The Elastic Stack Install Ubuntu, originally the ELK Stack, is a group of open-source software developed by Elastic that enables centralized logging, or the ability to search, analyses, and visualize logs created from any source and in any format.


Since centralized logging enables you to browse through all of your logs in one location, it can be helpful when trying to pinpoint issues with your servers or apps.

It’s also helpful because it makes it possible to locate problems that affect numerous servers by comparing their logs over a predetermined period of time.

There are four primary parts to the elastic stack:

  • All of the gathered data is stored in the distributed RESTful search engine Elasticsearch.
  • Logstash: The Elastic Stack’s data processing component that transmits incoming data to Elasticsearch.
  • Kibana: is a web-based log search and visualization tool.
  • Beats: Small, specialized data shippers that may transmit information to Logstash or Elasticsearch from hundreds or thousands of devices.

You will set up the Elastic Stack on an Ubuntu 22.04 server in this tutorial. You will discover how to set up and configure each element of the Elastic Stack Install Ubuntu to collect and display system logs, including File beat, a Beat used for forwarding and centralizing files and logs.

Kibana will also be proxied using Nginx so that it may be accessed from a web browser because it is typically only accessible on the localhost. On a single server, which we will refer to as our Elastic Stack server, we will install each of these parts.

What is the ELK Stack?

The Elastic Stack Install Ubuntu, which was created, managed, and maintained by Elastic, originally consisted of three open-source products: Elasticsearch, Logstash, and Kibana. Beats’ debut and later addition made the stack a four-legged project.

Based on the Apache Lucene search engine, Elasticsearch is an open source full-text search and analysis tool. A log aggregator called Logstash gathers data from numerous input sources, performs various upgrades and transformations, and then sends the data to a variety of supported output destinations.

What is the ELK Stack

Kibana is a visualization layer that sits on top of Elasticsearch and gives users access to data visualization and analysis tools. Last but certainly not least, Beats are little agents that are installed on edge hosts to gather various kinds of data for transmission into the stack.

For the most part, these various elements are combined to monitor, debug, and secure IT infrastructures (though there are many more use cases for the ELK Stack such as business intelligence and web analytics).

Elasticsearch indexes and stores the data, Beats and Logstash handle data collection and processing, and Kibana provide a user interface for querying and displaying the data.

Why is ELK So Popular?

Because it meets a demand in the log management and analytics area, the ELK Stack is well-liked. Engineering teams need a log management and analytics solution to help them monitor highly distributed, dynamic, and noisy environments, as well as the IT infrastructure on which current applications are deployed.

The ELK Stack aids users by offering a healthy platform that gathers and processes data from many data sources, stores that data in a single, centralized data store that can scale as data grows, and offers a selection of tools for data analysis.

The Elastic Stack Install Ubuntu is open source, of course. The preference for open source goods among IT businesses may be the sole factor contributing to the stack’s success. Organizations may far more simply onboard new employees and avoid vendor lock-in by utilizing open source.

Why is ELK So Popular

Kibana usage is common knowledge, right? Open source also refers to a thriving community that constantly promotes new functions and innovation and offers assistance when required.

Yes, Splunk has long held a dominant position in the industry. However, its extensive functions are becoming less and less valuable for the high cost, particularly for startups and smaller businesses like SaaS products.

Splunk has around 15,000 users, whereas ELK is downloaded far more frequently than Splunk’s complete user base in a single month. Even though ELK lacks some of Splunk’s functionality. It does not require all of the analytical bells and whistles. ELK is a cheap platform for log management and analytics that is straightforward but effective.

Why is Log Analysis Growing in Relevance?

Organizations cannot afford even a single second of application outage or sluggish performance in the highly competitive world of today. Performance problems can hurt a brand and, in some situations, result in a loss of direct income.

For the same reason, businesses cannot afford to have their security compromised, and failing to adhere to legal requirements can cost them dearly in fines and hurt their bottom line.

Engineers rely on the various forms of data created by their applications and the infrastructure supporting them to ensure apps are always available, performant, and secure. This information whether it comes from event logs, metrics, or both allows for the monitoring of these systems as well as the detection and correction of problems as they arise.

Logs and the various tools for examining them have long been around. The underlying architecture of the environments producing these logs, however, has evolved. Microservice, containers, and orchestration infrastructure are now common in architecture and are used in hybrid environments, across clouds, and on the cloud.

Additionally, the sheer amount of data produced by these systems is expanding rapidly and is a challenge in and of itself. The time when an engineer could easily SSH into a machine and grep a log file is long gone. In setups with hundreds of containers producing TBs of log data each day, this is impossible.

Why is Log Analysis Growing in Relevance

This is where centralized log management and analytics tools, like the Elastic Stack Install Ubuntu, come into play. They give engineers—whether they work in DevOps, IT Operations, or SRE—the visibility they need to guarantee that apps are always available and performant.

The following essential capabilities are part of contemporary log management and analysis solutions:

  1. Aggregation is the process of gathering and sending logs from many data sources.
  2. Processing enables log messages to be converted into useful data for simpler analysis.
  3. Storage is the capacity to keep data for long periods of time in order to support use cases for trend research, monitoring, and security.
  4. Analysis is the capacity to examine data by querying it and building dashboards and visualizations on top of it.

How to Conduct Log Analysis Using the ELK Stack?

As I previously stated, the various parts of the Elastic Stack Install Ubuntu when combined offer a straightforward yet effective solution for log management and analytics.

The various parts of the ELK Stack were created to work together harmoniously and without a lot of additional configuration. However, depending on your environment and use case, you may wind up constructing the stack very differently.

