====== Install Kibana ======

First, make sure that all of the latest patches are installed.

<code bash>
sudo apt update
sudo apt dist-upgrade
sudo reboot
</code>

Configure Firewall:<code bash>
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
</code>

Install [[linux:install:java]]

Add the Elastic Search Key and Software:<code bash>
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

cat > /tmp/elastic-7.x.list << EOF
deb https://artifacts.elastic.co/packages/7.x/apt stable main
EOF
 
sudo mv /tmp/elastic-7.x.list /etc/apt/sources.list.d/

sudo apt-get update

sudo apt-get install kibana
</code>

Configure the Kibana configuration:<code bash>
sudo sed -i 's/#server.name: "your-hostname"/server.name: "kibana-1"/g'  /etc/kibana/kibana.yml
</code>
If you are going to use Kibana with an Elasticsearch cluster, skip the next line since it will be configured below...<code bash>
sudo sed -i 's|#elasticsearch.hosts: \["http://localhost:9200"\]|elasticsearch.hosts: \["http://elasticsearch.contoso.com:9200"\]|g' /etc/kibana/kibana.yml
</code>

Start Kibana, configure it to automatically start:<code bash>
sudo service kibana start

sudo systemctl enable kibana
</code>

[[linux:nginx:start|Install NGINX Web Server]]

Set up the reverse proxy to serve the Kibana UI:<code bash>
cat > /tmp/kibana << EOF
server {
    listen 80;

    location / {
        proxy_pass http://127.0.0.1:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host \$host;
        proxy_cache_bypass \$http_upgrade;        
    }
}
EOF

sudo mv /tmp/kibana /etc/nginx/sites-available/
 
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
 
sudo service nginx reload
</code>

===== Using With An Elasticsearch Cluster =====

You'll need to set-up the Elasticsearch software on the Kibana server using the "client" role and the Elasticsearch cluster name.

[[linux:elk:elasticsearch]] but do not start the service.

Configure the Kibana node as a Coordinating-only node. In elasticsearch.yml, set node.data, node.master and node.ingest to false:<code bash>
echo "node.master: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
echo "node.data: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
echo "node.ingest: false" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
</code>

Configure the client node to listen only on the loopback device:<code bash>
sudo sed -i 's/network.host: [_eth0_, _local_]/network.host: [_local_]/g' /etc/elasticsearch/elasticsearch.yml
</code>

<code bash>
sudo sed -i 's/#elasticsearch.url: "http://localhost:9200"/elasticsearch.url: "http://localhost:9200"/g'  /etc/kibana/kibana.yml
</code>