If you're looking for a powerful search engine that can display data via a user-friendly web-based dashboard, Elasticsearch is what you want.
Eleasticsearch is a powerful search engine, based on the Lucene library, that provides a distributed, multitenant-capable, full-text search engine. With an HTTP web interface and schema-free JSON documents, Elasticsearch might well be ideal solution for the visualization of your company data.
I'm going to walk you through the process of installing Elasticsearch on Ubuntu 18.04.
SEE: Securing Linux policy (Tech Pro Research)
What you need
All you will need is a running instance of Ubuntu Server 18.04 and a user account with sudo privileges.
The first thing to do is update and upgrade your server. Do note that, should the kernel be updated in the process, a restart of the server will be required. Because of this, run the update/upgrade process during a time when an update is possible.
To run the update/upgrade process, log into your Ubuntu server and issue the following command:
sudo apt-update sudo apt-get upgrade -y
Elasticsearch depends on Java. Issue the follow commands to install the dependency:
sudo add-apt-repository ppa:webupd8team/java sudo apt-get update sudo apt-get install oracle-java8-installer -y
Install and configure Elasticsearch
To install Elasticsearch, issue the following commands:
cd /tmp wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.2.deb sudo dpkg -i elasticsearch-6.3.2.deb
Open the Elasticsearch configuration file with the command:
sudo nano /etc/elasticsearch/elasticsearch.yml
Locate the line:
# network.host: 192.168.0.1
Remove the comment (the # character) and change the IP Address to that of your hosting server. Save and close that file.
Finally, start and enable the service with the command:
sudo systemctl enable elasticsearch.service sudo systemctl start elasticsearch.service
Point a web browser to http://SERVER_IP:9200/_cat/health?v (where SERVER_IP is the IP address of your hosting server). You should see similar output as that shown in Figure A.
Install and configure Kibana
Now we're going to install the Kibana Dashboard, which can display the results of Elasticsearch. This is done with the following steps:
cd /tmp wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-amd64.deb sudo dpkg -i kibana-6.3.2-amd64.deb
Configure Kibana by opening the configuration file with the command:
sudo nano /etc/kibana/kibana.yml
Locate the following lines:
#server.host: "localhost" #elasticsearch.url: "http://localhost:9200"
Change those lines to:
server.host: "SERVER_IP" elasticsearch.url: "http://SERVER_IP:9200"
where SERVER_IP is the IP address of your hosting server.
Save and close that file.
Finally, issue the following command:
sudo sysctl -w vm.max_map_count=262144
Reboot the server. Once the server reboots, start and enable the Kibana service with the commands:
sudo systemctl enable kibana.service sudo systemctl start kibana.service
Open the dashboard
You can now point your browser to http://SERVER_IP:5601 to view the Kibana Dashboard (Figure B).
There's one final step to take.
Install and configure Logstash
We now need the means to add data into Elasticsearch. This will be done with Logstash. To install this tool, issue the commands:
cd /tmp wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.deb sudo dpkg -i logstash-6.3.2.deb
Open the Logstash configuration file with the command:
sudo nano /etc/logstash/logstash.yml
Change the following line:
# http.host: "127.0.0.1"
Remove the # character and change the IP address to your hosting server IP. Save and close that file.
Start and enable the Logstash service with the commands:
sudo systemctl enable logstash.service sudo systemctl start logstash.service
Point your browser to http://SERVER_IP:5601, and you are ready to begin working. Congratulations, you now have a powerful search engine installed and ready to go. I highly recommend you head over to the official Elasticsearch documentation to learn more on how to create searches.
- How to make your Linux machines visible to other Linux machines (TechRepublic)
- How to run remote commands on multiple Linux servers with Parallel-SSH (TechRepublic)
- How to monitor your Linux server with Glances (TechRepublic)
- How to monitor your data center Linux server with osquery (TechRepublic)
- Canonical makes Kubernetes moves (ZDNet)
- ElasticSearch server exposed the personal data of over 57 million US citizens (ZDNet)