After you install Logstash, you can optionally obtain and install X-Pack. For more information about how to obtain X-Pack, see https://www.elastic.co/products/x-pack.
To use X-Pack you need:
You must install X-Pack on Elasticsearch, Kibana, and Logstash, using the version of X-Pack that matches of the version the product. See the Elastic Support Matrix for more information about product compatibility.
If you are installing X-Pack for the first time on an existing cluster, you must perform a full cluster restart. Installing X-Pack enables security and security must be enabled on ALL nodes in a cluster for the cluster to operate correctly. When upgrading you can usually perform a rolling upgrade.
The following diagram provides an overview of the steps that are required to set up X-Pack on Logstash:
To install X-Pack on Logstash:
- Install X-Pack on Elasticsearch.
- Install X-Pack on Kibana.
Optional: If you want to install X-Pack on a machine that doesn’t have internet access:
Manually download the X-Pack zip file:
The plugins for Elasticsearch, Kibana, and Logstash are included in the same zip file. If you have already downloaded this file to install X-Pack on one of those other products, you can reuse the same file.
- Transfer the zip file to a temporary directory on the offline machine. (Do NOT put the file in the Elasticsearch plugins directory.)
bin/logstash-plugin installfrom the Logstash installation directory.
bin/logstash-plugin install x-pack
The plugin install scripts require direct internet access to download and install X-Pack. If your server doesn’t have internet access, specify the location of the X-Pack zip file that you downloaded to a temporary directory.
bin/logstash-plugin install file:///path/to/file/x-pack-6.0.1.zip
Update Logstash to use the new password for the built-in
logstash_systemuser, which you set up along with the other built-in users when you installed X-Pack on Elasticsearch. You must configure the
xpack.monitoring.elasticsearch.passwordsetting in the
logstash.ymlconfiguration file with the new password for the
xpack.monitoring.elasticsearch.username: logstash_system xpack.monitoring.elasticsearch.password: logstashpassword
For more information, see Setting Up User Authentication.
- Configure and start Logstash.