ELK AMI

AWS Marketplace AMI User Guide

This AMI features a built-in ELK (Elasticsearch, Logstash, and Kibana) stack on AWS cloud which can be customize to each users’ preference. This solution is ideal for user who wants the full functionality of an ELK stack and want to save some time on installing the software. We have installed all the ELK components on an Ubuntu environment, so that you can start your data analysis immediately. As easy as it sound, with just a few clicks, you can provision an ELK instance in less than a minute.

After you have provisioned the AMI, go to the AWS console where you setup your EC2 instance (for example, go to EC2 console in the Oregon region under your AWS account). Click on the instance you launched, and copy the public DNS (IPv4) address or the IPv4 Public IP address.

Public DNS (IPv4) and IPv4 Public IP in AWS EC2

Wait a few minutes to provision Kibana. Then paste {https://{IPv4 Public IP}:5601 onto your web browser and it will bring you to the Kibana launch page:

Kibana home page

You can further customize the ELK stack by SSH into the instance using the following command:

ssh -i {certificate}.pem ubuntu@ec2–XX–XXX–XXX–X.us-west-2.compute.amazonaws.com

Elasticsearch

This documentation guide you through how to get started with Elasticsearch.

Install Elasticsearch with Debian Package | Elasticsearch Reference [7.3] | Elastic

Use command line to run curl -X GET "localhost:9200/" to see if Elasticsearch is running. It should give the following if successful:

{
 “name” : “ip-172–31–28–88”,
 “cluster_name” : “my-application”,
 “cluster_uuid” : “dLfzIIfwSEWOnuu5i1I6OQ”,
 “version” : {
 “number” : “7.2.0”,
     “build_flavor” : “default”,
     “build_type” : “deb”,
     “build_hash” : “508c38a”,
     “build_date” : “2019–06–20T15:54:18.811730Z”,
     “build_snapshot” : false,
     “lucene_version” : “8.0.0”,
     “minimum_wire_compatibility_version” : “6.8.0”,
     “minimum_index_compatibility_version” : “6.0.0-beta1”
 },
 “tagline” : “You Know, for Search”
}

Alternatively, you can also check the status by sudo service elasticsearch status . If the service is down, run sudo service elasticsearch restart or sudo service elasticsearch stop to restart the service. Wait at least 30s to check the status again.

By default, all three services will automatically start when you launch the instance.

Start using Elasticsearch with Introduction to Indexing.

Logstash

Use sudo service logstash status to check the status.

Follow this tutorial to https://www.elastic.co/blog/a-practical-introduction-to-logstas get started on a Logstash pipeline.

Kibana

Use sudo service kibana status to check the status.

Refer to the Kibana user guide to start adding sample data!

Configuring Elasticsearch | Elasticsearch Guide [7.9] | Elastic

https://www.elastic.co/guide/en/kibana/7.2/getting-started.html

Configuring Elasticsearch | Elasticsearch Reference [7.3] | Elastic

Add sample data | Kibana Guide [7.2] | Elastic

Troubleshooting

Scenario 1.

If Kibana doesn’t show up on web browser, reboot the instance on AWS console.

Scenario 2.

If you encounter the following page indicating that the connection is not private, there’s a work around. Select anywhere on the error page, and type thisisunsafe. (Refer to reference number 4 & 5)

References

1. Install Elasticsearch with Debian Package
2. Installing Logstash
3. Install Kibana with Debian Package
4. No “Proceed Anyway” option on NET::ERR_CERT_INVALID in Chrome on MacOS
5. NET::ERR_CERT_REVOKED Chrome MacOS home server