Microsoft Silver Partner

Microsoft Silver Partner

mobile-logo
08 Oct

Setup Elasticsearch & Kibana on Ubuntu in Azure/AWS/GCP

by Andrew Fitzgerald
in AWS, Azure, Google GCP, Monitoring
Comments

Setup and install Elasticsearch and Kibana UI on Ubuntu 22.04.  Open-source search and analytics engine designed for real-time data retrieval, monitoring, and analysis.  Kibana is the visualization tool for Elasticsearch, enabling users to interact with data through dashboards, charts, and real-time visualizations.  Deploy using our image from any of the cloud marketplaces below:

Self-Hosted Elasticsearch & Kibana on Ubuntu

Elasticsearch & Kibana Azure

Elasticsearch Azure

Deploy Elasticsearch with Kibana on Ubuntu 22.04

Elasticsearch & Kibana AWS

Coming soon…

Elasticsearch & Kibana GCP

Coming soon…

Getting Started

Once your Elastic search server has been deployed, the following links explain how to connect to a Linux VM:

 

 

Once connected and logged in, the following section explains how to start using Elasticsearch and Kibana.

Verify Elasticsearch and Kibana Status

Check that both Elasticsearch and Kibana are running:

				
					sudo systemctl status elasticsearch
sudo systemctl status kibana

Access Elasticsearch

Elasticsearch should be available on http://localhost:9200 by default. Let’s update Eleasticsearch.yaml file:

				
					sudo nano /etc/elasticsearch/elasticsearch.yml
  1. Un comment network.host add 0.0.0.0
elasticsearch-yaml

2. Disable the xpack.security.enabled features. Set to false

elasticsearch xpack security

3. Save and Exit. Restart Elasticsearch services.

				
					sudo systemctl restart elasticsearch

4. Now lets test if localhost replies. Run the following command:

				
					curl -X GET "http://localhost:9200/"

You should get a similar output to the following to confirm Elasticsearch is working:

				
					
 curl -X GET "http://localhost:9200/"
{
  "name" : "test3",
  "cluster_name" : "my-app",
  "cluster_uuid" : "Qs3-ZAZ0SsyCH0XGtCyTHw",
  "version" : {
    "number" : "8.15.2",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "98adf7bf6bb69b66ab95b761c9e5aadb0bb059a3",
    "build_date" : "2024-09-19T10:06:03.564235954Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

If you want to enable TLS and enable security for your Elastic stack refer to the official documentation:

 

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html

Access Kibana

  1. First step is to update the kibana.yml server.host address to 0.0.0.0
				
					sudo nano /etc/kibana/kibana.yml
kibana-yml

2. Save and Exit, restart Kibana services.

				
					sudo systemctl restart kibana

3. After a minute, Kibana should run on the following port 5601. Open a browser and go to:

				
					http://<your-server-ip>:5601

Choose which option, for example Explore on my own

Kibana homepage

You’re now ready to start using Elasticsearch with Kibana..

Documentation / Support

Please refer to the official documentation for Elasticsearch and Kibana on the following links:

 

https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html

 

https://www.elastic.co/guide/en/kibana/8.15/index.html

 

Any questions about getting this server up and running or for any assistance related to image deployments please contact us.

Firewall Ports

Elasticsearch

  • Port 9200 (HTTP): This is the primary port used to interact with Elasticsearch’s RESTful API. All search, indexing, and query requests go through this port by default.
  • Port 9300 (Transport): This port is used for internal cluster communication. Nodes in a multi-node Elasticsearch cluster communicate with each other over port 9300.

Kibana

Port 5601 (HTTP): Kibana’s web interface and API are accessible on this port. Users connect to Kibana’s dashboard, visualizations, and management interface through port 5601.

Firewall and Security Considerations

  • Elasticsearch (Port 9200): By default, this port binds to localhost. If making Elasticsearch accessible externally, secure it by setting up authentication, TLS encryption, or restricting access to specific IP addresses.
  • Kibana (Port 5601): Similarly, securing external access to Kibana is important, especially for production environments.

 

Adjusting these ports is possible by configuring elasticsearch.yml and kibana.yml in their respective directories (/etc/elasticsearch/ and /etc/kibana/).

The links below explain how to modify / create firewall rules depending on which cloud platform you are using.

 

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

Disclaimer: Elasticsearch & Kibana are registered trademarks of Elasticsearch BV and is licensed under Elastic License 2.0 (ELv2). This image is provided & maintained by Cloud Infrastructure Services. This image is configured for self-hosting and does not include any managed or SaaS-level services. No warrantee of any kind, express or implied, is included with this software. Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user. The author is not responsible for any damage that its use could cause.

Related Posts:

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x