Following elasticstack installation instructions and got hung up

Elastic Stack Elasticsearch
1

I'm using an Ubuntu VM, and following the instructions listed here:
https://www.elastic.co/guide/en/elasticsearch/reference/5.5/deb.html

Here is a complete list of the commands I've executed (post Ubuntu installation):

apt-get update
apt-get -y install wget unzip git apt-transport-https
add-apt-repository -y ppa:webupd8team/java
apt-get update

apt-get install oracle-java8-installer

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | \
  apt-key add -

echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | \
  tee -a /etc/apt/sources.list.d/elastic-5.x.list

apt-get -y install elasticsearch

At that point, edit /etc/elasticsearch/elasticsearch.yml, and find the line that reads (line 212):

#network.host: 192.168.0.1

Uncomment it, and replace with localhost.

At that point, I try to start the service, as instructed:

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service

This gives me the message that elasticsearch.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd_sysv-install enable elasticsearch

When i try to curl my localhost:9200 i get nothing (connection refused).

Just for laughs, I've also tried the SysV way of doing things:

sudo update-rc.d elasticsearch defaults 95 10
sudo -i service elasticsearch start

Also to no avail.

HOWEVER, if i run the binary as a normal user, it at least attempts to execute, gives me an error about IllegalStateException[Failed to create node environment]:

/usr/share/elasticsearch/bin/elasticsearch

If i run it as the as root, though, it works:

sudo /usr/share/elasticsearch/bin/elasticsearch

And then open a new terminal and run curl localhost:9200, i get the expected result (JSON array, status 200, version 1.7.3, lucene 4.10.4)

This is also wierd, because I followed Digital Oceans much older instructions from 2015 (available here: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04), and A) it works like a charm, and B) the elastic search version is 2.45 and the lucene version is 5.5.4.

Needless to say, I'm quite confused that following the current verson of ES in 2017 is giving me an older version than a set of instruction from 2015, and that the instructions here don't seem to work, period.

Any help or pointers would be appreciated. I apologize for the length of this, I've just spent a bit on this so far with no result, so I thought I would provide everything anyone could possibly ask for in advance! :slight_smile:

Look forward to your replies so I can get on track!

2

Update:

Well, i got through it.

Found instructions for ES 2.4, which suggested that ES wasn't set to start by default in Ubuntu. So, I had to edit /etc/default/elasticsearch and uncomment the START_DAEMON=true line.

After that, I could:
update-rc.d elastic search defaults 95 10

but, /etc/init.d/elasticsearch start wouldn't bring up the service (wouldn't respond to a CURL command). Restarting the VM, however, worked fine.

Then installed Kibana. That went smoothly, except for the lack of documentation about the bind address. Remembered that from the Digital Ocean documentation, so rather than install Nginx to reverse proxy it, I bound kibana to the IP address of my interface.

Now comes the fun part. I launched a browser from my host machine and pointed it at kibana (10.0.0.222:5601), and like i suspected originally when I launched ES from the command line, I only have elastic search 1.7.3 installed, whereas Kibana is 5.5.1 and won't talk to that version.

I've been following the instructions for installing Elasticstack 5.5, and have no clue why i ended up with such an outdated version of Elasticsearch. This seems like a major roadblock, as I cannot proceed from this point, and i feel like either i missed something or the documentation lead me to this dead end.

Can anyone here help?

3

What OS are you on?

4

I was installing on a fresh Ubuntu 16.04 install.

Today, I'm going to try on CentOS 7 and see if I can achieve a better outcome.

5

Happy to report I'm making a ton of progress today, still using Ubuntu 16.04. Not sure where or why i picked up the wrong repo sources yesterday, but I started from scratch and have been going smoothly so far, including:

Elasticsearch
Kibana
Logstash

Moving on to Beat, ES Hadoop, and Xpack shortly...

Feeling much better today!

6

Installed X-Pack for each of Elasticsearch, Kibana, and Logstash.

On further reading, I don't think I'll be installing Elasticstack Hadoop, as, after reading the introduction page, I'm not sure that I would be using those features yet, and think that would be adding needles complexity to my installation...

So, onwards... I guess I still need to figure out how to install beats on my server, and then I need to create a second server and configure it to send data to this ELK machine.

7

New note:

I initially installed this all in an Ubuntu VM with 8192 MB of RAM allocated to it, and it ran fine. Figuring that there was no load and no data in the system whatsoever, I backed it down to 1 GB and re-ran my steps.

Big mistake.

Anyone know what the minimal RAM requirements are for installation of the base ELK stack? And/or where to adjust them?

8

The default for heap in 5.X is 2GB, I personally wouldn't run anything smaller unless it was on my laptop.

9

Yeah - I was installing it as a test on a workstation at the office, but wanted to pare back its footprint so I can test on either my laptop or a cheap VPS, using only a minimal amount of dummy data while I evaluate. Should this go into product, obviously there would be no issue in providing it with adequate resources.

10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.