How to Setup ELK Stack Fleet Server

In this tutorial, you will learn how to setup ELK stack Fleet server. Recent versions of Elastic Stack now ships with Fleet, a web-based UI in Kibana for centrally managing Elastic Agents. Elastic agents provides “a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more.

Fleet Server on the other hand is a component of Elastic stack that connects Elastic Agents to Fleet itself.

How to Setup ELK Stack Fleet Server

So, how can you setup ELK stack Fleet server?

To begin with, there are different deployment options for setting up ELK stack Fleet server;

  • Provision Fleet Server on Elastic Cloud as part of the hosted Elasticsearch Service.
  • Deploy Fleet Server on-premises to work with Elasticsearch running on-premises.
  • Deploy Fleet Server on-premises to work with a hosted Elasticsearch Service.

Our ELK stack is self-managed and this we are using the second option in this guide.

Also note that we are running a single node Elastic stack 8.5.

Install ELK Stack 8 on Ubuntu 22.04/Ubuntu 20.04

Thus, to setup ELK Stack Fleet Server;

Add Fleet Server and Elasticsearch hosts to your stack

In this guide, we are setting up Fleet server on the same node as ELK stack.

Thus, to add Fleet server;

  • Login to Kibana UI and navigate to Management menu > Fleet.
How to Setup ELK Stack Fleet Server
  • Under Fleet interface, click settings.
How to Setup ELK Stack Fleet Server
  • Under Fleet server hosts, you need to define the URLs that your agents will use to connect to a Fleet Server. Thus, click Edit hosts and enter the URL of your would be Fleet server. For self-managed clusters, Fleet server is exposed on port 8220/tcp.
  • In the Fleet server host url below, https://192.168.56.124:8220, 192.168.56.124 is our ELK stack server IP.
How to Setup ELK Stack Fleet Server
  • Click Save and Apply settings.
  • We will leave the default ES output settings.
  • The settings now look like;
How to Setup ELK Stack Fleet Server

Install Fleet Server Elastic Agent on your central host

Next, you need to install Fleet server Elastic agent on your central host server.

Hence;

  • Navigate to Agents tab.
  • You will see two deployment options, Quick Start and Advanced.
  • In this demo, we will deploy Fleet server agent using the Advanced method.
  • Thus;
    • Define the name of the policy and click Create policy to create a policy for Fleet Server. Enable system integration to collect system logs and metrics. You can also click on Advanced settings drop down to see more configuration options.
    • Once the agent policy is created, choose a deployment mode for security. You can choose to deploy Fleet server with self-signed ssl certs (Quick start method) or deploy it with your custom commercial certs (Production). We will use quick start method in this demo.
    • Define your Fleet Server host/port and click Add host.
    • Generate a service token to grant Fleet Server permissions to write to Elasticsearch.
    • Install Fleet Server to a centralized host. It is recommended to install Fleet server on Linux using Linux Tar method over RPM/DEB files. Thus, copy the Linux Tar method commands and execute on the ELK stack server to deploy Fleet server agent.
How to Setup ELK Stack Fleet Server

Installing the Fleet server Elastic agent on my ELK stack node;

  • Download the Elastic agent tarball;
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.5.2-linux-x86_64.tar.gz
  • Extract the Elastic agent tarball;
tar xzvf elastic-agent-8.5.2-linux-x86_64.tar.gz
  • Navigate to the extracted Elastic agent directory and run the installation.
cd elastic-agent-8.5.2-linux-x86_64
sudo ./elastic-agent install \
  --fleet-server-es=https://192.168.56.124:9200 \
  --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NzA5OTUzNjg0NTI6OWF5NjBXY3lUZzZacWZ5NjYtZlFYdw \
  --fleet-server-policy=fleet-server-policy \
  --fleet-server-es-ca-trusted-fingerprint=2959316a1f622892eb4d5e68d61fdf9df47bd4a1cbc62157328f790dc9dde708
  • Once the installation command runs, you will be prompted to confirm the installation path and whether to run the agent as a service.
Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]: Y
  • Confirm and proceed with installation.
  • Sample installation command
{"log.level":"info","@timestamp":"2022-12-14T05:47:57.587Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":403},"message":"Generating self-signed certificate for Fleet Server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-12-14T05:48:06.986Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":773},"message":"Fleet Server - Running on policy with Fleet Server integration: fleet-server-policy; missing config fleet.agent.id (expected during bootstrap process)","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-12-14T05:48:07.723Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":471},"message":"Starting enrollment to URL: https://elk.itnixpro.com:8220/","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-12-14T05:48:08.798Z","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":273},"message":"Successfully triggered restart on running Elastic Agent.","ecs.version":"1.6.0"}
Successfully enrolled the Elastic Agent.
Elastic Agent has been successfully installed.

Go back to Kibana interface and confirm that the Fleet server is connected.

Setup ELK Stack Fleet Server

On the agent tabs, you can also see the server is added, up and running.

Setup ELK Stack Fleet Server

Click on the host agent name to view more details and even the logs collected from the server;

How to Setup ELK Stack Fleet Server
Sample logs;
How to Setup ELK Stack Fleet Server

Agent dashboards;

How to Setup ELK Stack Fleet Server

And that is it.

That is how you can easily setup ELK stack Fleet server. You can now proceed to install and enroll Elastic agents on your remote end points for system logs and metrics collection.

Other Tutorials

Create Data Map Visualization in Kibana

Monitor HAProxy Logs with ELK Stack

Setup Nagios Passive Checks with NRDP

Founder of itnixpro.com|Linux Engineer|Author at Itnixpro.com

Leave a Comment