Elastic and Kibana Install (Windows)

This goes through the steps to set up a single node Elasticsearch cluster and an instance of Kibana.

If you are setting up a production environment, then you will want to set up an Elasticsearch cluster. More information on this can be found on the Elasticsearch website.

Prerequisites

• Download Elasticsearch.

  • Check the version needed for the Aiimi Insight Engine you are deploying in the release notes for your distribution.

• Download Kibana.

  • Check the version needed for the Aiimi Insight Engine you are deploying in the release notes for your distribution.

• Obtain your XPack Elasticsearch licence (or you can enable a trial).

• Download NSSM to run Kibana as a service.

Folder Structure Set Up

A specific folder structure is needed for the installation of Elasticsearch and Kibana. You can create this structure manually or using a PowerShell query.

PowerShell

• Run the following script in an Admin powerShell.

mkdir C:\Apps;
mkdir C:\InsightMaker;
mkdir Text input;
mkdir C:\Utils

Manual

• In your chosen file location create an Apps, InsightMaker, Upgrades and Utils folder.

Download Software

• Download the InsightMaker zip file from our GitHub area. If you do not have access to this contact your Aiimi contact.

• Run the following script within an Admin PowerShell to download redistributable and dotnet bundle.

Start-BitsTransfer -Source "https://nssm.cc/release/nssm-2.24.zip" -destination "Text input";
Start-BitsTransfer -Source "https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.9/npp.8.4.9.Installer.x64.exe" -destination "Text input";
Start-BitsTransfer -Source "https://www.7-zip.org/a/7z2201-x64.exe" -destination "Text input";
Start-BitsTransfer -Source "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.3-windows-x86_64.zip" -destination "Text input";
Start-BitsTransfer -Source "https://artifacts.elastic.co/downloads/kibana/kibana-8.14.3-windows-x86_64.zip" -destination "Text input"

Extract Software

Next the Elastic, Kibana, nssm and Insightmaker zip files need to be extracted.

PowerShell

• Run the following script in an Admin powerShell.

Expand-Archive -Force Text input\elasticsearch-8.14.3-windows-x86_64.zip C:\Apps;
Expand-Archive -Force Text input\Kibana-8.14.3-windows-x86_64.zip C:\Apps;
Expand-Archive -Force Text input\nssm-2.24.zip C:\Utils;
Expand-Archive -Force Text input\insightmaker-windows.zip C:\Insightmaker

Manual

• ElasticSearch - Extract the Elasticsearch download into the Apps folder created earlier.

• Kibana - Extract the Kibana download into the Apps folder created earlier.

• nssm - Extract the nssm download into the Utils folder created earlier.

• Insight Maker - Extract the Insight Maker download into the Insight Maker folder created earlier.

Elastic Configuration

• The configurations within the Elastic config file needs to be updated.

$Filename = "C:\Apps\elasticsearch-8.14.3\config\elasticsearch.yml";
((Get-Content -path $Filename -Raw) -replace '#cluster.name: my-application','cluster.name: Text input') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#node.name:','node.name:') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#path.data: /path/to/data','path.data: C:\Apps\Data') | Set-Content -Path $Filename;
((Get-Content -path $Filename  -Raw) -replace '#path.logs: /path/to/logs','path.logs: C:\tmp\logs') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#network.host: 192.168.0.1','network.host: 0.0.0.0') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#discovery.seed_hosts:','discovery.seed_hosts:') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace 'host1','0.0.0.0') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace ', "host2"','') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#cluster.initial_master_nodes:','cluster.initial_master_nodes:') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace ', "node-2"]',']')  | Set-Content -Path $Filename

Install Elastic

Elastic needs to be installed as a service and this can be done with a PowerShell script.

• Run the following PowerShell script.

cd C:\Apps\elasticsearch-8.14.3;
.\bin\elasticsearch.bat 

• Don't close the PowerShell when this script has finished.

• This will return the password for Elastic. Ensure you make a note of this password for future use.

• Open your web browser and navigate to https://localhost:9200 to test if the install has worked.

Install Kibana

• Open a new PowerShell window and run the following Script.

cd C:\Apps\kibana-8.14.3\bin;
.\kibana.bat

• Once this has completed, copy the URL into your browser.

