Installing X-Pack in Logstash

Installing X-Pack in Logstash

After you install Logstash, you can optionally obtain and install X-Pack. For more information about how to obtain X-Pack, see https://www.elastic.co/products/x-pack.

To use X-Pack you need:

You must install X-Pack on Elasticsearch, Kibana, and Logstash, using the version of X-Pack that matches of the version the product. See the Elastic Support Matrix for more information about product compatibility.

If you are installing X-Pack for the first time on an existing cluster, you must perform a full cluster restart. Installing X-Pack enables security and security must be enabled on ALL nodes in a cluster for the cluster to operate correctly. When upgrading you can usually perform a rolling upgrade.

The following diagram provides an overview of the steps that are required to set up X-Pack on Logstash:

Installation overview on Logstash

To install X-Pack on Logstash:

  1. Install X-Pack on Elasticsearch.
  2. Install X-Pack on Kibana.
  3. Optional: If you want to install X-Pack on a machine that doesn’t have internet access:

    1. Manually download the X-Pack zip file: https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.0.1.zip (sha512)

      The plugins for Elasticsearch, Kibana, and Logstash are included in the same zip file. If you have already downloaded this file to install X-Pack on one of those other products, you can reuse the same file.

    2. Transfer the zip file to a temporary directory on the offline machine. (Do NOT put the file in the Elasticsearch plugins directory.)
  4. Run bin/logstash-plugin install from the Logstash installation directory.

    bin/logstash-plugin install x-pack

    The plugin install scripts require direct internet access to download and install X-Pack. If your server doesn’t have internet access, specify the location of the X-Pack zip file that you downloaded to a temporary directory.

    bin/logstash-plugin install file:///path/to/file/x-pack-6.0.1.zip
  5. Update Logstash to use the new password for the built-in logstash_system user, which you set up along with the other built-in users when you installed X-Pack on Elasticsearch. You must configure the xpack.monitoring.elasticsearch.password setting in the logstash.yml configuration file with the new password for the logstash_system user.

    xpack.monitoring.elasticsearch.username: logstash_system
    xpack.monitoring.elasticsearch.password: logstashpassword

    For more information, see Setting Up User Authentication.

  6. Configure and start Logstash.