The ELKBeats Stack: the Ground Work

Read the first item in this Table of Contents if you haven't been here before.

Table of Contents


This tutorial assumes you're working as root on a current Debian system. sudo doesn't make sense to me when I'm going to be issuing dozens of commands: start a root shell and skip the sudo part. Make sure Apache is installed and working (this could probably also be done with nginx, but I'm using Apache).

When this post gets out of date (which it will do, very quickly), find correct version numbers here: https://www.elastic.co/downloads/ . Also check to see if the content in the links in the Bibliography below have been updated.

Install Java 8

# add this at the end of /etc/apt/sources.list:
deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main
deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main

With that in place:

# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
# apt-get update

Yes, this is for Ubuntu, but it works on Debian. The webupd8.org site says to then run apt-get install oracle-java8-installer. One day this worked, a couple days later the package didn't exist and I had to install java8-runtime-headless instead of oracle-java8-installer. You figure it out - use whichever works when you visit.

This should be sufficient, but if you need to compile JSPs on the fly, "headless" won't be enough. But for Elasticsearch/Kibana, this should be good. The easiest test is to run java -version.

Get Keys and Set Repositories

We need to get elastic.co's GPG key for their repositories:

# wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | apt-key add -

Once you have the key, add this at the end of /etc/apt/sources.list:

deb http://packages.elastic.co/logstash/2.1/debian stable main
deb http://packages.elastic.co/elasticsearch/2.x/debian stable main
deb http://packages.elastic.co/kibana/4.4/debian stable main

I do love consistency - I wish elastic.co did too. Their logstash repo says ".../2.1/..." while their elasticsearch repo says ".../2.x/..." ... and most Debian repos don't subdivide software by version number at all. Why would you? You have to change repos to upgrade. (Okay, server-side there are advantages to sticky versions, but I'd still prefer consistency.)

Rant aside, these are the package repositories you'll need to install all the components of the ELK stack, addressed in the next three articles.


Continue to The ELKBeats Stack: L is for Logstash, the next article in this series.