ikocev · June 4, 2022 23:43
diff --git a/install-ELK.sh b/install-ELK.sh
 #I manage to make it working with the following versions:
 #Elasticsearch 5.6.16. - (latest 5 version) since newer major is having issue with logstash and content type header. The problem origin at logstash not being able to run on raspberry with newer version (ffi issue - well known one).
 #Logstash 2.4.0 - I know, right! It's 2019 almost 2020.
 #Kibana - I didn't installed kibana on the PI, because I had it locally on my laptop. The problem was to configure 
 #elasticsearch to broadcast on 0.0.0.0 which puts the service into PROD mode. That open one big issues:
 #JVM have to run as a server to enable hotspot (-server). Tried that one but on PI JVM simply can't be run with HotSpot
 #Instead, I did proxy forward with nginx for elasticsearch, and then configured my kibana to use nginx proxy.

 # ============= Elasticsearch =========== #
 cd /tmp/
 wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.16.tar.gz
 tar -xf elasticsearch-5.6.16.tar.gz
 sudo mkdir -p /usr/share/elasticsearch
 sudo mv -R elasticsearch-5.6.16/* /usr/share/elasticsearch

 # =============== Logstash =============== #
 cd /tmp
 sudo wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz
 sudo tar zxvf logstash-2.4.0.tar.gz
 sudo mv logstash-2.4.0 /opt/logstash-2.4.0
 sudo ln -s /opt/logstash-2.4.0 /opt/logstash
 sudo mkdir -p /etc/logstash/conf.d
 sudo mkdir -p /var/log/logstash/

 cd /tmp/
 sudo git clone https://github.com/jnr/jffi.git
 cd jffi/
 sudo apt-get install -y ant zip
 sudo ant jar
 cd build/jni
 sudo cp libjffi-1.2.so /usr/lib

 sudo mkdir -p /opt/logstash-2.4.0/vendor/jar/jni/arm-Linux/
 sudo cp /tmp/jffi/build/jni/libjffi-1.2.so /opt/logstash-2.4.0/vendor/jar/jni/arm-Linux/

 cd /opt/logstash-2.4.0/vendor/jar
 sudo zip -g jruby-complete-1.7.11.jar jni/arm-Linux/libjffi-1.2.so

 #Test logstash with
 #sudo ./bin/logstash -v -f /etc/logstash/logstash.yml
 #Create file `/etc/systemd/system/logstash.service` and start logstash as service once it is working
 #sudo service logstash start

 #=================== Kibana =================#
 sudo apt-get install nginx

diff --git a/logstash.service b/logstash.service
 [Unit]
 Description=logstash

 [Service]
 Type=simple
 User=logstash
 Group=logstash
 # Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
 # Prefixing the path with '-' makes it try to load, but if the file doesn't
 # exist, it continues onward.
 EnvironmentFile=-/etc/default/logstash
 EnvironmentFile=-/etc/sysconfig/logstash
 ExecStart=/opt/logstash/bin/logstash -f /etc/logstash/logstash.conf
 Restart=always
 WorkingDirectory=/
 Nice=19
 LimitNOFILE=16384

 [Install]
 WantedBy=multi-user.target
diff --git a/nginx-elasticsearch.conf b/nginx-elasticsearch.conf
 #/etc/nginx/conf.d/elastic.conf
 #feel free to enable ssl on nginx

 server {
   listen 8090;
   location / {
      proxy_pass http://localhost:9200;
   }
 }
	#I manage to make it working with the following versions:
	#Elasticsearch 5.6.16. - (latest 5 version) since newer major is having issue with logstash and content type header. The problem origin at logstash not being able to run on raspberry with newer version (ffi issue - well known one).
	#Logstash 2.4.0 - I know, right! It's 2019 almost 2020.
	#Kibana - I didn't installed kibana on the PI, because I had it locally on my laptop. The problem was to configure
	#elasticsearch to broadcast on 0.0.0.0 which puts the service into PROD mode. That open one big issues:
	#JVM have to run as a server to enable hotspot (-server). Tried that one but on PI JVM simply can't be run with HotSpot
	#Instead, I did proxy forward with nginx for elasticsearch, and then configured my kibana to use nginx proxy.

	# ============= Elasticsearch =========== #
	cd /tmp/
	wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.16.tar.gz
	tar -xf elasticsearch-5.6.16.tar.gz
	sudo mkdir -p /usr/share/elasticsearch
	sudo mv -R elasticsearch-5.6.16/* /usr/share/elasticsearch

	# =============== Logstash =============== #
	cd /tmp
	sudo wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz
	sudo tar zxvf logstash-2.4.0.tar.gz
	sudo mv logstash-2.4.0 /opt/logstash-2.4.0
	sudo ln -s /opt/logstash-2.4.0 /opt/logstash
	sudo mkdir -p /etc/logstash/conf.d
	sudo mkdir -p /var/log/logstash/

	cd /tmp/
	sudo git clone https://github.com/jnr/jffi.git
	cd jffi/
	sudo apt-get install -y ant zip
	sudo ant jar
	cd build/jni
	sudo cp libjffi-1.2.so /usr/lib

	sudo mkdir -p /opt/logstash-2.4.0/vendor/jar/jni/arm-Linux/
	sudo cp /tmp/jffi/build/jni/libjffi-1.2.so /opt/logstash-2.4.0/vendor/jar/jni/arm-Linux/

	cd /opt/logstash-2.4.0/vendor/jar
	sudo zip -g jruby-complete-1.7.11.jar jni/arm-Linux/libjffi-1.2.so

	#Test logstash with
	#sudo ./bin/logstash -v -f /etc/logstash/logstash.yml
	#Create file `/etc/systemd/system/logstash.service` and start logstash as service once it is working
	#sudo service logstash start

	#=================== Kibana =================#
	sudo apt-get install nginx
	[Unit]
	Description=logstash

	[Service]
	Type=simple
	User=logstash
	Group=logstash
	# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
	# Prefixing the path with '-' makes it try to load, but if the file doesn't
	# exist, it continues onward.
	EnvironmentFile=-/etc/default/logstash
	EnvironmentFile=-/etc/sysconfig/logstash
	ExecStart=/opt/logstash/bin/logstash -f /etc/logstash/logstash.conf
	Restart=always
	WorkingDirectory=/
	Nice=19
	LimitNOFILE=16384

	[Install]
	WantedBy=multi-user.target
	#/etc/nginx/conf.d/elastic.conf
	#feel free to enable ssl on nginx

	server {
	listen 8090;
	location / {
	proxy_pass http://localhost:9200;
	}
	}