{"id":17513,"date":"2023-06-25T14:14:51","date_gmt":"2023-06-25T11:14:51","guid":{"rendered":"https:\/\/kifarunix.com\/?p=17513"},"modified":"2024-03-10T09:42:39","modified_gmt":"2024-03-10T06:42:39","slug":"install-elk-stack-8-on-debian-12","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-elk-stack-8-on-debian-12\/","title":{"rendered":"Install ELK Stack 8 on Debian 12"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to install ELK stack 8 on Debian 12 systems. Elastic\/ELK stack 8.x has been released making it another major version release after Elastic 7.x. As of this writing, Elastic 8.8.1 is the <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/es-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">current release version<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-elk-stack-8-on-debian-12\">Installing ELK Stack 8 on Debian 12<\/a><ul><li><a href=\"#install-vanilla-debian-12-server\">Install Vanilla Debian 12 Server<\/a><\/li><li><a href=\"#system-hardware-requirements\">System Hardware Requirements<\/a><\/li><li><a href=\"#set-system-hostname\">Set system Hostname<\/a><\/li><li><a href=\"#install-elastic-stack-8-repositories\">Install Elastic Stack 8 Repositories<\/a><\/li><li><a href=\"#installing-elk-stack-8-on-debian-12-1\">Installing ELK Stack 8 on Debian 12<\/a><ul><li><a href=\"#install-elasticsearch-8-on-debian-12\">Install Elasticsearch 8 on Debian 12<\/a><\/li><li><a href=\"#configure-elasticsearch-8-on-debian-12\">Configure Elasticsearch 8 on Debian 12<\/a><\/li><li><a href=\"#adjust-elasticsearch-jvm-settings\">Adjust Elasticsearch JVM Settings<\/a><\/li><li><a href=\"#running-elasticsearch\">Running Elasticsearch<\/a><\/li><li><a href=\"#install-kibana-8-on-debian-12\">Install Kibana 8 on Debian 12<\/a><\/li><li><a href=\"#configure-kibana\">Configure Kibana<\/a><\/li><li><a href=\"#generate-kibana-enrollment-token\">Generate Kibana Enrollment Token<\/a><\/li><li><a href=\"#generate-kibana-encryption-keys\">Generate Kibana Encryption Keys<\/a><\/li><li><a href=\"#running-kibana\">Running Kibana<\/a><\/li><\/ul><\/li><li><a href=\"#access-kibana-8-dashboard\">Access Kibana 8 Dashboard<\/a><\/li><\/ul><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-elk-stack-8-on-debian-12\">Installing ELK Stack 8 on Debian 12<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-vanilla-debian-12-server\">Install Vanilla Debian 12 Server<\/h3>\n\n\n\n<p>You can check how to install Debian 12 server on VirtualBox by following the guide below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-debian-12-on-virtualbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Debian 12 on VirtualBox<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"system-hardware-requirements\">System Hardware Requirements<\/h3>\n\n\n\n<p>This is dependent on your setup use cases and how much data you are expecting to process, data retention period, the desired performance etc. No standard is same for everyone. So provide &#8220;enough!&#8221;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"set-system-hostname\">Set system Hostname<\/h3>\n\n\n\n<p>Begin by setting your system hostname;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>hostnamectl set-hostname elk.kifarunix-demo.com<\/code><\/pre>\n\n\n\n<p>Update DNS records locally on hosts file if you dont have DNS server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"192.168.57.66 elk.kifarunix-demo.com elk\" &gt;&gt; \/etc\/hosts<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-elastic-stack-8-repositories\">Install Elastic Stack 8 Repositories<\/h3>\n\n\n\n<p>To install Elastic Stack 8 on Debian 12, you need to install Elastic Stack 8 repositories as follows.<\/p>\n\n\n\n<p>Install Elastic stack 8 repository signing key.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install sudo gnupg2 apt-transport-https curl vim -y<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO - https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | \\\ngpg --dearmor &gt; \/etc\/apt\/trusted.gpg.d\/elk.gpg<\/code><\/pre>\n\n\n\n<p>Install the Elastic Stack 8 repository;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb https:\/\/artifacts.elastic.co\/packages\/8.x\/apt stable main\" \\\n&gt; \/etc\/apt\/sources.list.d\/elastic-8.list<\/code><\/pre>\n\n\n\n<p>Run system update;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"installing-elk-stack-8-on-debian-12-1\">Installing ELK Stack 8 on Debian 12<\/h3>\n\n\n\n<p>Elastic stack is made up of various opensource tools; Elasticsearch, Logstash, Kibana, and Beats.