티스토리 뷰

Study/System

[ELK Stack] Elastic, Kibana 설치

pursh 2023. 9. 11. 13:55

# 설치 환경 : Ubuntu 18.04.6

 

APT 패키지 관리 HTTPS 사용 활성화

$ sudo apt install apt-transport-https

 

Elastic GPG Key 등록

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
OK

 

Elastic 저장소 추가

$ echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
deb https://artifacts.elastic.co/packages/7.x/apt stable main

 

Elastic & Kibana설치

$ sudo apt update
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable InRelease [13.6 kB]
Get:2 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 Packages [116 kB]                                                     
Hit:3 http://kr.archive.ubuntu.com/ubuntu bionic InRelease                                                              
Get:4 https://artifacts.elastic.co/packages/7.x/apt stable/main i386 Packages [84.1 kB]       
Hit:5 http://security.ubuntu.com/ubuntu bionic-security InRelease                                       
Hit:6 http://kr.archive.ubuntu.com/ubuntu bionic-updates InRelease                                      
Hit:7 http://kr.archive.ubuntu.com/ubuntu bionic-backports InRelease
Fetched 214 kB in 1s (233 kB/s)
Reading package lists... Done
Building dependency tree       
Reading state information... Done
325 packages can be upgraded. Run 'apt list --upgradable' to see them.
$

 

$ sudo apt install elasticsearch=7.10.1
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  elasticsearch
0 upgraded, 1 newly installed, 0 to remove and 325 not upgraded.
Need to get 319 MB of archives.
After this operation, 535 MB of additional disk space will be used.
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 elasticsearch amd64 7.10.1 [319 MB]
Fetched 319 MB in 20s (16.3 MB/s)                                                                                                                                                                            
Selecting previously unselected package elasticsearch.
(Reading database ... 130561 files and directories currently installed.)
Preparing to unpack .../elasticsearch_7.10.1_amd64.deb ...
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Unpacking elasticsearch (7.10.1) ...
Setting up elasticsearch (7.10.1) ...
Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.52) ...
$

 

$ sudo apt install kibana=7.10.1
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  kibana
0 upgraded, 1 newly installed, 0 to remove and 326 not upgraded.
Need to get 250 MB of archives.
After this operation, 693 MB of additional disk space will be used.
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 kibana amd64 7.10.1 [250 MB]
Fetched 250 MB in 16s (15.6 MB/s)                                                                                                                                                                            
Selecting previously unselected package kibana.
(Reading database ... 131613 files and directories currently installed.)
Preparing to unpack .../kibana_7.10.1_amd64.deb ...
Unpacking kibana (7.10.1) ...
Setting up kibana (7.10.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.52) ...
$

Elastic & Kibana 원격 접속 허용

# vi /etc/elasticsearch/elasticsearch.yml
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 0.0.0.0    <-- 모든 네트워크에서 접속하도록 '0.0.0.0'으로 설정
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# Use a descriptive name for the node:
#
#node.name: node-1
node.name: node-1
#
# Add custom attributes to the node:
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
discovery.seed_hosts: ["127.0.0.1"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
cluster.initial_master_nodes: ["node-1"]
#

 

# vi /etc/kibana/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
server.host: "0.0.0.0"    <-- 모든 네트워크에서 접속하도록 '0.0.0.0'으로 설정

 

Elastic & Kibana 서비스 구동

* 서비스 등록 여부 확인

$ sudo systemctl list-unit-files --type=service |grep elastic
elasticsearch.service                      disabled       

$ sudo systemctl list-unit-files --type=service |grep kibana
kibana.service                             disabled 

 

$ sudo systemctl start elasticsearch.service
$ sudo systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-09-11 14:07:22 KST; 10s ago
     Docs: https://www.elastic.co
 Main PID: 5303 (java)
    Tasks: 43 (limit: 4915)
   CGroup: /system.slice/elasticsearch.service
           ├─5303 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.enc
           └─5492 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

 9월 11 14:06:41 boan-pc11 systemd[1]: Starting Elasticsearch...
 9월 11 14:07:22 boan-pc11 systemd[1]: Started Elasticsearch.
$  
$ ss -nltp|grep 9200
LISTEN   0         4096                      *:9200                   *:*        users:(("java",pid=5303,fd=261))                                               
$

 

$ sudo systemctl start kibana.service
$ sudo systemctl status kibana.service
● kibana.service - Kibana
   Loaded: loaded (/etc/systemd/system/kibana.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-09-11 14:09:56 KST; 7s ago
 Main PID: 5535 (node)
    Tasks: 11 (limit: 4915)
   CGroup: /system.slice/kibana.service
           └─5535 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist

 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["warning","plugins","encryptedSavedObjects","config"],"pid":5535,"message":"Generating a random key for xpa
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["warning","plugins","ingestManager"],"pid":5535,"message":"Fleet APIs are disabled due to the Encrypted Sav
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["warning","plugins","reporting","config"],"pid":5535,"message":"Generating a random key for xpack.reporting
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["info","plugins","reporting","config"],"pid":5535,"message":"Chromium sandbox provides an additional layer 
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["warning","plugins","actions","actions"],"pid":5535,"message":"APIs are disabled due to the Encrypted Saved
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["warning","plugins","alerts","plugins","alerting"],"pid":5535,"message":"APIs are disabled due to the Encry
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["info","plugins","monitoring","monitoring"],"pid":5535,"message":"config sourced from: production cluster"}
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["info","savedobjects-service"],"pid":5535,"message":"Waiting until all Elasticsearch nodes are compatible w
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["warning","plugins","monitoring","monitoring"],"pid":5535,"message":"X-Pack Monitoring Cluster Alerts will 
 9월 11 14:10:02 boan-pc11 kibana[5535]: {"type":"log","@timestamp":"2023-09-11T05:10:02Z","tags":["info","savedobjects-service"],"pid":5535,"message":"Starting saved objects migrations"}

$ ss -nltp|grep 5601
LISTEN   0         511                 0.0.0.0:5601             0.0.0.0:*        users:(("node",pid=5535,fd=1))                                                
$

 

'Study > System' 카테고리의 다른 글

Ubuntu 18 NIC 설정  (1) 2023.12.05
php 여러 버전 설치 on Ubuntu22.04  (0) 2023.09.13
wget으로 ftp 사용하기  (0) 2023.06.30
[Ubuntu] rc-local 서비스 활성화  (0) 2023.05.25
[Linux] bash history에 Timestamp 남기기  (0) 2023.01.28
공유하기 링크
댓글