Instructions for getting an ELK stack set up quick on Mac. Paths are opinionated. You'll have to infer and change. Sorry mate. 🍰
Install Homebrew if not already. You probably have. If not, you should.
brew install elasticsearch nginx
# do yourself a favor and get a better services command than launchctl
brew tap gapple/services
Download these guys:
- logstash-1.4.2.tar.gz
- logstash-contrib-1.4.2.tar.gz
- kibana-3.1.2.tar.gz (or v4 if you prefer)
I usually throw app installs in /opt on Linux. Mac doesn't have this by default. This is up to you. Elasticsearch is going to be under /usr/local because of homebrew.
# your preference on /opt or not
mkdir /opt
sudo chown $USER /opt
# unpack logstash and very valuable contrib tarballs
cd /opt
tar xzf ~/Downloads/logstash-1.4.2.tar.gz
cd logstash-1.4.2
tar xzf ~/Downloads/logstash-contrib-1.4.2.tar.gz --strip-components=1
# put kibana in nginx
cd /usr/local/var/www
tar xzf ~/Downloads/kibana-3.1.2.tar.gz
mv kibana-3.1.2 kibana
# edit config.js with your hostname
vi kibana/config.js
# line 32 - read the comments on why you might not want localhost here
# for dev box only
elasticsearch: "http://localhost:9200",
# enable cors for kibana3 + elasticsearch 1.4
vi /usr/local/Cellar/elasticsearch/1.4.3/config/elasticsearch.yml
# kibana 3 compatibility
http.cors.enabled: true
http.cors.allow-origin: http://localhost:8080
# the services command is from the brew/tap at the top, love it
$ brew services restart elasticsearch
# make sure nginx starts by itself
# nginx config is in /usr/local/etc/nginx/nginx.conf if you need to look at it
# it won't need any edits for kibana. it's just js/html in a directory.
# browse to http://localhost:8080/kibana (you should see a kibana page)
# Now, let's change the default page to logstash.
cd /usr/local/var/www/kibana/app/dashboards
mv default.json default.json.orig
cp logstash.json default.json
# refresh the kibana page. It will be logstash's default now.
Now you have to suck your logs into logstash. That's a different tutorial.