• Copy the token from the Elastic PowerShell window and paste it into the Enrollment token in the Kibana session.

• Select Configure Elastic.

  • The configuration may not complete at this point. That's not an issue at this point.

• Open a web browser and navigate to https://localhost:5601.

• Use your elastic credentials to login.

Update Elastic License

• Copy the text of you Elastic license into a Notepad++ file.

• Save this file as license.json

• Within https://localhost:5601 navigate to the Management tab on the left and open the Elastic License Management.

• Upload the license.json file to Kibana via the license manager.

  • It is normal for this to cause Kibana to throw an access error. If it doesn't, check that Elastic hasn't been installed before in 'Programs and Features' (and remove it if it's present).

Create Elastic Certificate

• Open another new PowerShell as an Admin.

  • This will be the third PowerShell you have open.

• Run the following PowerShell script.

cd C:\Apps\elasticsearch-8.14.3\bin;
.\elasticsearch-certutil ca

• When prompted for an output file press the Enter key.

• When prompted for the Ca password enter a secure password.

• Run the following PowerShell Script to create the certificate.

./elasticsearch-certutil cert -ca C:\Apps\elasticsearch-8.14.3\elastic-stack-ca.p12;

• When prompted enter the Ca password.

• When prompted for an output file press the Enter key.

• When prompted enter the Cert password.

Copy Certificates

You need to create a new certs folder and copy the certs to that folder.

• Run the following Script.

mkdir C:\Apps\elasticsearch-8.14.3\config\certs;
mkdir C:\Apps\certs;

copy-item C:\Apps\elasticsearch-8.14.3\*.p12 -Destination C:\Apps\certs

move C:\Apps\elasticsearch-8.14.3\*.p12 C:\Apps\elasticsearch-8.14.3\config\certs

Elastic SSL Configuration

There are a number of configurations that need to be changed to add xpack security.

• Run the following script to make these changes automatically.

$Filename="C:\Apps\elasticsearch-8.14.3\config\elasticsearch.yml";

((Get-Content -path $Filename -Raw) -replace 'http.p12','elastic-certificates.p12') | Set-Content -Path $Filename

((Get-Content -path $Filename -Raw) -replace 'transport.p12','elastic-certificates.p12') | Set-Content -Path $Filename;

((Get-Content -path $Filename -Raw) -replace '#action.destructive_requires_name: false','action.destructive_requires_name: true') | Set-Content -Path $Filename;

(Get-Content -path $Filename) | ? {$_.trim() -ne "" } | set-content $Filename

Elastic Keystore Setup

Run the following scripts one by one.

• Run the following.

cd C:\Apps\elasticsearch-8.14.3\bin;
.\elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

• When prompted enter the Certificate password.

• Run the following.

.\elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

• When prompted enter the Certificate password.

• Run the following.

.\elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

• When prompted enter the Certificate password.

• Run the following.

.\elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password

• When prompted enter the Certificate password.

Kibana SSL Configuration

• Run the following PowerShell script to update the Kibana yml file.

$Filename="C:\Apps\Kibana-8.14.3\config\kibana.yml";

((Get-Content -path $Filename -Raw) -replace '#elasticsearch.ssl.verificationMode: full','elasticsearch.ssl.verificationMode: none') | Set-Content -Path $Filename

• You can now close the Elastic and Kibanad PowerShel consoles.

• Within each console select ctrl + c.

• It will then confirm if you want to terminate the session. Enter Y to confirm.

Install Elastic Service

• Run the following command in PowerShell to install the Elastic Service.

C:\Apps\elasticsearch-8.14.3\bin\elasticsearch-service.bat install

• Run the following command to start the elastic service.

C:\Apps\elasticsearch-8.14.3\bin\elasticsearch-service.bat start

• Open your web browser and navigate to https://localhost:9200.

  • This may take a few minutes to load for the first time.

• Login using the elastic credentials.

Install Kibana Service

• Run the following command in PowerShell to install the Kibana Service.

C:\Utils\nssm-2.24\win64\nssm.exe install insightmakerkibana

• Run the following command in PowerShell to start the Kibana service.

C:\Utils\nssm-2.24\win64\nssm.exe start "insightmakerkibana"

• Open your web browser and navigate to https://localhost:5601.

  • This may take a few minutes to load for the first time.

• Login using the elastic credentials.