The following article on Kibana is outdated. For an updated version, click here

After five alpha versions, Elastic recently announced the availability of the first beta version of the long-awaited Elastic Stack 5.0 (the new name for ELK). If Elastic feels this version is stable enough to begin beta testing, that’s good enough for me!

Since I was curious to check out the new features in this version and am always happy to test new software, I decided to take her for a ride on an Ubuntu 14.04 deployed on AWS.

Here are the installation steps that I took to get the stack installed as well as a few tips and side notes that might be useful to anyone headed down the same path.

Installing Java

As always, the stack requires that Java is installed. As opposed to previous versions, though, the required Java version here is 8. If you don’t have Java installed, follow these commands:

$ sudo add-apt-repository ppa:webupd8team/java $ sudo apt-get update $ sudo apt-get install oracle-java8-installer

After successfully installing Java, verify the version of Java that is installed with the following command:

$ java -version java version "1.8.0_101" Java(TM) SE Runtime Environment (build 1.8.0_101-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

System Configurations

Before we begin the installation process, there are some needed system configurations that are not specified in the official documentation but will cause issues with running Elasticsearch down the road.

First, you need to set the value for the vm.max_map_count (max virtual memory) in /etc/sysctl.conf as follows:

vm.max_map_count=262144

Next, set the number of open files (file descriptors) in your /etc/security/limits.conf file:

* soft nofile 64000 * hard nofile 64000

Log out and log back in to apply changes.

Installing Elasticsearch

We will start the process of installing ELK, as usual, with the installation of Elasticsearch.

Please note that, for now, the only way to install the beta version of Elasticsearch 5.0 is by downloading the package from Elastic’s downloads page. Installation via apt or yum is not yet supported.

Download and extract the package:

$ curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.0.0-beta1.tar.gz $ tar -xvf elasticsearch-5.0.0-beta1.tar.gz

There are some needed network configurations before starting Elasticsearch. In the /config folder, open the elasticsearch.yml file and enter these configurations:

network.host: 0.0.0.0 http.port: 9200

Last but not least, start Elasticsearch:

$ bin/elasticsearch

If all goes well, you should see a number of info messages outputted. These will include information on the loaded modules, configurations, and the Elasticsearch node IP address and port (127.0.0.1:9200).

To make sure that Elasticsearch is working as expected, enter the following query in your browser: http://<ServerIP>:9200

This is the output you should be seeing:

{ "name" : "o5QSHOT", "cluster_name" : "elasticsearch", "cluster_uuid" : "23VPUCGzTgu854mFzLU6HQ", "version" : { "number" : "5.0.0-beta1", "build_hash" : "7eb6260", "build_date" : "2016-09-20T23:10:37.942Z", "build_snapshot" : false, "lucene_version" : "6.2.0" }, "tagline" : "You Know, for Search" }

Installing Kibana

Next up, Kibana. There are no source packages available for the beta version of Kibana 5, so we will install Kibana using apt.

Download and install the Elastic public signing key:

$ sudo wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Next, add the repository definition to the /etc/apt/sources.list.d/kibana.list file:

$ sudo echo "deb https://artifacts.elastic.co/packages/5.x-prerelease/apt stable main" | sudo tee -a /etc/apt/sources.list.d/kibana.list

Update the system and install Kibana:

$ sudo apt-get update && sudo apt-get install kibana

Kibana is installed, but there are some additional tweaks that need to be made to the configuration file before accessing it with your browser.

Open the configuration file at: /etc/kibana/kibana.yml.

Define the following directives:

server.port 5601 server.host 0.0.0.0

Restart Kibana to apply configurations:

$ sudo service kibana start

Access Kibana by entering the following URL in your browser: http://<ServerIP>:5601.

If you’ve used previous versions of the stack, Kibana’s new UI stands out immediately. But some things do not change! To be able to begin using Kibana, you need to first configure an index pattern.

Installing Filebeat

The next usual step when installing the ELK Stack would be to install Logstash — the traditional log shipper used for collecting and parsing logs before they are indexed in Elasticsearch. However, due to a number of reasons including reliability and resource consumption, Elastic and the community are gradually creating and moving towards using a collection of lightweight and dedicated log shippers called Beats:

$ curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.0.0-beta1-amd64.deb $ sudo dpkg -i filebeat-5.0.0-beta1-amd64.deb

The default configurations already have Filebeat tracking default system logs as well as a local installation of Elasticsearch defined as the output destination. All that’s left for us to do is start the service:

$ sudo /etc/init.d/filebeat start

Filebeat starts, and you will see a number of messages describing the configurations used.

Opening Kibana again, the next step is to enter an index pattern which I defined as: filebeat.*

Once defined, I select Discover from the menu on the left to view the messages being forwarded by Filebeat.

From this point onwards — it’s up to you!

There’s little doubt that this version of the stack is a big change from older versions. I recommend reading up on the new features in our blog post covering the expected changes in the ELK Stack 5.0 as well as our review of Kibana 5, our overall Kibana tutorial, and our guide to creating Kibana visualizations.