Elastic and Kibana Install (Windows)

This goes through the steps to set up a single node Elasticsearch cluster and an instance of Kibana.

If you are setting up a production environment, then you will want to set up an Elasticsearch cluster. More information on this can be found on the Elasticsearch website.

Folder Structure Set Up

A specific folder structure is needed for the installation of Elasticsearch and Kibana. You can create this structure manually or using a PowerShell query.

PowerShell

1. Run the following script in an Admin powerShell.

Check the version and storage location before running this script.

mkdir C:\Apps;
mkdir C:\InsightMaker;
mkdir Text input;
mkdir C:\Utils

Manual

In your chosen file location create an Apps, InsightMaker, Upgrades and Utils folder.

Download Software

1. Download the InsightMaker zip file from our GitHub area. If you do not have access to this contact your Aiimi contact.

2. Run the following script within an Admin PowerShell to download redistributable and dotnet bundle.

Check the version and storage location before running this script.

Start-BitsTransfer -Source "https://nssm.cc/release/nssm-2.24.zip" -destination "Text input";
Start-BitsTransfer -Source "https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.4.9/npp.8.4.9.Installer.x64.exe" -destination "Text input";
Start-BitsTransfer -Source "https://www.7-zip.org/a/7z2201-x64.exe" -destination "Text input";
Start-BitsTransfer -Source "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.3-windows-x86_64.zip" -destination "Text input";
Start-BitsTransfer -Source "https://artifacts.elastic.co/downloads/kibana/kibana-8.14.3-windows-x86_64.zip" -destination "Text input"

Extract Software

Next the Elastic, Kibana, nssm and Insightmaker zip files need to be extracted.

PowerShell

Run the following script in an Admin powerShell.

Check the version and storage location before running this script.

Expand-Archive -Force Text input\elasticsearch-8.14.3-windows-x86_64.zip C:\Apps;
Expand-Archive -Force Text input\Kibana-8.14.3-windows-x86_64.zip C:\Apps;
Expand-Archive -Force Text input\nssm-2.24.zip C:\Utils;
Expand-Archive -Force Text input\insightmaker-windows.zip C:\Insightmaker

Manual

1. ElasticSearch - Extract the Elasticsearch download into the Apps folder created earlier.

2. Kibana - Extract the Kibana download into the Apps folder created earlier.

3. nssm - Extract the nssm download into the Utils folder created earlier.

4. Insight Maker - Extract the Insight Maker download into the Insight Maker folder created earlier.

Elastic Configuration

The configurations within the Elastic config file needs to be updated.

Check the version and storage location before running this script.

$Filename = "C:\Apps\elasticsearch-8.14.3\config\elasticsearch.yml";
((Get-Content -path $Filename -Raw) -replace '#cluster.name: my-application','cluster.name: Text input') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#node.name:','node.name:') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#path.data: /path/to/data','path.data: C:\Apps\Data') | Set-Content -Path $Filename;
((Get-Content -path $Filename  -Raw) -replace '#path.logs: /path/to/logs','path.logs: C:\tmp\logs') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#network.host: 192.168.0.1','network.host: 0.0.0.0') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#discovery.seed_hosts:','discovery.seed_hosts:') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace 'host1','0.0.0.0') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace ', "host2"','') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace '#cluster.initial_master_nodes:','cluster.initial_master_nodes:') | Set-Content -Path $Filename;
((Get-Content -path $Filename -Raw) -replace ', "node-2"]',']')  | Set-Content -Path $Filename

Install Elastic

Elastic needs to be installed as a service and this can be done with a PowerShell script.

1. Run the following PowerShell script.

Check the version and storage location before running this script.

cd C:\Apps\elasticsearch-8.14.3;
.\bin\elasticsearch.bat 

1. Don't close the PowerShell when this script has finished.

2. This will return the password for Elastic. Ensure you make a note of this password for future use.

3. Open your web browser and navigate to https://localhost:9200 to test if the install has worked.

Install Kibana

1. Open a new PowerShell window and run the following Script.

Check the version and storage location before running this script.

cd C:\Apps\kibana-8.14.3\bin;
.\kibana.bat

1. Once this has completed, copy the URL into your browser.

2. Copy the token from the Elastic PowerShell window and paste it into the Enrollment token in the Kibana session.

3. Select Configure Elastic.

   • The configuration may not complete at this point. That's not an issue at this point.

