Kibana

similar to the installation of the Elasticsearch, we can install the Kibana in following steps:

Install Kibana with RPM

The RPM for Kibana can be downloaded from our website or from our RPM repository. It can be used to install Kibana on any RPM-based system such as OpenSuSE, SLES, Centos, Red Hat, and Oracle Enterprise.

Note
RPM install is not supported on distributions with old versions of RPM, such as SLES 11 and CentOS 5. Please see Install Kibana with .tar.gz instead.

The latest stable version of Kibana can be found on the Download Kibana page. Other versions can be found on the Past Releases page.
Import the Elastic PGP Key

We sign all of our packages with the Elastic Signing Key (PGP key D88E42B4, available from https://pgp.mit.edu) with fingerprint:

4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4

Download and install the public signing key:

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Installing from the RPM repository

Create a file called kibana.repo in the /etc/yum.repos.d/ directory for RedHat based distributions, or in the /etc/zypp/repos.d/ directory for OpenSuSE based distributions, containing:

[kibana-5.x]
name=Kibana repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

And your repository is ready for use. You can now install Kibana with one of the following commands:

sudo yum install kibana 
sudo dnf install kibana 
sudo zypper install kibana 

Download and install manually

The RPM for Kibana v5.0.2 can be downloaded from the website and installed as follows:

64 bit:

wget https://artifacts.elastic.co/downloads/kibana/kibana-5.0.2-x86_64.rpm
sha1sum kibana-5.0.2-x86_64.rpm
sudo rpm –install kibana-5.0.2-x86_64.rpm

Compare the SHA produced by sha1sum or shasum with the published SHA.

32 bit:

wget https://artifacts.elastic.co/downloads/kibana/kibana-5.0.2-i686.rpm
 sha1sum kibana-5.0.2-i686.rpm
 sudo rpm --install kibana-5.0.2-i686.rpm

[root@localhost Downloads]$ sudo systemctl start kibana
 [root@localhost Downloads]$ sudo systemctl enable kibana
 Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.
 [root@localhost Downloads]$ ps -ef | grep kibana
 kibana   100107      1 13 10:36 ?        00:00:03 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml

Open the Kibana configuration file for editing:

• sudo vi /opt/kibana/config/kibana.yml

In the Kibana configuration file, find the line that specifies server.host, and replace the IP address (“0.0.0.0” by default) with “localhost”:

server.host: "localhost"

Save and exit. This setting makes it so Kibana will only be accessible to the localhost. This is fine because we will install an Nginx reverse proxy, on the same server, to allow external access.

Now start the Kibana service, and enable it:

• sudo systemctl start kibana
• sudo chkconfig kibana on

Before we can use the Kibana web interface, we have to set up a reverse proxy. Let’s do that now, with Nginx.

Reverse Proxy with Nginx

Because we configured Kibana to listen on localhost, we must set up a reverse proxy to allow external access to it. We will use Nginx for this purpose.

Note: If you already have an Nginx instance that you want to use, feel free to use that instead. Just make sure to configure Kibana so it is reachable by your Nginx server (you probably want to change the host value, in /opt/kibana/config/kibana.yml, to your Kibana server’s private IP address). Also, it is recommended that you enable SSL/TLS.

Add the EPEL repository to yum:

• sudo yum -y install epel-release

Now use yum to install Nginx and httpd-tools:

• sudo yum -y install nginx httpd-tools

Use htpasswd to create an admin user, called “kibanaadmin” (you can use another name, and we will use this to access the Kibana at the end), that can access the Kibana web interface:

• sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin

Enter a password at the prompt. Remember this login, as you will need it to access the Kibana web interface.

Now open the Nginx configuration file in your favorite editor. We will use vi:

• sudo vi /etc/nginx/nginx.conf

Find the default server block (starts with server {), the last configuration block in the file, and delete it. When you are done, the last two lines in the file should look like this:

    include /etc/nginx/conf.d/*.conf;
}

Save and exit.

Now we will create an Nginx server block in a new file:

• sudo vi /etc/nginx/conf.d/kibana.conf

Paste the following code block into the file. Be sure to update the server_name to match your server’s name:

server {
    listen 80;
    server_name example.com;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;
    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;        
    }
}

Save and exit. This configures Nginx to direct your server’s HTTP traffic to the Kibana application, which is listening on localhost:5601. Also, Nginx will use the htpasswd.users file, that we created earlier, and require basic authentication.

Now start and enable Nginx to put our changes into effect:

• sudo systemctl start nginx
• sudo systemctl enable nginx

Note: This tutorial assumes that SELinux is disabled. If this is not the case, you may need to run the following command for Kibana to work properly: sudo setsebool -P httpd_can_network_connect 1

Kibana is now accessible via your FQDN or the public IP address of your ELK Server i.e. http://elk_server_public_ip/. If you go there in a web browser, after entering the “kibanaadmin” credentials, you should see a Kibana welcome page which will ask you to configure an index pattern. Let’s get back to that later, after we install all of the other components.