Elasticsearch stack

Install Elasticsearch on Raspberry Pi (Raspbian)

  1. In the downloads folder of home (/home/pi/Downloads) download the .deb file (e.g. curl -O https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/deb/elasticsearch/2.3.4/elasticsearch-2.3.4.deb)
  2. Install the package (e.g. sudo dpkg -i elasticsearch-2.3.4.deb)
  3. Run sudo service elasticsearch status to see if it loads from systemd or /etc/init.d
    • For /etc/init.d:
      • Run sudo update-rc.d elasticsearch defaults 95 10 to automically boot on startup
      • Run sudo service elasticsearch start to start the service
    • For systemd:
      • Run sudo /bin/systemctl daemon-reload
      • Run sudo /bin/systemctl enable elasticsearch.service
      • Run sudo /bin/systemctl start elasticsearch.service
  4. Test that it works by running curl -X GET http://localhost:9200/

Allow access to elasticsearch via ip address

  1. sudo su root to change to root user
  2. vi /etc/elasticsearch/elasticsearch.yml
  3. Uncomment network.host and set its value to be 0.0.0.0
  4. Run sudo service elasticsearch restart to restart elasticsearch

Install Logstash on Raspberry Pi (Raspbian)

  1. In the downloads folder of home (/home/pi/Downloads) download the .deb file (e.g. curl -O https://download.elastic.co/logstash/logstash/packages/debian/logstash_2.3.4-1_all.deb)
  2. Install the package (e.g. sudo dpkg -i logstash_2.3.4-1_all.deb)
  3. Run sudo update-rc.d logstash defaults 95 10 to automically boot on startup
  4. Run sudo service logstash start to start the service
  5. Test that it works by running /opt/logstash/bin/logstash -h
    • If you get an error like “LoadError: Could not load FFI Provider: (NotImplementedError) FFI not available: java.lang.UnsatisfiedLinkError: /tmp/jff…” then see below for a posible resolution

Resolve JFFI issue

NOTE: Thanks to this page for providing the below information
  1. cd ~/Downloads
  2. sudo apt-get install ant texinfo
  3. git clone https://github.com/jnr/jffi.git
  4. cd jffi
  5. ant jar
  6. sudo cp build/jni/libjffi-1.2.so /opt/logstash/vendor/jruby/lib/jni/arm-Linux

Test that logstash works

NOTE: The below can also be found here
  1. cd /opt/logstash
  2. bin/logstash -e ‘input { stdin { } } output { stdout {} }’ (Note: ensure single quotes are used and not an apostrophe)

  3. Once “Pipeline main started” is displayed, type hello world (and press enter) at the command prompt to see Logstash respond
  4. CTRL-D to exit
NOTE: Logstash .conf files usually go in /etc/logstash/conf.d

Install Kibana on Raspberry Pi (Raspbian)

Install nodejs

  1. Run curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash –
  2. Run sudo apt-get install -y nodejs 
  3. Run sudo apt-get install -y build-essential

Install Kibana

NOTE: Thanks to this link for providing instructions
  1. Run sudo wget https://download.elastic.co/kibana/kibana/kibana-4.5.3-linux-x64.tar.gz
  2. Run sudo tar -zxvf kibana-4.5.3-linux-x64.tar.gz
  3. Run sudo mv kibana-4.5.3-linux-x64 /opt/kibana-4.5.3-linux-x64
  4. Run sudo ln -s /opt/kibana-4.5.3-linux-x64 /opt/kibana
  5. Run cd /opt/kibana/node/bin/
  6. Run mv node node_orig
  7. Run mv npm npm_orig
  8. Run sudo ln -s /usr/bin/node /opt/kibana/node/bin/node
  9. Run sudo ln -s /usr/bin/npm /opt/kibana/node/bin/npm
  10. Run cd /opt/kibana
  11. Run ./bin/kibana to test that it starts up as expected

Connect Kibana to Elasticsearch

  1. Run cd /opt/kibana/config
  2. Run sudo vi kibana.yml
  3. Uncomment elasticsearch.yml and set the value to the elasticsearch url (e.g. http://192.168.1.35:9200)
  4. Restart Kibana

Run Kibana as a service

  1. Use this link to create a shell script called kibana in /etc/init.d (NOTE: change USER value to be pi and ES_HOST to be 192.168.1.35)
Advertisements