Comments on How to Install Elastic Stack on Ubuntu 16.04

Hi,

Not sure how much has changed in the packages in one day (since this post), but already found a problem... (I'm also using an updated fresh install of 16.04)

You say "Now edit the elasticsearch service file for the memory lock mlockall configuration."/usr/lib/systemd/system/elasticsearch.service

However, this file doesn't exist. The folder you specify also doesn't exist. I've also done a search for this. Is there something I'm missing here?

Even is /usr/lib/systemd/system/elasticsearch.service exists.

vim /usr/lib/systemd/system/elasticsearch.service on ubuntu isnt right. You should try to never adjust to original files. Edit it like this :

sudo systemctl edit elasticsearch.service  Which results in Editing "/etc/systemd/system/elasticsearch.service.d/override.conf"

 

 

Yes I'm aware of this, but for now, I'm just trying to follow the above steps step by step and even though I'm using a fresh updated install of 16.04, I don't find these steps the same on my install.

We tested the tutorial here again today and the steps from the tutorial are working on Ubuntu 16.04. There was one typo in the command that installs kibana which has been corrected now.

I've tried 3 times with fresh Ubuntu 16.04 but allways stuck int his part "mv ~/logstash.crt /etc/filebeat/" it says "mv: cannot stat '/etc/logstash/logstash.crt': No such file or directory",on the server side (elkserver) checking /etc/logstash/ folder and logstash.crt is there,but it returns error when you try to mv. Any ideas ?

You need to upload the file 'logstash.crt' from the 'elk-master' server to the 'client ubuntu or centos' with scp command.

On the elk-master - run as root:

ls /etc/logstash/logstash.crt

Make sure you have that file on the 'elk-master' server.

Connect to the elk-client.

ssh root@elk-client

From the elk-client terminal, download 'logstash.crt' file from elk-master to elk-client with scp.

cd ~/

scp root@elk-master:/etc/logstash/logstash.crt .

'logstash.crt' file on the home directory of the elk-client.

move to the '/etc/filebeat/' directory.

mv ~/logstash.crt /etc/filebeat/

Hopefully, it can help you

Running Ubuntu 16.04.2 and on part 2 after starting the services. The system host is not listining on port 9200.  Any ideas?  Going step-by-step

sudo systemctl daemon-reloadsudo systemctl enable elasticsearchsudo systemctl start elasticsearch

Wait a sec for Elasticsearch to run, then check the open port on the server, make sure the 'state' for port 9200 is 'LISTEN'.

netstat -plntu

Specify network.host: localhost not the IPv4 ;)

this same problem here....frsh install and no listening 9200 port......everything was installed step by step....

I know how old and grizzled my eyes are but I can't find a mention of removing the nginx default site link, which stops the reverse proxy from listening on port 80.  Seems a sudo rm /etc/nginx/sites-enabled/default is needed

Hey guys,

It seems like my cert is not working properly, when I look at tail -f /var/log/filebeat/filebeat, I am getting the following error message in the logs:

"cannot validate certificate for <my elk master ip> because it doesn't contain any IP SANs"

I tried to create new certificate with CN=ubuntu (which is the hostname), but I don't have any DNS on my network. Would it be possible to just add the server IP instead? If yes, how should I write it?

Run : export JAVA_HOME="/usr"

and the service will start correctly :)

Thanks for this awesome post. It worked out fine!

Hi, Got some issues when running filebeat. Will not start on Ubuntu. I have followed all steps to the letter.

Any help is appretiated.

Hello,

    This is a very good tuorial, I am little confused though at the logstash and filebeat part on a client. In the configuration you say to use port = 5443 (logstash) and for filebeat (on client) elk-master:5443, in the elasticsearch installation, I don't see port 5443 mentioned any where? Can you explain please?

 

Thanks,

Michael

Everytime i do this configuration I get this error from Filebeat and i know it's bogus. 2018-01-12T08:03:02Z CRIT Exiting: Error in initing prospector: can not convert 'object' into 'string' accessing 'filebeat.prospectors.0.paths.2' (source:'/etc/filebeat/filebeat.yml')

My certificates are correct and in the right place, Elasticsear logstash and Kibana are working on the ELK-Master server, why is filebeat so difficult to get running. It shouldn't be this hard.

 

Thanks,

Michael

I am like so totaly close on this thing. I'm really impressed with your build instructions. you might want to add a bit about how to get it to run as a server, so taht users can browse to it from other PC's. i think i got it figures out in any case.

 

I've logged into my kibana GUI and I'm on the:

Management / Kibana

     Index patterns page. 

 

There is a box to type in my "Index pattern" but then under the box I see a red nasty....

 

Unable to fetch mapping. Do you have indices matching the pattern?

And there is no "Create" button. Can you help me out oin this one?

The java installer seems to be obsolete;

any idea how this can be resolved?

Reading package lists... Done Building dependency tree Reading state information... Done Package oracle-java8-installer is not available, but is referred to by another p ackage. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'oracle-java8-installer' has no installation candidate

that was very good, thank you very much for this article!!!

Keep posting such useful articles.