana/

resources

https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html

https://www.elastic.co/guide/en/kibana/current/deb.html

https://www.elastic.co/guide/en/kibana/8.13/production.html#openssl-legacy-provider

https://discuss.elastic.co/t/what-are-ports-9200-and-9300-used-for/238578 ==> 9300 cluster communication

https://www.elastic.co/guide/en/elasticsearch/reference/current/reset-password.html


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun