Free Guide

Deploying the ELK Stack the Right Way

An opinionated, 9-chapter guide to production-ready centralized logging on Rocky Linux 9.

This is a complete, free walkthrough for deploying the ELK stack on Rocky Linux 9 the way it should be done from the start — with a 3-node Elasticsearch cluster using transport TLS and built-in authentication, Kibana behind an Apache reverse proxy with SSL, Logstash accepting Beats and syslog input, Filebeat shipping system logs, ILM retention policies that keep your disks clean, and SELinux enforcing throughout.

Every step includes verification commands so you know it worked before moving on. By the end, you’ll have a production-ready centralized logging system that indexes logs from every host in your lab and lets you search them from a single Kibana dashboard.

9 Chapters

Table of Contents

  1. Chapter 1 Why This Guide Exists Why deploy ELK on Rocky Linux 9 instead of Elastic Cloud — what you get, what the official docs miss, and what you'll have when done.
  2. Chapter 2 Prerequisites & Architecture Understand the ELK stack deployment architecture on Rocky Linux 9, size your VMs for the workload, and confirm all prerequisites.
  3. Chapter 3 Elasticsearch Install Elasticsearch on all three nodes on Rocky Linux 9: cluster TLS, data path relocation, system tuning, and cluster verification.
  4. Chapter 4 Kibana Install Kibana, put it behind an Apache reverse proxy with SSL, configure the Elasticsearch connection with authentication, and verify dashboard access.
  5. Chapter 5 Logstash Install Logstash, tune the JVM for your available RAM, configure a pipeline that accepts Beats and syslog input, and verify data flows into Elasticsearch.
  6. Chapter 6 Filebeat Install Filebeat on your hosts, configure it to ship system logs to Logstash, work around the 9.x fileset trap, and verify logs flow into Elasticsearch.
  7. Chapter 7 Making It Real — ILM & Index Management Configure ILM policies, index templates, and log pipeline on Rocky Linux 9 — then verify your first logs appear in Kibana.
  8. Chapter 8 Gotchas & Troubleshooting Know where to look when things break, recognize the most common ELK failure modes, and fix them without spending hours on Stack Overflow.
  9. Chapter 9 Quick Reference File paths, ports, essential commands, Ansible variables, and vault variables for the entire ELK stack deployment — all in one place.

Want the automation code? Get the production-ready Ansible playbooks that deploy this entire ELK stack in ~20 minutes.

Get Playbooks — $29

Want this guide offline? Download all 9 chapters as a PDF and Markdown bundle — free.

Download Guide — Free

Newsletter

Never Miss a Guide

Get notified when new infrastructure guides and Ansible playbooks are published.

Follow on Payhip