How to install Elasticsearch and Kibana version 8.1 on RHEL For Beginner

On this article we are going to perform Elasticsearch and Kibana installation stack on the RHEL, let’s start the process.

Step 1. Download the installer

Before we proceed, we need to download and ensure the installer is the latest version 8.1 as similar as this article.

https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.1.0-x86_64.rpm

https://artifacts.elastic.co/downloads/kibana/kibana-8.1.0-x86_64.rpm

Step 2. Pre-Configuration

On this article the installation process will be executed in the on-promise development environment, it is not required to use strict firewall. So, we need to stop the firewall services.

$sudo systemctl stop firewalld.service

$sudo systemctl status firewalld.service

Take a note:

• To perform the ELK installation your account must have permission to execute the installation or SUDO privileges.
• For Production environment you need to ensure the firewall and port open to avoid issues during installation process.

Elasticsearch and Kibana Overview

Elasticsearch is a real-time, distributed storage, search, and analytics engine. Kibana is an open source analytics and visualization platform designed to work with Elasticsearch.

Step 3. Elasticsearch setup

Run this command to perform Elasticsearch setup and wait until it complete and you will see the finish message below.

$ sudo rpm -ivh elasticsearch-8.1.0-x86_64.rpm

[devops@munwarrior~]$ sudo rpm -ivh elasticsearch-8.1.0-x86_64.rpm

[sudo] password for devops:

warning: elasticsearch-8.1.0-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY

Creating elasticsearch group… OK

Creating elasticsearch user… OK

— — — — — — — — — — — — — — Security autoconfiguration information — — — — — — — — — — — — — — —

Authentication and authorization are enabled.

TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : Gw*LbsCh+cVXikp+XER8

If this node should join an existing cluster, you can reconfigure this with

‘/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node — enrollment-token <token-here>’

after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with

‘/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic’.

Generate an enrollment token for Kibana instances with

‘/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana’.

Generate an enrollment token for Elasticsearch nodes with

‘/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node’.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd

sudo systemctl daemon-reload

sudo systemctl enable elasticsearch.service

### You can start elasticsearch service by executing

sudo systemctl start elasticsearch.service

[/usr/lib/tmpfiles.d/elasticsearch.conf:1] Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.

Then you need to run the command below

sudo systemctl daemon-reload

sudo systemctl enable elasticsearch.service

sudo systemctl start elasticsearch.service

sudo systemctl status elasticsearch.service

Once the Elasticsearch installation finish, to validate the elasticsearch service is up and run this command

$sudo curl — cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

[devops@munwarrior]$ sudo curl — cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

Enter host password for user ‘elastic’:

{

“name” : “node-1”,

“cluster_name” : “elasticsearch”,

“cluster_uuid” : “-ao6PfivQey_gJ20DDgdUg”,

“version” : {

“number” : “8.1.0”,

“build_flavor” : “default”,

“build_type” : “rpm”,

“build_hash” : “3700f7679f7d95e36da0b43762189bab189bc53a”,

“build_date” : “2022–03–03T14:20:00.690422633Z”,

“build_snapshot” : false,

“lucene_version” : “9.0.0”,

“minimum_wire_compatibility_version” : “7.17.0”,

“minimum_index_compatibility_version” : “7.0.0”

},

“tagline” : “You Know, for Search”

}

Step 4. Kibana setup

Run this command to perform Kibana setup and wait until it complete and you will see the finish message.

$ sudo rpm -ivh kibana-8.1.0-x86_64.rpm

Before we run the Kibana services, we need to amend 2 important information on the kibana.yml.

$sudo vi /etc/kibana/kibana.yml

Search the parameter and uncomment it from the kibana.yml, then save.

server.port: 5601

server.host: “192.168.100.100” {IP address}

Once finish, then run the command below

sudo systemctl daemon-reload

sudo systemctl enable kibana.service

sudo systemctl start kibana.service

sudo systemctl status kibana.service

After running sudo systemctl status kibana.service you will see “http server running at http://192.168.100.100:5601”, then open browser and paste the URL on the kibana status.

You will need to fill in the kibana token, to get the token you must go to Elasticsearch server located then run the command below.

$sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Copy the auto-generated kibana token, paste onto the Kibana browser to complete the activity.