<\/p>\n\n\n\n<p>The order of installation is;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Elasticsearch<\/li>\n\n\n\n<li>Kibana<\/li>\n\n\n\n<li>Logstash<\/li>\n\n\n\n<li>Beats<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-elasticsearch-8-on-debian-12\">Install Elasticsearch 8 on Debian 12<\/h4>\n\n\n\n<p>You can install Elasticsearch 8 automatically from Elastic repos installed above by executing the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install elasticsearch -y<\/code><\/pre>\n\n\n\n<p>During the installation, the Elastic Security features will be enabled by default;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authentication and authorization are enabled.<\/li>\n\n\n\n<li>TLS for the transport and HTTP layers is enabled and configured.<\/li>\n\n\n\n<li>Elastic super user account (elastic) and its password is created.<\/li>\n<\/ul>\n\n\n\n<pre class=\"scroll-box\"><code>\nReading package lists... Done\nBuilding dependency tree... Done\nReading state information... Done\nThe following NEW packages will be installed:\n  elasticsearch\n0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.\nNeed to get 597 MB of archives.\nAfter this operation, 1,236 MB of additional disk space will be used.\nGet:1 https:\/\/artifacts.elastic.co\/packages\/8.x\/apt stable\/main amd64 elasticsearch amd64 8.8.1 [597 MB]\nFetched 597 MB in 4min 27s (2,231 kB\/s)                                                                                                                                    \nSelecting previously unselected package elasticsearch.\n(Reading database ... 28970 files and directories currently installed.)\nPreparing to unpack ...\/elasticsearch_8.8.1_amd64.deb ...\nCreating elasticsearch group... OK\nCreating elasticsearch user... OK\nUnpacking elasticsearch (8.8.1) ...\nSetting up elasticsearch (8.8.1) ...\n<strong>--------------------------- Security autoconfiguration information ------------------------------\n\nAuthentication and authorization are enabled.\nTLS for the transport and HTTP layers is enabled and configured.\n\nThe generated password for the elastic built-in superuser is : ALL16n6Xv5yJclrWt5Sc\n\nIf this node should join an existing cluster, you can reconfigure this with\n'\/usr\/share\/elasticsearch\/bin\/elasticsearch-reconfigure-node --enrollment-token &lt;token-here>'\nafter creating an enrollment token on your existing cluster.\n\nYou can complete the following actions at any time:\n\nReset the password of the elastic built-in superuser with \n'\/usr\/share\/elasticsearch\/bin\/elasticsearch-reset-password -u elastic'.\n\nGenerate an enrollment token for Kibana instances with \n '\/usr\/share\/elasticsearch\/bin\/elasticsearch-create-enrollment-token -s kibana'.\n\nGenerate an enrollment token for Elasticsearch nodes with \n'\/usr\/share\/elasticsearch\/bin\/elasticsearch-create-enrollment-token -s node'.\n\n-------------------------------------------------------------------------------------------------<\/strong>\n### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd\n sudo systemctl daemon-reload\n sudo systemctl enable elasticsearch.service\n### You can start elasticsearch service by executing\n sudo systemctl start elasticsearch.service\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-elasticsearch-8-on-debian-12\">Configure Elasticsearch 8 on Debian 12<\/h4>\n\n\n\n<p>Since we are running a basic setup single node cluster, we will go with the default settings.<\/p>\n\n\n\n<p>If you check the Elasticsearch configuration file,<strong><code>\/etc\/elasticsearch\/elasticsearch.yml<\/code><\/strong>, you will see the security setting enabled;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------\n#\n# The following settings, TLS certificates, and keys have been automatically      \n# generated to configure Elasticsearch security features on 25-06-2023 10:20:02\n#\n# --------------------------------------------------------------------------------\n\n# Enable security features\nxpack.security.enabled: true\n\nxpack.security.enrollment.enabled: true\n\n# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents\nxpack.security.http.ssl:\n  enabled: true\n  keystore.path: certs\/http.p12\n\n# Enable