24.06.2025

How to Install and Configure the ELK Stack on CentOS 7

This comprehensive guide offers a clear, step-by-step walkthrough for installing and setting up the ELK Stack — which includes Elasticsearch, Logstash, and Kibana — on a virtual server running CentOS 7. Whether you're a system administrator, DevOps engineer, or developer looking to implement centralized log management and powerful data visualization, this tutorial will help you get started with a production-ready setup. By the end of this guide, you’ll have a fully operational ELK Stack configured to collect, process, and display log data in real time.

What Is the ELK Stack?

ELK stands for Elasticsearch, Logstash, and Kibana:

Elasticsearch — a powerful search and analytics engine.
Logstash — a data processing pipeline that ingests, transforms, and forwards data.
Kibana — a visualization interface that lets you explore and analyze data stored in Elasticsearch.

Together, these tools provide a flexible and scalable log management and data analysis solution.

System Requirements

To ensure stable performance, your server should meet the following minimum requirements:

RAM: 4 GB
CPU: 2 cores

Step 1: Install Java

The ELK stack requires Java. Install it using:

yum -y install java-1.8.0

Verify the installation:

java -version

Step 2: Install and Configure Elasticsearch

Add Elasticsearch GPG Key:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Add Elasticsearch Repository:

Create the file:

sudo vi /etc/yum.repos.d/elasticsearch.repo

Add the following content:

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Install Elasticsearch:

sudo yum install elasticsearch

Configure Elasticsearch:

Edit the config file:

vi /etc/elasticsearch/elasticsearch.yml

Uncomment and set the following:

bootstrap.memory_lock: true
network.host: localhost
http.port: 9200

Edit the sysconfig file:

vi /etc/sysconfig/elasticsearch

Set:

MAX_LOCKED_MEMORY=unlimited

Enable and Start Elasticsearch:

systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch

Step 3: Install and Configure Kibana

Download and Install Kibana:

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.4-x86_64.rpm
rpm -ivh kibana-6.2.4-x86_64.rpm

Configure Kibana:

vi /etc/kibana/kibana.yml

Set the following values:

server.port: 5601
server.host: "[Your_Server_IP]"
elasticsearch.url: "http://localhost:9200"

Enable and Start Kibana:

systemctl enable kibana
systemctl start kibana

Open Firewall Port:

sudo firewall-cmd --add-port=5601/tcp --permanent
sudo firewall-cmd --reload

Step 4: Set Up Nginx as a Reverse Proxy (Optional but Recommended)

Install NGINX and Utilities:

Refer to this guide for basic NGINX installation.

yum install httpd-tools

Create NGINX Virtual Host:

vi /etc/nginx/conf.d/your-domain-or-ip.conf

Example config:

server {
listen 80;
server_name your-server-ip;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Create Authentication File:

sudo htpasswd -c /etc/nginx/htpasswd.kibana admin

Restart NGINX:

systemctl restart nginx

Step 5: Install and Configure Logstash

Download and Install:

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm

rpm -ivh logstash-6.2.4.rpm

Enable and Start Logstash:

systemctl restart logstash

systemctl enable logstash

Step 6: Access Kibana

After completing all steps, open your browser and navigate to:

http://[Your_Server_IP]:5601

Example:

http://123.234.123.234:5601

You’re now ready to start exploring and visualizing your data with Kibana!

Need help with data pipelines or dashboards? Explore more ELK Stack tutorials on our site