The traditional architecture will seem as follows for a small development environment:

small sized development

However, more components will likely be added to your logging architecture for resiliency (Kafka, RabbitMQ, Redis), security (nginx), and managing increasingly complicated pipelines designed for processing massive amounts of data in production:

handling more complex pipeline

For the purposes of example, this diagram has obviously been simplified. Full replication across regions or segments of your data centre for high availability, multiple Elasticsearch nodes, possibly multiple Logstash instances, an archiving mechanism, an alerting plugin, and other components make up a production-grade architecture.

In the pertinent part below, you can get a detailed explanation of what is required to deploy Elastic Stack Install Ubuntu as a production-grade log management and analytics solution.

Instruction how to Installing Elastic Stack on Ubuntu 22.04 LTS

Additionally, it’s critical that you maintain your server safe by installing a TLS/SSL certificate because the Elastic Stack is used to access crucial information about your server that you would not want unauthorized users to access. Although optional, doing so is highly recommended.

Instruction how to Installing Elastic Stack on Ubuntu 22.04 LTS

Elastic Stack Install Ubuntu, often referred to as elk stack, is a collection of open source, free technologies made to gather, analyses, and visualize data in real time. The details of the steps are as follows:

Step # 1: Installing the required modules

  • update the system packages;
  • sudo apt-get update

Install openjdk and other dependencies before installing elastic stack;

  • sudo apt-get install openjdk-11-jdk
  • sudo apt-get install wget
  • sudo apt-get install apt-transport-https
  • sudo apt-get install curl
  • sudo apt-get install gnupg2

install all above listed modules in one command;

  • sudo apt-get install openjdk-11-jdk wget apt-transport-https curl gnupg2 -y

check java version;

  • java -version

Step # 2: Install and Configure Elasticsearch on Ubuntu

Because Elasticsearch is not already pre-installed in Ubuntu, we will first need to add a signing key and repositories to our system.

Follow the below command to add Elasticsearch signing key;

  • wget -qO — — no-check-certificate | sudo apt-key add -

Next add the repository in /etc/apt/sources.list.d/elastic-7.x.list using below command;

  • echo “deb stable main” | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

after running the repo update the system package;

  • sudo apt-get update -y

Install elasticsearch;

  • sudo apt-get install elasticsearch -y

Do modifications on Elasticsearch configuration file;

  • sudo nano /etc/elasticsearch/elasticsearch.yml

change these lines in ‘network’ section;

  • host: localhost
  • #http. port: 9200(remove ‘#’ here)

add this line in ‘discovery’ section;

  • type: single-node
  • save config file and exit.

start the elacticsearch service;

  • sudo systemctl start elasticsearch

To enable elacticsearch at system startup;

  • sudo systemctl enable elasticsearch

To check elasticsearch service status;

  • sudo systemctl status elasticsearch

Step # 3: Install and Configure Kibana on Ubuntu

install kibana on Ubuntu;

  • sudo apt-get install kibana

Do modifications on kibana configuration file;

  • sudo nano /etc/kibana/kibana.yml

remove ‘#’ in the below lines;

  • Port: 5601
  • Host: “localhost”
  • Hosts: [“http://localhost:9200″]

save config file and exit.

start kibana service;

  • sudo systemctl start kibana

To enable kibana at system startup;

  • sudo systemctl enable kibana

To check the status of kibana service;

  • sudo systemctl status kibana

Step # 4: Install and Configure Logstash on Ubuntu

install logstash on Ubuntu;

  • sudo apt-get install logstash

Create the below config file and insert below lines to load logstash beat;

sudo nano /etc/logstash/conf.d/2-beats-input.conf

input {

beats {

port => 5044



save and close the file.

Elastic Stack Install Ubuntu, Create the below config file and insert below lines to filter the logstash inputs and generate the output;

sudo nano /etc/logstash/conf.d/2-elasticsearch-output.conf

output {

elasticsearch {

hosts => [“localhost:9200”]

manage template => false

index => “%{[@metadata] [beat]}-%{[@metadata] [version]}-%{+YYYY.MM.dd}”



save and close the editor.

start logstash service;

  • sudo systemctl start logstash

To enable logstash at system startup;

  • sudo systemctl enable logstash

To stop logstash service;

  • sudo systemctl stop logstash (do not run this unless its necessary)

To check status of logstash;

  • sudo systemctl status Logstash

Step # 5: Install and Configure Filebeat on Ubuntu

install Filebeat to send logs to Logstash;

  • sudo apt-get install filebeat

Do modifications on filebeat configuration file;

  • sudo nano /etc/filebeat/filebeat.yml

Comment the below lines

  • #output. Elasticsearch:
  • #Array of hosts to connect to.
  • #hosts: [“localhost:9200”]

Uncomment the below lines

  • Logstash:
  • hosts: [“localhost:5044”]

save & exit editor.

start filebeat service;

  • sudo systemctl start filebeat

To enable filebeat at system startup;

  • sudo systemctl enable filebeat

To check status of filebeat service;

  • sudo systemctl status filebeat

Enable filebeat system module;

  • sudo filebeat modules enable system

Enable filebeat logstash module;

  • sudo filebeat modules enable logstash

Load the index template;

  • filebeat setup — index-management -E output. logstash. Enabled=false -E ‘output. elasticsearch. Hosts=[“localhost:9200”]’

start filebeat service;

  • sudo service filebeat start

check whether elasticsearch is receiving catalog from filebeat;

  • curl -XGET http://localhost:9200/_cat/indices?v

Access Kibana Web Interface by using the URL

  • http://localhost:5601

execute the below command if integration check gave an error

Enable filebeat kibana module;

  • sudo filebeat modules enable kibana

Much of our content covers the open source Elastic Stack Install Ubuntu and that appears in different platforms. Some features are unavailable in one version and available in the others.

Related Article