ubuntu-elk-install.sh

#!/bin/bash

##################################################################################################################################
# https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-20-04
##################################################################################################################################

# Configures a full ELK stack ob Ubuntu 20.04
# - Elasticsearch
# - Kibana
# - nginx
# - logstash
# - filebeat

# URL: http://127.0.0.1
# User: kibanaadmin
# Password: intimissimi

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list
curl -sSfL -o /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.9.6/yq_linux_amd64
chmod +x /usr/local/bin/yq
DEBIAN_FRONTEND="noninteractive" apt update
DEBIAN_FRONTEND="noninteractive" apt dist-upgrade -y

DEBIAN_FRONTEND="noninteractive" apt install -y elasticsearch
yq e '."network.host" = "localhost"' -i /etc/elasticsearch/elasticsearch.yml
chown root:elasticsearch /etc/elasticsearch/elasticsearch.yml
systemctl enable elasticsearch
systemctl restart elasticsearch

DEBIAN_FRONTEND="noninteractive" apt install -y kibana
systemctl enable kibana
systemctl restart kibana

DEBIAN_FRONTEND="noninteractive" apt install -y nginx
cp -a /etc/nginx/sites-available/default{,.original}
echo 'server {
    listen 80 default_server;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;
    location / {
        proxy_pass http://127.0.0.1:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}' > /etc/nginx/sites-available/default
echo 'kibanaadmin:$apr1$3kZwpSku$aiUaCmo9SrBG3YYMXLz6e0' > /etc/nginx/htpasswd.users
systemctl enable nginx
systemctl restart nginx

DEBIAN_FRONTEND="noninteractive" apt install -y logstash
echo 'input {
  beats {
    port => 5044
  }
}' > /etc/logstash/conf.d/02-beats-input.conf
echo 'output {
  if [@metadata][pipeline] {
    elasticsearch {
    hosts => ["localhost:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    pipeline => "%{[@metadata][pipeline]}"
    }
  } else {
    elasticsearch {
    hosts => ["localhost:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    }
  }
}' > /etc/logstash/conf.d/30-elasticsearch-output.conf
systemctl enable logstash
systemctl restart logstash

DEBIAN_FRONTEND="noninteractive" apt install -y filebeat
cp -a /etc/filebeat/filebeat.yml{,.original}
echo 'filebeat.inputs:
  - type: log
    enabled: false
    paths:
      - /var/log/*.log
  - type: filestream
    enabled: false
    paths:
      - /var/log/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
output.logstash:
  hosts: ["localhost:5044"]
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~' > /etc/filebeat/filebeat.yml
filebeat modules enable system nginx aws
filebeat setup --pipelines --modules system
filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'
filebeat setup -E output.logstash.enabled=false -E output.elasticsearch.hosts=['localhost:9200'] -E setup.kibana.host=localhost:5601
systemctl enable filebeat
systemctl start filebeat