This is part 3 in a series of guides I have written about running a personal Elasticstack. You can check out the other parts in the series here:
- Building Your Environment in AWS
- Setting up and Installing Elasticsearch
- Setting up Kibana
- Using a Proxy for Kibana with HAProxy
- Enabling Security and Using Password Authentication
- Making Kibana Internet Accessible with Cloudfront
- Securing Cloudfront with Security Groups
- Inserting Data into Elasticsearch with Logstash
Step 1: Setup Instance and OS
I am going to be using a t3a.nano with Centos 7 to save costs. They have a 10GB root drive. Kibana stores most of its data in the Elasticsearch instance, so you aren’t going to need much disk space for it.
First start by ensuring your OS is up to date. Run an update if you haven’t already.
sudo yum update
I will be using Vim throughout these guides, so install it if you fancy.
sudo yum install vim
Additionally you might want to add some swap space to the server, as we are going to be running on a nano, which has very little resources. But just enough for a single user Kibana.
See here about adding swap space to your server.
Step 2: Install Kibana from the Repository
You can check out the official documentation on installing Kibana here.
Start by importing the repo key.
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
And creating a repo file.
sudo vim /etc/yum.repos.d/kibana.repo
Add the below to the file, and save it. (May change in later versions)
[kibana-7.x] name=Kibana repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Now simply install via the repo. This may take a while, especially on the small instance type I am using.
sudo yum install kibana
When this is finally finished, its time to edit the config.
Step 3: Edit Kibana Config
Start by opening up the Kibana config file, kibana.yml. It is in /etc/kibana if you installed it via the repo.
sudo vim /etc/kibana/kibana.yml
I use the below config, most of it can be left default for now. You can check out the official documentation regarding any of the other settings.
# kibana.yml server.port: 5601 server.host: "172.31.70.80" server.name: "Dashboards-Kibana-1" elasticsearch.hosts: ["http://184.108.40.206:9200"]
- The port for the UI. (This is default, I like to be specific)
- The IP address of the server Kibana is installed on
- The name you would like to call this instance of Kibana
- The Elasticsearch node you would like to query. (I have used my first node)
Step 4: Start Your New Kibana Up
If you would like it to start up every time you boot, run the below commands:
sudo systemctl daemon-reload sudo systemctl enable kibana.service
You can now start and stop kibana with:
sudo systemctl start kibana.service sudo systemctl stop kibana.service
Startup may take a while the first time, as it has to create a series of indices in your Elasticsearch.
You can check the progress of startup in the system journal with:
sudo journalctl -xef --unit kibana
If you would like to check if its running locally, you can request the home page with:
You should recieve an index.html file that, when opened, will contain Kibana stuff.
Step 5: Navigate to Your Dashboard
Now all that is left is to navigate to your new Kibana dashboard in a browser on port 5601. You may have to set up a Security Group to allow your local IP access if you are using AWS.
Now you are ready for the next step, where we set up a proxy for Kibana. I prefer to use a proxy to help with security and make it so that the Kibana instance is not exposed to the internet in any way. We also don’t set up any firewalls on the nodes to cut costs, so we are going to need a way to firewall our cluster. So take a look at Part 4: Using a Proxy for Kibana with HAProxy.
Any thoughts, concerns, mistakes? Let me know in the comments or via the Contact page.