Prudent Devs

Installing Logstash, ElasticSearch & Kibana on a Vagrant Box

ELK is a set of powerful tools to collect, analyse, and visualize events and logs. Here is a step-by-step guide to installing it on a CentOS vagrant box

Logtash + ElasticSearch + Kibana, awkwardly abbreviated as ELK, are a powerful combination of tools to collect, analyse and visualise events and logs. Below are my notes in installing these tools on a CentOS vagrant box.

Note: For creating a CentOS box on Vagrant, refer my earlier post

1. Install Tools

ELK tools are not available in the default repositories. So first add them.

sudo rpm --import
sudo vi /etc/yum.repos.d/elasticsearch.repo

add the below lines to the file:

name=Elasticsearch repository for 1.2.x packages

On to Logstash. Add the repo:

sudo vi /etc/yum.repos.d/logstash.repo

add these lines to the file:

name=logstash repository for 1.4.x packages

Kibanna needs a web server. So install Nginx:

sudo vi /etc/yum.repos.d/nginx.repo

add these lines to the file

name=nginx repo

Now install Elasticsearch, Logstash and Nginx.

sudo yum -y install elasticsearch nginx logstash

Install Kibanna before tying all the tools to work together.

tar -xvzf kibana-3.1.0.tar.gz

sudo cp -R kibana-3.1.0/ /usr/share/kibana

This will be the web server directory for nginx. Now configure nginx to look for files in this directory.

sudo vi /etc/nginx/conf.d/default.conf

The config file has to be similar to this. It says, the web server will serve at 8080 and the files from /usr/share/kibana will be served under root.

server {
    listen       8080;
    server_name  localhost;

    location / {
        root   /usr/share/kibana;
        index  index.html index.htm;

2. Start Services & Verify

sudo service elasticsearch start
sudo service nginx start

By default elasticsearch runs at 9200. Test it out:

curl http://localhost:9200

This should return something like:

  "status" : 200,
  "name" : "Rigellian Recorder",
  "version" : {
    "number" : "1.2.1",
    "build_hash" : "6c95b759f9e7ef0f8e17f77d850da43ce8a4b364",
    "build_timestamp" : "2014-06-03T15:02:52Z",
    "build_snapshot" : false,
    "lucene_version" : "4.8"
  "tagline" : "You Know, for Search"

Now test nginx, which is configured to run at 8080.

curl http://localhost:8080

It should return kibana index file.

3. Access ELK from Mac

If ELK has to be accessible from the host system, in this case MacOS, the VM ports need to be forwarded to the host system. Make the below changes in the VagrantFile.

# -*- mode: ruby -*-
# vi: set ft=ruby :


Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| = "centos65" "forwarded_port", guest: 8080, host: 8080 "forwarded_port", guest: 9200, host: 9200

After making the changes, restart vagrant.

vagrant reload

Now, on the MacOS, browse to http://localhost:8080 and http://localhost:9200 to view kibana and elasticsearch.

Published On:
Under: #code , #elk , #devops
Sign up for my newsletter