Install Humio
We recommend installing Humio on Ubuntu, at least version 18.04. We also
recommend that you first install
Zookeeper and
Kafka Usage & Installation on your server. You will also need
to make sure your server is up-to-date, if you haven't already. You can
do this with apt-get
like so:
apt-get update
apt-get upgrade
Once you've ensured your server is up-to-date, installed Kafka and Zookeeper, you'll need to do some Humio specific preparations.
Humio User & Directories
First, you'll need to create a non-administrative user named,
humio
to run Humio software in the backgorund. You
can do this by executing the following from the command-line:
adduser humio --shell=/bin/false --no-create-home --system --group
You should add this user to the DenyUsers
section
of your nodes /etc/ssh/sshd_config
file to
prevent it from being able to ssh or sftp into the node. Remember to
restart the sshd
daemon after making the change.
Once the system has finished updating and the user has been created,
you can install Kafka.
Next, create the Humio system directories and give the
humio
user ownership of them:
mkdir -p /opt/humio /etc/humio/filebeat /var/log/humio /var/humio/data
chown humio:humio /opt/humio /etc/humio/filebeat
chown humio:humio /var/log/humio /var/humio/data
Humio Software
You're now ready to download and install Humio's software. You should
go to the Humio directory and use wget
to download
the Humio Java Archive. You can do this from the command-line like so:
cd /opt/humio/
wget https://repo.humio.com/repository/maven-releases/com/humio/server/x.x.x/server-x.x.x.jar
ln -s /opt/humio/server-x.x.x.jar /opt/humio/server.jar
The second to last line here is used to download latest release from https://repo.humio.com/service/rest/repository/browse/maven-releases/com/humio/server/. You'll have to adjust that line for the correct directory and file name, based on the version at the time. After you've downloaded it, enter the last line here to create a symbolic link to it.
Configuration
Using a simple text editor, create the Humio configuration file,
server.conf
in the /etc/humio
directory. There are a few environment variables you will need to
enter in this configuration file in order to run Humio on a single
server or instance. Below are those basic settings:
BOOTSTRAP_HOST_ID=1
DIRECTORY=/var/humio/data
HUMIO_AUDITLOG_DIR=/var/log/humio
HUMIO_DEBUGLOG_DIR=/var/log/humio
HUMIO_PORT=8080
ELASTIC_PORT=9200
ZOOKEEPER_URL=127.0.0.1:2181
KAFKA_SERVERS=127.0.0.1:9092
EXTERNAL_URL=http://127.0.0.1:8080
PUBLIC_URL=http://127.0.0.1
HUMIO_SOCKET_BIND=0.0.0.0
HUMIO_HTTP_BIND=0.0.0.0
You could copy these lines into the server.conf
file. If you're intending to use this single server as the first node
of a cluster, you'll have to change the IP addresses from
127.0.0.1
to the IP addresses of the server. When
you replicate it to each node, these IP addresses will have to be
adjust for each node. See the Cluster Setup
documentation page for more information on this.
For more information on each of the environment variables, see the Environment Variables reference page.
Setting Up a Service
Next you should set up a service file. Using a simple text editor,
create a file named, humio.service
in the
/etc/systemd/system/
sub-directory. Add these
lines to that file:
[Unit]
Description=Humio service
After=network.service
[Service]
Type=notify
Restart=on-abnormal
User=humio
Group=humio
LimitNOFILE=250000:250000
EnvironmentFile=/etc/humio/server.conf
WorkingDirectory=/var/humio
ExecStart=/usr/bin/java -server -XX:+UseParallelOldGC -Xms4G -Xmx32G -XX:MaxDirectMemorySize=8G -Xss2M --add-exports java.base/jdk.internal.util=ALL-UNNAMED -XX:CompileCommand=dontinline,com/humio/util/HotspotUtilsJ.dontInline -Xlog:gc*,gc+jni=debug:file=/var/log/humio/gc_humio.log:time,tags:filecount=5,filesize=102400 -Dhumio.auditlog.dir=/var/log/humio -Dhumio.debuglog.dir=/var/log/humio -jar /opt/humio/server.jar
[Install]
WantedBy=default.target
Humio Ownership & Starting
You will need to change the ownership of the Humio files and start the Humio service. To change the ownership, execute the following two lines from the command-line:
chown -R humio:humio /opt/humio /etc/humio/filebeat
chown -R humio:humio /var/log/humio /var/humio/data
You're ready to start Humio. Do so with the systemctl utility like so:
systemctl start humio
Just to be sure Humio is running and everything is fine, check it with the journalctl tool. You can do this by entering the following from the command-line:
journalctl -fu humio
If there are no errors, open a web browser and enter the domain name
or IP address with port 8080
. For example, you
would enter something like http://example.com:8080
in the browser's address field.