encryption and mutual authentication between cluster nodes\nxpack.security.transport.ssl:\n  enabled: true\n  verification_mode: certificate\n  keystore.path: certs\/transport.p12\n  truststore.path: certs\/transport.p12\n# Create a new cluster with the current node only\n# Additional nodes can still join the cluster later\ncluster.initial_master_nodes: [\"elk.kifarunix-demo.com\"]\n\n# Allow HTTP API connections from anywhere\n# Connections are encrypted and require user authentication\nhttp.host: 0.0.0.0\n\n# Allow other nodes to join the cluster from anywhere\n# Connections are encrypted and mutually authenticated\n#transport.host: 0.0.0.0\n\n#----------------------- END SECURITY AUTO CONFIGURATION -------------------------\n<\/code><\/pre>\n\n\n\n<p>Without comment lines, this is how the default Elasticsearch 8 configuration looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>grep -Ev '^#|^$' \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\npath.data: \/var\/lib\/elasticsearch\npath.logs: \/var\/log\/elasticsearch\nxpack.security.enabled: true\nxpack.security.enrollment.enabled: true\nxpack.security.http.ssl:\n  enabled: true\n  keystore.path: certs\/http.p12\nxpack.security.transport.ssl:\n  enabled: true\n  verification_mode: certificate\n  keystore.path: certs\/transport.p12\n  truststore.path: certs\/transport.p12\ncluster.initial_master_nodes: [\"elk.kifarunix-demo.com\"]\nhttp.host: 0.0.0.0\n<\/code><\/pre>\n\n\n\n<p>Of course you can update the cluster name, node name, the host and the port details.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"adjust-elasticsearch-jvm-settings\">Adjust Elasticsearch JVM Settings<\/h4>\n\n\n\n<p>Next, configure JVM heap size to no more than half the size of your memory. In this case, our test server has 2G RAM and the heap size is set to 512M for both maximum and minimum sizes.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo -e '-Xms512m\\n-Xmx512m' &gt; \/etc\/elasticsearch\/jvm.options.d\/jvm-heap.options<\/code><\/pre>\n\n\n\n<p>Adjust the minimum and maximum memory size based on your setup.<\/p>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-elasticsearch\">Running Elasticsearch<\/h4>\n\n\n\n<p>Start and enable Elasticsearchto run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now elasticsearch<\/code><\/pre>\n\n\n\n<p>To check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status elasticsearch<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf elasticsearch.service - Elasticsearch\n     Loaded: loaded (\/lib\/systemd\/system\/elasticsearch.service; enabled; preset: enabled)\n     Active: active (running) since Sun 2023-06-25 06:25:01 EDT; 3s ago\n       Docs: https:\/\/www.elastic.co\n   Main PID: 2338 (java)\n      Tasks: 77 (limit: 3510)\n     Memory: 853.8M\n        CPU: 32.907s\n     CGroup: \/system.slice\/elasticsearch.service\n             \u251c\u25002338 \/usr\/share\/elasticsearch\/jdk\/bin\/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=\/usr\/share\/elasticsearch\/bin\/elasticsearch -Dcli.l>\n             \u251c\u25002394 \/usr\/share\/elasticsearch\/jdk\/bin\/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manager=allow -XX:+Alw>\n             \u2514\u25002414 \/usr\/share\/elasticsearch\/modules\/x-pack-ml\/platform\/linux-x86_64\/bin\/controller\n\nJun 25 06:24:45 elk.kifarunix-demo.com systemd[1]: Starting elasticsearch.service - Elasticsearch...\nJun 25 06:25:01 elk.kifarunix-demo.com systemd[1]: Started elasticsearch.service - Elasticsearch.\n<\/code><\/pre>\n\n\n\n<p>You can as well verify ES status using curl command. Replace the IP\/domain name accordingly.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl https:\/\/elk.kifarunix-demo.com:9200 --cacert \/etc\/elasticsearch\/certs\/http_ca.crt -u elastic<\/code><\/pre>\n\n\n\n<p>When prompted, enter the Elasticsearch password generated above.<\/p>\n\n\n\n<p>If you get such an output, then all is well.