How to install ELK on Windows

install elk windowsIn this tutorial we will provide you detailed instructions on how to install ELK (Elasticsearch, Logstash and Kibana) on Windows.

A short introduction about the ELK stack

The ELK is a powerful and versatile stack for collecting, analyzing and exploring data in real time.

The components of the ELK stack are:

Elasticsearch – Search and analyze data in real time.

Logstash – Collect, enrich, and transport data.

Kibana – Explore and visualize data.

Tutorial – How to install ELK on Windows

Step 1 – Install Java 8

This is a mandatory step once both Elasticsearch and Logstash require Java. We are recommending the Java 8 because so far is the most recent stable version.

While a JRE can be used for the Elasticsearch service, due to its use of a client VM (as oppose to a server JVM which offers better performance for long-running applications) its usage is discouraged and a warning will be issued.

Download JDK installer

Access the Java download page (http://www.oracle.com/technetwork/pt/java/javase/downloads/jdk8-downloads-2133151.html), click on “Accept License Agreement” and then select the option “Windows x64”. So far the newest version is jdk-8u101-windows-x64.exe.

Install JDK

Just execute the JDK installer and follow the wizard instructions.

Step 2 – Create a folder to keep the ELK components grouped

Create a directory “D:\ELK”. This directory will be used to keep all ELK components grouped in the same folder.

Step 3 – Download and configure Elasticsearch 2.3.5

Download Elasticsearch

Download the Elasticsearch ZIPPED package from here: https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/zip/elasticsearch/2.3.5/elasticsearch-2.3.5.zip

Extract its content to the “D:\ELK” folder. The result will be “D:\ELK\elasticsearch-2.3.5”.

Configure Elasticsearch

In order to make Elasticsearch REST API only available within the ELK machine, we need to make one modification inside the “D:\ELK\elasticsearch-2.3.5\config\elasticsearch.yml” file:

Find the line:

And replace by the line:

Run Elasticsearch as a Service

In order to make the Elasticsearch run as a service we need to open the CMD and execute the following commands:

And you should receive a confirmation message:

The last step is to define the service’s startup type. It will allow Elasticsearch to automatically initialize along with Windows.

Click Start, click Control Panel, double-click Administrative Tools, and then double-click Services. Find the “Elasticsearch 2.3.5” and open its properties. You will see a combo-box labeled as “Startup type”. Modify its value to “Automatic”. Within the same screen, check whether the service is already started or not. Initialize the service, if necessary, clicking on the Start button.

Step 4 – Download and configure Kibana 4.5.4

Download Kibana

Download the Kibana ZIPPED package from here: https://download.elastic.co/kibana/kibana/kibana-4.5.4-windows.zip

Extract its content to the “D:\ELK” folder. The result will be “D:\ELK\kibana-4.5.4-windows”.

Configure Kibana

In order to make Kibana only available within the ELK machine, we need to make one modification inside the “D:\ELK\kibana-4.5.3-windows\config\kibana.yml” file:

Find the line:

And replace by the line:

Run Kibana as a Service

By default Kibana doesn’t provide any native mechanism to run as a Service. By the way, this feature is intended to be added in future releases.

One easy and simple way to workaround it is to use the NSSM Service Manager. It allows us to create a wrapper service that invokes the Kibana starter command.

Download the NSSM Service Manager from the link: https://nssm.cc/release/nssm-2.24.zip

Extract its content, navigate to the folder win64 and copy the nssm.exe file to the “D:\ELK\kibana-4.5.4-windows” directory.

Open the CMD and execute the following commands:

The last step is to define the service’s startup type. It will allow Kibana to automatically initialize along with Windows.

Click Start, click Control Panel, double-click Administrative Tools, and then double-click Services. Find the “Kibana” and open its properties. You will see a combo-box labeled as “Startup type”. Modify its value to “Automatic”. Within the same screen, check whether the service is already started or not. Initialize the service, if necessary, clicking on the Start button.

Step 5 – Download and configure Logstash 2.3.4

Download Logstash

Download the Logstash ZIPPED package from here: https://download.elastic.co/logstash/logstash/logstash-2.3.4.zip

Extract its content to the “D:\ELK” folder. The result will be “D:\ELK\logstash-2.3.4”.

Configure Logstash

Access the “D:\ELK\logstash-2.3.4” directory and create a sub-folder named “conf.d”. This folder will hold our Logstash configuration’s file.

Create a new file inside the “conf.d” folder named “logstash.conf” and add the following content:

Run Logstash as a Service

By default Logstash doesn’t provide any native mechanism to run as a Service. By the way, this feature is intended to be added in future releases.

One easy and clean way to workaround is to use the NSSM Service Manager. It allows us to create a wrapper service that invokes the Logstash starter command.

Download the NSSM Service Manager from the link: https://nssm.cc/release/nssm-2.24.zip

Extract its content, navigate to the folder win64 and copy the nssm.exe file to the “D:\ELK\logstash-2.3.4” directory.

Open the CMD and execute the following commands:

Step 6 – Download and configure Apache Web Server 2.4

This step will basically instruct you to install and configure the Apache server in order to create a Proxy Pass to access the Kibana dashboards through the port 80 instead of the 5601. We will also create a basic authentication mechanism to ensure that only some people will access the dashboards.

Download Apache Web Server

Some versions of Windows require the package “Visual C++ Redistributable for Visual Studio 2015” (vc_redist_x64.exe) to be installed in order to run Apache.

If necessary, you can download this dependency from here:https://www.microsoft.com/en-ie/download/details.aspx?id=48145

Download the Apache ZIPPED package from here: https://www.apachehaus.com/downloads/httpd-2.4.23-x86-vc14.zip

Extract its content to the “D:\ELK” folder. The result will be “D:\ELK\Apache24”.

Configure Apache Web Server

Add a new entry to the hosts file (or a DNS entry)

In this case we will add a new entry inside the hosts file (C:\Windows\System32\drivers\etc\hosts).

Access the folder “D:\ELK\Apache24\conf” and create a sub-folder named “kibana”.

Configure the Virtual Host

Inside this new folder, create a new file named “kibana-vhost.conf” containing the lines bellow:

We also need to create the users file that will be used within the virtual host configuration. Open the CMD and execute the following commands:

The htpasswd utility will then ask you to enter the new user’s password:

Configure the Apache Settings

Access the folder “D:\ELK\Apache24\conf” and edit the file “httpd.conf” as described bellow:

Find the line:

And replace by the line:

Uncomment the following lines:

Add the following lines after the line “Include conf/extra/httpd-vhosts.conf”:

Run Apache as a Service

In order to make the Apache run as a service we need to open the CMD and execute the following commands:

The last step is to define the service’s startup type. It will allow Apache to automatically initialize along with Windows.

Click Start, click Control Panel, double-click Administrative Tools, and then double-click Services. Find the “Apache2.4” and open its properties. You will see a combo-box labeled as “Startup type”. Modify its value to “Automatic”. Within the same screen, check whether the service is already started or not. Initialize the service, if necessary, clicking on the Start button.

Conclusion

After all steps above you can test and access the Kibana dashboards from your machine. Don’t forget to add “kibana.yourdomain.com” to your hosts file pointing to the proper public IP of the machine running the ELK stack or add a respective entry in your DNS server.

For the very first time, when accessing “kibana.yourdomain.com”, it will be required to enter the credentials we’ve created during the Apache’s configuration.