For this tutorial we will be using Ubuntu 14.04.5. This setup can further be leveraged with Apache Metron (Incubating). Additional installation instructions for Metron core will be provided in another article. Install Elasticsearch First we'll install Elasticsearch 2.4. You'll need the following prerequisites: wget apt-transport-https Java You can install them by logging into your ES node and executing the following: sudo apt-get update sudo apt-get install -y wget apt-transport-https # If using oracle jdk 8 sudo apt-get install -y software-properties-common sudo apt-add-repository -y ppa:webupd8team/java sudo apt-get update echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | sudo debconf-set-selections sudo apt-get install -y oracle-java8-installer Now let's install Elasticsearch. Run the following commands on the node where you want to install ES. # Get the Elasticsearch packages wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - # Add the Elasticsearch packages to apt echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list # Install Elasticsearch sudo apt-get update && sudo apt-get install elasticsearch # Configure for automatic start on system boot for System V systems sudo update-rc.d elasticsearch defaults 95 10 # Start Elasticsearch sudo service elasticsearch start If you're running this in Docker, you'll also want to run the following before starting the es service: # Setup networking echo 'network.host: 0.0.0.0' >> /etc/elasticsearch/elasticsearch.yml Check that Elasticsearch is running. Go to http://$ELASTICSEARCH_HOST:9200 and verify you see something like the following: { "name" : "Saturnyne", "cluster_name" : "metron", "cluster_uuid" : "F-m2WjlDSAu_0TTCqXki1w", "version" : { "number" : "2.4.4", "build_hash" : "fcbb46dfd45562a9cf00c604b30849a6dec6b017", "build_timestamp" : "2017-01-03T11:33:16Z", "build_snapshot" : false, "lucene_version" : "5.5.2" }, "tagline" : "You Know, for Search" } Install Kibana Now we'll install Kibana 4.5.3 on Ubuntu 14.04.5. First you should have the following prerequisites: wget You can install them by logging into your Kibana node and executing the following: sudo apt-get update sudo apt-get install -y wget Now let's install Kibana. Run the following commands on the node where you want to install Kibana. # Get the Elasticsearch/Kibana packages wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - # Add the Kibana packages to apt echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list # Install Kibana sudo apt-get update && sudo apt-get install kibana # Configure for automatic start on system boot sudo update-rc.d kibana defaults 95 10 # Configure Kibana for Elasticsearch host:port # Note: set the host and port accordingly to point to your Elasticsearch host from the installation above. sed -ri "s;^(\#\s*)?(elasticsearch\.url:).*;\2 'http://elasticsearch:9200';" /opt/kibana/config/kibana.yml # Start Kibana export PATH=/opt/kibana/bin:$PATH kibana That should be it. Now you should be able to go to http://$KIBANA_HOST:5601 and see the Kibana dashboard. Extras Setting up Docker If you're looking to get a quick demo environment running, you can follow these steps to run this example in Docker. For this part we'll be using Docker for Mac on Mac OSX 10.12. Setup Docker for Mac - https://docs.docker.com/docker-for-mac/ Add Docker files that setup the images for Elasticsearch and Kibana. See the attached ubuntu-dockerfile.tar.gz tarball.ubuntu-dockerfile.tar.gz Untar the bundle. You should have 2 directories: ubuntu-elasticsearch and ubuntu-kibana Build the Docker images (you'll want this so you can reuse them). Replace $YOUR_TAG_NAME with whatever you like. Don't forget the period '.' at the end of the line. docker build -f ubuntu-elasticsearch/Dockerfile -t $YOUR_TAG_NAME/ubuntu-elasticsearch . docker build -f ubuntu-kibana/Dockerfile -t $YOUR_TAG_NAME/ubuntu-kibana . Run the containers. The container names will be "es" and "kibana." docker run -p 9200:9200 -P --name es -dit $YOUR_TAG_NAME/ubuntu-elasticsearch docker run -p 5601:5601 -P --name kibana -dit $YOUR_TAG_NAME/ubuntu-kibana Note: if you need to re-run for any reason (failed startup, for instance), kill and remove the containers, e.g. docker kill es docker rm es Now login to the ES container and follow the ES install steps from above. docker exec -it es /bin/bash logout Login to the Kibana container and follow the Kibana install steps from above. docker exec -it kibana /bin/bash logout You should now have two running Docker containers that you are able to connect to from your localhost. http://localhost:9200 http://localhost:5601 Note: There are currently limitations with Docker for Mac networking. Alternatively, you could use docker-machine for a more robust example. Reference https://www.elastic.co/guide/en/elasticsearch/reference/2.4/setup-repositories.html https://www.elastic.co/guide/en/kibana/4.5/setup-repositories.html https://docs.docker.com/docker-for-mac/ https://docs.docker.com/machine/overview/ ... View more