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n{\n  \"name\" : \"elk.kifarunix-demo.com\",\n  \"cluster_name\" : \"elasticsearch\",\n  \"cluster_uuid\" : \"oOQp0G9cSzOqZgBYYk6O_g\",\n  \"version\" : {\n    \"number\" : \"8.8.1\",\n    \"build_flavor\" : \"default\",\n    \"build_type\" : \"deb\",\n    \"build_hash\" : \"f8edfccba429b6477927a7c1ce1bc6729521305e\",\n    \"build_date\" : \"2023-06-05T21:32:25.188464208Z\",\n    \"build_snapshot\" : false,\n    \"lucene_version\" : \"9.6.0\",\n    \"minimum_wire_compatibility_version\" : \"7.17.0\",\n    \"minimum_index_compatibility_version\" : \"7.0.0\"\n  },\n  \"tagline\" : \"You Know, for Search\"\n}\n<\/code><\/pre>\n\n\n\n<p>Also, check the ports are opened;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep 9200<\/code><\/pre>\n\n\n\n<pre class=\"scroll-sz\"><code>\nLISTEN 0      4096                    *:9200            *:*    users:((\"java\",pid=2394,fd=423))\n<\/code><\/pre>\n\n\n\n<p>You can also confirm the heap size set above;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl \"https:\/\/elk.kifarunix-demo.com:9200\/_cat\/nodes?v&amp;h=heap*\" \\\n--cacert \/etc\/elasticsearch\/certs\/http_ca.crt -u elastic<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>\nheap.current heap.percent heap.max\n     366.7mb           71    512mb\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-kibana-8-on-debian-12\">Install Kibana 8 on Debian 12<\/h4>\n\n\n\n<p>Since we already setup Elastic repos, simply install Kibana 8 by running the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install kibana<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nReading package lists... Done\nBuilding dependency tree... Done\nReading state information... Done\nThe following NEW packages will be installed:\n  kibana\n0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.\nNeed to get 281 MB of archives.\nAfter this operation, 750 MB of additional disk space will be used.\nGet:1 https:\/\/artifacts.elastic.co\/packages\/8.x\/apt stable\/main amd64 kibana amd64 8.8.1 [281 MB]\nFetched 281 MB in 2min 0s (2,351 kB\/s)                                                                                                                                     \nSelecting previously unselected package kibana.\n(Reading database ... 30281 files and directories currently installed.)\nPreparing to unpack ...\/kibana_8.8.1_amd64.deb ...\nUnpacking kibana (8.8.1) ...\nSetting up kibana (8.8.1) ...\nCreating kibana group... OK\nCreating kibana user... OK\nCreated Kibana keystore in \/etc\/kibana\/kibana.keystore\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-kibana\">Configure Kibana<\/h4>\n\n\n\n<p>Kibana is set to run on&nbsp;<strong>localhost:5601<\/strong>&nbsp;by default. To allow external access, edit the configuration file and replace the value of&nbsp;<code>server.host<\/code>&nbsp;with an interface IP.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code># Kibana is served by a back end server. This setting specifies the port to use.\n<strong>server.port: 5601<\/strong>\n\n...\n# To allow connections from remote users, set this parameter to a non-loopback address.\n#server.host: \"localhost\"\n<strong>server.host: \"192.168.57.66\"<\/strong>\n<\/code><\/pre>\n\n\n\n<p>Those are the only changes we will make for now.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-kibana-enrollment-token\">Generate Kibana Enrollment Token<\/h4>\n\n\n\n<p>Next, generate an enrollment token for Kibana using the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-create-enrollment-token -s kibana<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>eyJ2ZXIiOiI4LjguMSIsImFkciI6WyIxMC4wLjIuMTU6OTIwMCJdLCJmZ3IiOiI3ODJjNWVkM2VjZmNmMDhiZjY5ZTVlMjkzYmI5YjYwYWEzYzQ2MTliZTAxYjJhMDZmNjUzYmQ0NWY5MzBiZjUyIiwia2V5IjoiU29NbThvZ0JTLW9zaVdSdmQ0UFU6OXRqZ2RvVTVSeHk4TlR4N0tnekY2ZyJ9<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-kibana-encryption-keys\">Generate Kibana Encryption Keys<\/h4>\n\n\n\n<p>Also generate Kibana Encryption keys;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>xpack.encryptedSavedObjects.encryptionKey<\/code><\/strong>: Used to encrypt stored objects such as dashboards and visualizations<\/li>\n\n\n\n<li><strong><code>xpack.reporting.encryptionKey<\/code><\/strong>: Used to encrypt saved reports<\/li>\n\n\n\n<li><strong><code>xpack.security.encryptionKey<\/code><\/strong>: Used to encrypt session information<\/li>\n<\/ul>\n\n\n\n<p>These can be generated using the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/kibana\/bin\/kibana-encryption-keys generate<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n...\nSettings:\nxpack.encryptedSavedObjects.encryptionKey: 0e1d3ac4c4ca57beacae544c0a04e5c6\nxpack.reporting.encryptionKey: 9f4f49f945013181aa99e093b5531822\nxpack.security.encryptionKey: 1a2ecd8b1b7745a020589c05fa29893e\n<\/code><\/pre>\n\n\n\n<p>Insert these lines into Kibana config file, kibana.yml.