4. Open a web browser and navigate to https://localhost:5601.

5. Use your elastic credentials to login.

Update Elastic License

1. Copy the text of you Elastic license into a Notepad++ file.

2. Save this file as license.json

3. Within https://localhost:5601 navigate to the Management tab on the left and open the Elastic License Management.

4. Upload the license.json file to Kibana via the license manager.

   • It is normal for this to cause Kibana to throw an access error. If it doesn't, check that Elastic hasn't been installed before in 'Programs and Features' (and remove it if it's present).

Create Elastic Certificate

1. Open another new PowerShell as an Admin.

   • This will be the third PowerShell you have open.

2. Run the following PowerShell script.

Check the versions and storage locations before running these scripts.

cd C:\Apps\elasticsearch-8.14.3\bin;
.\elasticsearch-certutil ca

1. When prompted for an output file press the Enter key.

2. When prompted for the Ca password enter a secure password.

3. Run the following PowerShell Script to create the certificate.

./elasticsearch-certutil cert -ca C:\Apps\elasticsearch-8.14.3\elastic-stack-ca.p12;

1. When prompted enter the Ca password.

2. When prompted for an output file press the Enter key.

3. When prompted enter the Cert password.

Copy Certificates

You need to create a new certs folder and copy the certs to that folder.

1. Run the following Script.

Check the version and storage location before running this script.

mkdir C:\Apps\elasticsearch-8.14.3\config\certs;
mkdir C:\Apps\certs;

copy-item C:\Apps\elasticsearch-8.14.3\*.p12 -Destination C:\Apps\certs

move C:\Apps\elasticsearch-8.14.3\*.p12 C:\Apps\elasticsearch-8.14.3\config\certs

Elastic SSL Configuration

There are a number of configurations that need to be changed to add xpack security.

1. Run the following script to make these changes automatically.

Check the version and storage location before running this script.

$Filename="C:\Apps\elasticsearch-8.14.3\config\elasticsearch.yml";

((Get-Content -path $Filename -Raw) -replace 'http.p12','elastic-certificates.p12') | Set-Content -Path $Filename

((Get-Content -path $Filename -Raw) -replace 'transport.p12','elastic-certificates.p12') | Set-Content -Path $Filename;

((Get-Content -path $Filename -Raw) -replace '#action.destructive_requires_name: false','action.destructive_requires_name: true') | Set-Content -Path $Filename;

(Get-Content -path $Filename) | ? {$_.trim() -ne "" } | set-content $Filename

Elastic Keystore Setup

Run the following scripts one by one.

Check the versions and storage locations before running these scripts.

1. Run the following.

cd C:\Apps\elasticsearch-8.14.3\bin;
.\elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

1. When prompted enter the Certificate password.

2. Run the following.

.\elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

1. When prompted enter the Certificate password.

2. Run the following.

.\elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

1. When prompted enter the Certificate password.

2. Run the following.

.\elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password

1. When prompted enter the Certificate password.

Kibana SSL Configuration

1. Run the following PowerShell script to update the Kibana yml file.

Check the versions and storage locations before running these scripts.

$Filename="C:\Apps\Kibana-8.14.3\config\kibana.yml";

((Get-Content -path $Filename -Raw) -replace '#elasticsearch.ssl.verificationMode: full','elasticsearch.ssl.verificationMode: none') | Set-Content -Path $Filename

You can now close the Elastic and Kibanad PowerShel consoles.

1. Within each console select ctrl + c.

2. It will then confirm if you want to terminate the session. Enter Y to confirm.

Install Elastic Service

Check the versions and storage locations before running these scripts.

1. Run the following command in PowerShell to install the Elastic Service.

C:\Apps\elasticsearch-8.14.3\bin\elasticsearch-service.bat install

1. Run the following command to start the elastic service.

C:\Apps\elasticsearch-8.14.3\bin\elasticsearch-service.bat start

1. Open your web browser and navigate to https://localhost:9200.

   • This may take a few minutes to load for the first time.

2. Login using the elastic credentials.

Install Kibana Service

Check the versions and storage locations before running these scripts.

1. Run the following command in PowerShell to install the Kibana Service.

C:\Utils\nssm-2.24\win64\nssm.exe install insightmakerkibana

1. Run the following command in PowerShell to start the Kibana service.

C:\Utils\nssm-2.24\win64\nssm.exe start "insightmakerkibana"

1. Open your web browser and navigate to https://localhost:5601.

   • This may take a few minutes to load for the first time.

2. Login using the elastic credentials.