How to Install Elasticsearch, Logstash, Filebeat, & Kibana on Ubuntu

ELK stack is the collection of open source products developed by the elastic. The following three things are performed:

  • Collection of data: The user collects the data from different sources
  • Analyze the data: processing the collected data
  • Visualization: denotes the representation of data


  • Ubuntu Server 20.04 LTS
  • Java(JDK)
  • 2 CPU and 4 GB RAM
  • Ports 9200, 5601, 5044.

Install the required packages:

apt-get update
apt-get install openjdk-11-jdk wget apt-transport-https curl gnupg2 -y

Check Java version.

java -version 

Here is the command output.

Fig 1

Install & Configure ElasticSearch

  • Add elasticsearch signing key & repository.
wget -qO - --no-check-certificate
 | sudo apt-key add -
echo "deb stable main" 
| sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Here is the command output.

Fig 2

Update the  repository.

apt-get update

Install ElasticSearch

apt-get install elasticsearch -y

Open elesticsearch configuration file using vim editor.

vim /etc/elasticsearch/elasticsearch.yml

Uncomment & Provide the follwoing values: localhost/
http.port: 9200
discovery.type: single-node

Start & Enable ElasticSearch Service

systemctl start elasticsearch
systemctl enable elasticsearch

Check ElasticSearch Status.

systemctl status elasticsearch

Here is the command output.

Fig. 4

Check elasticsearch service pid using command line.

ss -antpl | sudo grep 9200

Here is the command output.

Fig. 3

Check elasticsearch is running by sending HTTP request.

Fig. 6

We can also check elasticsearch is running status using web browser(http://localhost:9200) or (http://server-ip:9200)

Fig. 6


Install and Configure Kibana

  • Install kibana on Ubuntu.
apt-get install kibana

Open kibana configuration file using editor.

vim /etc/kibana/kibana.yml

Uncomment & Edit the config file.Provide the follwoing values.

server.port: 5601 "" or "localhost"
elasticsearch.hosts: ["http://localhost:9200"] or [""]

Start & Enable Kibana Service

systemctl start kibana
systemctl enable kibana

Check the Kibana Status

systemctl status kibana

Here is the command output.

Fig. 7

Install and Configure Logstash

  • Install logstash on ubuntu.
apt-get install logstash
  • Create config file.
vim /etc/logstash/conf.d/02-beats-input.conf
  • Enter the follwoing lines.
input {

  beats {

    port => 5044


  • Create the logstash configuration file to send the logs.
vim /etc/logstash/conf.d/30-elasticsearch-output.conf
  • Enter the follwoing lines.
output {

  elasticsearch {

    hosts => ["localhost:9200"] or [""]

    manage_template => false

    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"


  • Start & Enable Logstash service.
systemctl start logstash
systemctl enable logstash
  • Check Logstash status.
systemctl status logstash

Here is the command output.

Fig. 9


Install and Configure Filebeat

  • Install Filebeat on ubuntu.
apt-get install filebeat
  • Open filebeat configuration file.
vim /etc/filebeat/filebeat.yml
  • Comment the below lines.
  # Array of hosts to connect to.
#  hosts: ["localhost:9200"]
  • Uncomment the below lines.
hosts: ["localhost:5044"] or [""]
  • Start & Enable filebeat service.
systemctl start filebeat
systemctl enable filebeat
  • Check Filebeat status.
systemctl status filebeat

Here is the command output.

Fig 10

  • Enable filebeat system module.
filebeat modules enable system

Here is the command output.

Fig 11

  • Check that ElasticSearch is receiving datalog from filebeat using below command.
curl -XGET http://localhost:9200/_cat/indices?v

Here is the command output.

Fig 12

Access Kibana Web Interface

  • Access Kibana Web Interface by using the URL.

Fig. 8


Leave a Reply