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo -e \"xpack.encryptedSavedObjects.encryptionKey: 0e1d3ac4c4ca57beacae544c0a04e5c6\nxpack.reporting.encryptionKey: 9f4f49f945013181aa99e093b5531822\nxpack.security.encryptionKey: 1a2ecd8b1b7745a020589c05fa29893e\" &gt;&gt; \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<p>With all comment lines removed, this is how our Kibana configuration looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>grep -Ev '^#|^$' \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nserver.port: 5601\nserver.host: \"192.168.57.66\"\nlogging:\n  appenders:\n    file:\n      type: file\n      fileName: \/var\/log\/kibana\/kibana.log\n      layout:\n        type: json\n  root:\n    appenders:\n      - default\n      - file\npid.file: \/run\/kibana\/kibana.pid\nxpack.encryptedSavedObjects.encryptionKey: 0e1d3ac4c4ca57beacae544c0a04e5c6\nxpack.reporting.encryptionKey: 9f4f49f945013181aa99e093b5531822\nxpack.security.encryptionKey: 1a2ecd8b1b7745a020589c05fa29893e\n<\/code><\/pre>\n\n\n\n<p>If you need to secure Kibana 8 by proxying it with Nginx, you can check how to on our previous by following the link below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-elastic-stack-7-on-Debian 12-18-04-debian-9-8\/#proxykibanawithnginx\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Nginx with SSL to Proxy Kibana<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-kibana\">Running Kibana<\/h4>\n\n\n\n<p>Once the installation is done, start and enable Kibana 8 to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now kibana<\/code><\/pre>\n\n\n\n<p>Confirm Kibana status after some seconds;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status kibana<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf kibana.service - Kibana\n     Loaded: loaded (\/lib\/systemd\/system\/kibana.service; enabled; preset: enabled)\n     Active: active (running) since Sun 2023-06-25 06:46:52 EDT; 29s ago\n       Docs: https:\/\/www.elastic.co\n   Main PID: 2913 (node)\n      Tasks: 11 (limit: 3510)\n     Memory: 328.5M\n        CPU: 13.987s\n     CGroup: \/system.slice\/kibana.service\n             \u2514\u25002913 \/usr\/share\/kibana\/bin\/..\/node\/bin\/node \/usr\/share\/kibana\/bin\/..\/src\/cli\/dist\n\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.315-04:00][INFO ][plugins-service] Plugin \"cloudExperiments\" is disabled.\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.315-04:00][INFO ][plugins-service] Plugin \"cloudFullStory\" is disabled.\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.315-04:00][INFO ][plugins-service] Plugin \"cloudGainsight\" is disabled.\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.343-04:00][INFO ][plugins-service] Plugin \"profiling\" is disabled.\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.432-04:00][INFO ][http.server.Preboot] http server running at http:\/\/192.168.57.66:5601\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.767-04:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.769-04:00][INFO ][preboot] \"interactiveSetup\" plugin is holding setup: Validating Elasticsearch c>\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: [2023-06-25T06:47:04.806-04:00][INFO ][root] Holding setup until preboot stage is completed.\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: i Kibana has not been configured.\nJun 25 06:47:04 elk.kifarunix-demo.com kibana[2913]: Go to http:\/\/192.168.57.66:5601\/?code=777867 to get started.\n<\/code><\/pre>\n\n\n\n<p>From the status output, you will see such lines;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>Kibana has not been configured.<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>Go to http:\/\/192.168.57.66:5601\/?code=777867 to get started.<\/strong><\/code><\/pre>\n\n\n\n<p>You will have to copy and access the provided URL on browser to complete the setup.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"access-kibana-8-dashboard\">Access Kibana 8 Dashboard<\/h3>\n\n\n\n<p>You can now access Kibana 8 from your browser using the url provided above, <strong><code><strong>http:\/\/192.168.57.66:5601\/?code=777867<\/strong><\/code><\/strong>. It could be different for you.<\/p>\n\n\n\n<p>If UFW is running, Open Kibana 8 port;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow 5601\/tcp<\/code><\/pre>\n\n\n\n<p>Upon accessing Kibana 8 interface, on the welcome page, you will be required to configure Elastic to get started.<\/p>\n\n\n\n<p>So just copy the Kibana token generated above using the <code><strong>\/usr\/share\/elasticsearch\/bin\/elasticsearch-create-enrollment-token -s kibana<\/strong><\/code>, command and paste on the box.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"987\" height=\"728\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/06\/configure-kibana-enrollment-token.png\" alt=\"Install ELK Stack 8 on Debian 12\" class=\"wp-image-17521\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/06\/configure-kibana-enrollment-token.png?v=1687690402 987w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/06\/configure-kibana-enrollment-token-768x566.png?v=1687690402 768w\" sizes=\"(max-width: 987px) 100vw, 987px\" \/><\/figure><\/div>\n\n\n<p>Once you paste the token, click <strong>Configure Elastic<\/strong>. It will then save the settings, configure and restart Elasticsearch.<\/p>\n\n\n\n<p>You are then taken to Login page. Login using the generated Elastic user credentials.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"913\" height=\"622\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/06\/kibana-login-page.png\" alt=\"Install ELK Stack 8 on Debian 12\" class=\"wp-image-17522\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/06\/kibana-login-page.png?v=1687690701 913w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/06\/kibana-login-page-768x523.png?v=1687690701 768w\" sizes=\"(max-width: 913px) 100vw, 913px\" \/><\/figure><\/div>\n\n\n<p>On the welcome page, click <strong>Explore on my own<\/strong> to proceed to Kibana 8 dashboard.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1898\" height=\"949\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/kibana-8.0_dashboard.png\" alt=\"Install ELK Stack 8 on Debian 12\" class=\"wp-image-11604\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/kibana-8.0_dashboard.png?v=1645086175 1898w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/kibana-8.0_dashboard-768x384.png?v=1645086175 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/kibana-8.0_dashboard-1536x768.png?v=1645086175 1536w\" sizes=\"(max-width: 1898px) 100vw, 1898px\" \/><\/figure><\/div>\n\n\n<p>You can install other components, Logstash and Filebeat!<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-filebeat-8-on-debian\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Filebeat 8 on Debian 12<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h2>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-logstash-elasticsearch-basic-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Logstash Elasticsearch Basic Authentication<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-filebeat-elasticsearch-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Filebeat-Elasticsearch Authentication<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-enable-basic-authentication-on-elk-stack\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Enable Basic Authentication on ELK Stack<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to install ELK stack 8 on Debian 12 systems. Elastic\/ELK stack 8.x has been released making it another<\/p>\n","protected":false},"author":10,"featured_media":11605,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,910,121],"tags":[6952,6953,6954,6951,6950],"class_list":["post-17513","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-elastic-stack","category-howtos","tag-debian-12-elasticsearch","tag-debian-12-elk","tag-elk-stack-debian-12","tag-install-elasticsearch-8-on-debian-12","tag-install-elk-stack-8-on-debian-12","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/17513"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=17513"}],"version-history":[{"count":8,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/17513\/revisions"}],"predecessor-version":[{"id":20761,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/17513\/revisions\/20761"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/11605"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=17513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=17513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=17513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}