How to install Elk on Windows

In the This guide I'll show that it's also possible to run Logstash on a Windows Server the and use IIS as Web Ser Ver. This guide probably requires some improvements and optimizations but it should give you a good example of what to set every Thing up.

Please, being aware that you'll probably has to configure Kibana in a different a-to-do everything look shi NY, and you'll probably has to use a different kind of the Logstash configuration to make things show as you would like. I am also aware that Logstash provides all-in-one pages that has ElasticSearch and Kibana built in, however I still feel Setting things up separately are more appropriate.

The config below is just meant to be a example to show this everything works just as fine on Windows as it does on Linux.

If you is interested in Linux then the A look at my other guide at:
http://blog.basefarm.com/blog/how-to-install-logstash-with-kibana-interface-on-rhel/

Now lets start with the guide!

Step 1: Download Logstash, Kibana and ElasticSearch.
Simpely go to "http://www.elasticsearch.org/overview/elkdownloads/"

Logstash:https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.zip
Kibana:https://download.elasticsearch.org/kibana/kibana/kibana-3.1.0.zip
Elasticsearch:https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.2.1.zip

Step 2: Extract All Packages
I created myself a folder called "Basefarm" in "c:\basefarm\" and extracted all folders there to make it easier.

So, for me it looks like this now:
C:\basefarm\elasticsearch
C:\basefarm\kibana
C:\basefarm\logstash

Step 3: Download the JDK version of Java and install it.
Go to the Java website:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
Accept the license and then download: "Windows x64 (Jdk-8u5-windows-x64.exe)" package.
Now install it!

Step 4: ADD the Java_home variable to the server
Now right click on "This PC" and choose "Properties" on the right bottom site next to your computer and full computer name Click on the change settings.
On the window This opens go to the Advanced tab and click on "Environment Variables".
At the bottom box called "System Variables" click on "New" and add the following:
Variable Name:java_home
Variable Value:c:\program files\java\jdk1.8.0_05

It should look like this:

Step 5: Download the required configuration files
Logstash.conf:https://github.com/sbagmeijer/ulyaoth/blob/master/guides/logstash/windows/logstash.conf

Place the This file in:
C:\basefarm\logstash\bin

Ulyaoth.json:
Https://raw.githubusercontent.com/sbagmeijer/ulyaoth/master/guides/logstash/kibana/dashboard/ulyaoth.json

Place the This file in:
C:\basefarm\kibana\app\dashboards

Rename "Ulyaoth.json" to "Basefarm.json" so you end up with "C:\basefarm\kibana\app\dashboards\basefarm.json".

Step 6: Configure Kibana & Logstash
Open the File:c:\basefarm\kibana\config.js

The following line:
Default_route: '/dashboard/file/default.json ',

To:
Default_route: '/dashboard/file/basefarm.json ',

Now open the File:c:\basefarm\kibana\app\dashboards\basefarm.json

The following line:
"title": "Ulyaoth:logstash Search",

To:
"title": "Basefarm:logstash Search",

Step 7: Install IIS
Go to "Server Manager" and choose "Add Roles and Features Wizard" from the list here choose "Web Server (IIS)" Now go Furt She and let it install.

Step 8: Open IIS Manager and Stop the "Default Web Site"
Just Press the Stop button like you see below in the picture:

Step 9: Create a new website for Kibana as shown below
Right click on "Sites" in the left part of the IIS Manager and click "Add Website".

Fill it in something like this:

It should automatically start.

Step Ten: Start Elasticsearch and put it on Auto-start
Open a console and go to "c:\basefarm\elasticsearch\bin\"
Now type the following command:
service install

You should see something like:

Now type the following:
service manager

You should see the Elasticsearch Service Manager:

You have a to change on the tab, the "Startup type" from Manual to Automatic and then press "Apply". This should make Elasticsearch start automatically on server boot.

This window contains some more options such as how much memory Elasticsearch would use. You can find this under the "Java" tab. I would suggest to make this fitfor your the server if you had a server that would handle a huge amount of logs. I would increase the "Maximum Memory pool:1024" at least to a higher amount.

Before you close the window make sure to press "Start" so it actually would run right now

This is everything to start ElasticSearch automatically on boot. To test the It is working, open a browser and go to this url:http://127.0.0.1:9200/

If you see a JSON string something-like-what-you-see below-in-the-picture then it's means it is running:

Step One: Start Logstash & Autostart It
For this step we need another small program to create a proper Windows service, so please go ahead and download "NSSM" (th E non-sucking Service Manager) from:http://nssm.cc/
http://nssm.cc/release/nssm-2.23.zip

Once you has the zip file simply unzip it and copy the file from the unzipped folder you now has: "Nssm-2.23\win64" (NSS M.exe) to ' C:\basefarm\logstash\bin ' so it should result in you have "C:\basefarm\logstash\bin\nssm.exe".

I know you technically does not have a to copy this file, but just to keep things clean and to has this available for any Futu Re use your never know.

Now open a Command Prompt and type:
cd C:\basefarm\logstash\bin

And then type the following:
nssm install logstash

You'll now see a GUI to create a server fill in the following:
Path:c:\basefarm\logstash\bin\logstash.bat
Startup Directory:c:\basefarm\logstash\bin
Arguments:agent-f c:/basefarm/logstash/bin/logstash.conf

It should look like this:

If all looks okay double check on the ' Details ' tab that ' Startup Type ' is set to ' Automatic ' and then press ' Install serv Ice ". This should is all-Logstash to automatically start on server boot.

If you wish to adjust the memory Logstash does use then simpely open the file "C:\basefarm\logstash\bin\logstash.bat" and The change the following-lines accordingly to the amount of memory you wish it to use:
[Code]
Set ls_min_mem=256m
Set ls_max_mem=1g
[/code]

Step: Edit your host file (optional)
This step I only does because I run everything on a test server with no Internet connection.

Open:c:\windows\system32\drivers\etc\hosts

Now add:
127.0.0.1 loghost.basefarm.com

and save the file.

Now reboot your server so can test this everything is automatically coming online.

This is any should that has the to do once the server are back online, and logstash up and running so just go:
http://loghost.basefarm.com/

And you should see:

As can see, your Kibana IIS logs is shipped now to the Logstash instance.

Just Remember, if you run this website over the Internet you probably need to make sure port 9200 are accessible but I Woul D restrict it to internal use only so Kibana can reach it and not the outside world.

If you want the logs from another server to your Loghost server I would suggest to has a look into a program called " Nxlog "(http://nxlog-ce.sourceforge.net/) This was a fairly simple by shipping logs to Lgstash and works perfect on Wnd oWS.

If you had any suggestions to improve this guide and feel free to or update the configs on GitHub or to provide m E The information so I can update the guide and help others!

I also would like to thank "Milo Bofacher" for pointing to "NSSM" and "Nxlog"!

How to install Elk on Windows