Skip to content

Instantly share code, notes, and snippets.

@ikocev
Last active June 4, 2022 23:43
Show Gist options
  • Save ikocev/9a704317052cde2039afe6465ae00fe5 to your computer and use it in GitHub Desktop.
Save ikocev/9a704317052cde2039afe6465ae00fe5 to your computer and use it in GitHub Desktop.
Install ELK (Elasticsearch + Logstash + Kibana) on Raspberry PI 4 with Nginx proxy
#I manage to make it working with the following versions:
#Elasticsearch 5.6.16. - (latest 5 version) since newer major is having issue with logstash and content type header. The problem origin at logstash not being able to run on raspberry with newer version (ffi issue - well known one).
#Logstash 2.4.0 - I know, right! It's 2019 almost 2020.
#Kibana - I didn't installed kibana on the PI, because I had it locally on my laptop. The problem was to configure
#elasticsearch to broadcast on 0.0.0.0 which puts the service into PROD mode. That open one big issues:
#JVM have to run as a server to enable hotspot (-server). Tried that one but on PI JVM simply can't be run with HotSpot
#Instead, I did proxy forward with nginx for elasticsearch, and then configured my kibana to use nginx proxy.
# ============= Elasticsearch =========== #
cd /tmp/
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.16.tar.gz
tar -xf elasticsearch-5.6.16.tar.gz
sudo mkdir -p /usr/share/elasticsearch
sudo mv -R elasticsearch-5.6.16/* /usr/share/elasticsearch
# =============== Logstash =============== #
cd /tmp
sudo wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz
sudo tar zxvf logstash-2.4.0.tar.gz
sudo mv logstash-2.4.0 /opt/logstash-2.4.0
sudo ln -s /opt/logstash-2.4.0 /opt/logstash
sudo mkdir -p /etc/logstash/conf.d
sudo mkdir -p /var/log/logstash/
cd /tmp/
sudo git clone https://github.com/jnr/jffi.git
cd jffi/
sudo apt-get install -y ant zip
sudo ant jar
cd build/jni
sudo cp libjffi-1.2.so /usr/lib
sudo mkdir -p /opt/logstash-2.4.0/vendor/jar/jni/arm-Linux/
sudo cp /tmp/jffi/build/jni/libjffi-1.2.so /opt/logstash-2.4.0/vendor/jar/jni/arm-Linux/
cd /opt/logstash-2.4.0/vendor/jar
sudo zip -g jruby-complete-1.7.11.jar jni/arm-Linux/libjffi-1.2.so
#Test logstash with
#sudo ./bin/logstash -v -f /etc/logstash/logstash.yml
#Create file `/etc/systemd/system/logstash.service` and start logstash as service once it is working
#sudo service logstash start
#=================== Kibana =================#
sudo apt-get install nginx
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=logstash
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/opt/logstash/bin/logstash -f /etc/logstash/logstash.conf
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
#/etc/nginx/conf.d/elastic.conf
#feel free to enable ssl on nginx
server {
listen 8090;
location / {
proxy_pass http://localhost:9200;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment