ELK Stack on VBOX (Part I)

7 min readDec 25, 2017

I will follow a public article from linuxacademy.com about installing ELK Stack using Virtual BOX. Let´ see what happen

(Next, you can see ELK Stack on VBOX — Part II)

Step 1: VBOX instances

The tutorial ask for a virtual machine with 6 GB of RAM, but I am using a MAC with 8 GB for all… so I will gave it only 5 GB, and well see that it is enough …

HD OK:

Now we have our linux instance:

ELK Slave 2GB of RAM… let´s go on …

File System Slave

OK: Master and Slave:

Step 02: Networks

Let´s create the network

Now, let´s config the network on the VM master and slave:

Let´s continue:

We should download a CentosOS image to burn into the VM (I have selected DVD ISO)

In the while… We will also create port forwarding rules in File — Preferences — Network — Port Forwarding. The idea is to use our favorite shell:

Let´s use tmux as suggested by the autor …

Let´s continue with port forwarding:

Later, I should be sure what is the IP for master and slave … and fix it in the “Private IP” column

OK, let´s continue: I have at last my CentosOS ISO Image donwload, I am ready to burn it in the VM´s

I need to review how to burn it, so, let´s see: https://askubuntu.com/questions/64915/how-do-i-install-ubuntu-on-a-virtualbox-client-from-an-iso-image

Same with the slave:

Let´s init MASTER to install Centos OS in the MASTER VM:

Let´s continue:

OK, we have CentosOS on the master:

Let´s do something with the slave

Users are: pabloeze in slave and pabloezequiel in master

OK. that is ok, but I would like to know what are the IP in the VM… After a couple of try, I realize that it is no so easy as I have expected… Inside VM CentosOS the ip addr show command only show localhost o 127.0.0.1 and ifconfig command looks that it is not available… and I am looking it in the /sbin dir of CentoOS, so It don´t look like a PATH problem. Ok, so, after reading a blog, It is suggesting to use nmap, but nmap it is not available on MAC… I will stop it here, let´s continue with ELK Stack

Our Master and Slave are:

we will configure hostnames on ELK Master 1 and ELK Slave 1:

next, with the slave:

we will use simplest way to configure network in CentOS 7 from users point of view, using nmtui tool (part of NetworkManager).

We will configure network interfaces to use static IP.

Network interfaces to use static IP in MASTER

Next, we follow linuxacademy post recomendations:

You will need to set next settings for elkmaster1:

IPv4 Configuration: Manual
Addresses: 10.0.2.4/24
Gateway: 10.0.2.1
DNS servers (Google Public DNS): 8.8.8.8, 8.8.4.4
IPv6 Configuration: Ignore
Check: Automatically connect
Check: Availabale to all users

Quit & verify:

Network interfaces to use static IP in SLAVE

Next, repeat the same to SLAVE:

Network with IP FIXED Ready

We can verify with ping that master and slave are able to connect each other:

JDK 8 INSTALLATION ON Elk Master

Let´s continue with the tutorial, next step is to install JDK 8 on master

$ wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u152-b16/aa0333dd3019491ca4f6ddbe78cdb6d0/jdk-8u152-linux-x64.rpm"

$ rpm -ivh jdk-8u152-linux-x64.rpm$ java -version

Step 03: ELASTICSEARCH — INSTALLATION

$ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch$ vi /etc/yum.repos.d/elasticsearch.repo[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Installing Elastic search ….

$ yum -y install elasticsearch

To start elasctic search as a service:


[root@elkmaster1 ~]# systemctl daemon-reload[root@elkmaster1 ~]# systemctl enable elasticsearch.serviceCreated symlink from
 /etc/systemd/system/multi-user.target.wants/elasticsearch.service to 
 /usr/lib/systemd/system/elasticsearch.service.
[root@elkmaster1 ~]# systemctl start elasticsearch.service

Edit:

vi /etc/elasticsearch/elasticsearch.yml:

cluster.name: linuxacademy-elk
node.name: elkmaster1
node.attr.rack: centos7
network.host: 10.0.2.4
http.port: 9200
node.max_local_storage_nodes: 1

And restart elsatic search

$ systemctl restart elasticsearch

$ systemctl restart elasticsearch

We need to edit /usr/lib/systemd/system/elasticsearch.service to remove the –quiet option from ExecStart command

[root@elkmaster1 ~]# systemctl daemon-reload
[root@elkmaster1 ~]# systemctl restart elasticsearch.service

Last, but not least, commands to interact with elastic search

$ journalctl --unit elasticsearch

$ journalctl --unit elasticsearch --since "2017-12-20 18:00:00"

Next install net-cat

$ yum -y install nmap-ncat

Now, we should check that elasiticsearch is alive and running… but:

ncat -v localhost 9200

$ systemctl status elasticsearch

curl -X GET http://localhost:9200/

What´s is wrong? Explication, Solution and End of Post!

Ok, we have elasticsearch installed OK, and the service configured OK… But when I test it with a curl against localhost:9200 it respond connection refused

The explication is pretty easy: elastic search is listening on another host and port: 10.0.2.4:2300 … but, how cold we get realized about it?

First, let´s see the elasticsearch journal and scroll it on the right side: