Elasticsearch is a platform used for real-time full-text searches in applications where a large amount of data needs to be analyzed. In combination with other tools, such as Kibana, Logstash, X-Pack, etc., Elasticsearch can aggregate and monitor Big Data at a massive scale.
With its RESTful API support, you can easily manage your data using the common HTTP method. Due to its speed and ease of use, it also became suitable for more complex tasks that Hadoop and Spark handle.
In this tutorial, we will show you how to get everything ready and how to install Elasticsearch on Ubuntu 18.04. The installation steps should work for other Linux distributions as well.
- An Ubuntu-based system (this guide uses Ubuntu 18.04)
- Access to a terminal or command line
- A user with sudo permissions to install the packages
Install Necessary Dependencies
Since Elasticsearch runs on top of Java, you need to install the Java Development Kit (JDK).
You can check if Java is installed and the version on your Ubuntu machine with:
The output displays the installed version of Java.
If you do not have Java installed, you will get the standard bash message: bash: /usr/bin/java: No such file or directory. Remember that, beforehand, you have the option to use a bash command to check if a file or directory exists.
Before continuing with the installation, update the package index:
sudo apt update
To install default JDK, run the following command:
sudo apt install openjdk-8-jdk
When the process finishes, run the
java -version command again. The output shows the following version in our case:
To allow access to your repositories via HTTPS, you need to install an APT transport package:
sudo apt install apt-transport-https
The output above shows the final part when the process completes.
Install and Download Elasticsearch on Ubuntu
After you confirm Java and
apt-transport-https installed successfully, proceed with steps to install Elasticsearch.
Add Elasticsearch Repository
First, update the GPG key for the Elasticsearch repository.
wget command to pull the public key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
The output should display
OK if everything went as it should.
Note: You need to type the above command exactly as it is written in the example. Make sure you use uppercase letters and spaces appropriately. Also, do not forget to add a dash at the end of the command.
Next, use this command to add the repository to your system.
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
In the command above, we used 7.x since this is the latest Elasticsearch version at the time of writing this guide.
Finally, it is time to install Elasticsearch.
Update the package index one more time before proceeding.
sudo apt update
Then, run the installation:
sudo apt install elasticsearch
The package is around 300MB. Let the system download the archive and finish the installation.
Start Elasticsearch Service
Once the installation is finished, Elasticsearch does not run until you start it. Also, when you reboot the machine, you need to rerun the Elasticsearch service as it does not start automatically.
To have Elasticsearch automatically reload when the system restarts, use the following commands:
First, reload the systemd configuration:
sudo systemctl daemon-reload
Then, enable the Elasticsearch service with:
sudo systemctl enable elasticsearch.service
And finally, after the service is enabled, start Elasticsearch:
sudo systemctl start elasticsearch.service
Let the process complete. It may take a few moments. There will be no specific response from the terminal.
Now, Elasticsearch will start every time you turn on or reboot the system.
If you make changes to configuration files, or need to restart Elasticsearch for any reason, use:
sudo systemctl restart elasticsearch.service
When you need to stop the service, use the following command:
sudo systemctl stop elasticsearch.service
Note: Elasticsearch is just one component of the Elastic (ELK) stack. Follow our guide to install the ELK stack on Ubuntu.
Check Elasticsearch Status
Once you finish using the commands to start, restart, and stop Elasticsearch, you can also check the status of the service.
To do so, enter:
service elasticsearch status
The output shows the status of the service, tasks, and other information.
Elasticsearch comes preconfigured for basic usage. If you use only one node in your setup, you do not have to reconfigure the tool too much.
To make changes to the default Elasticsearch configuration, edit the elasticsearch.yml file. The file is located in the /etc/elasticsearch directory.
The configuration for logging is located in the /var/log/elasticsearch/logging.yml file. You can leave the defaults for logging for now and come back to it later if needed.
Note: any time you make a change to the Elasticsearch configuration, use the
sudo systemctl restart elasticsearch.service command to restart the service.
Allow Remote Access
The default configuration does not allow your machine to be accessed by other hosts. To allow remote access, use a text editor of your choice and open the elasticsearch.yml file.
We will use vim:
sudo vim /etc/elasticsearch/elasticsearch.yml
Scroll down to the Network section. Find the line that says
Uncomment the line (remove the pound (#) sign), set the IP address to
0.0.0.0, and add these lines:
transport.host: localhost transport.tcp.port: 9300 http.port: 9200
The section should look like this:
Exit and save changes. If working in vim, type
This configuration enables remote hosts to access this machine.
Note: Make sure to add all the lines we listed above. If you only set
network.host to 0.0.0.0, you may be unable to restart the Elasticsearch service after this change.
Use UFW to Secure Elasticsearch (Optional)
If you allow remote access to Elasticsearch, then we strongly advise using the UFW tool, as a minimum security measure.
The Uncomplicated Firewall (UFW) is built into Linux and disabled by default. Enable UFW and create a few rules to limit the exposure of your network.
Before enabling UFW, add the necessary rules. For remote access over SSH, you need to allow access on port 22 (or the custom port if you changed the default SSH configuration).
In the terminal, type in:
sudo ufw allow 22
Then, you need to allow access on port 9200 for your remote machine. Elasticsearch listens on that port for incoming requests.
Create the rule with this command:
sudo ufw allow from <em>external_IP</em> to any port 9200
external_IP with the IP of the remote machine that will be used to access Elasticsearch.
Finally, enable the UFW tool:
sudo ufw enable
Here is the output example for the commands above:
To make sure you added the rules correctly, check the status of UFW.
sudo ufw status
This command shows both the status and the details of the rules you created.
Now that the Elasticsearch service is active, the machine is accessible remotely, and you enabled UFW, you can use
curl to test if the tool works.
The default listening port for Elasticsearch is 9200. So, you can send an HTTP request on the localhost and see if you get a response.
To do so, enter:
The output should look similar to the one above. You will see the version information and other fields with the date, hash, etc.
This guide showed you how to install Elasticsearch on an Ubuntu 18.04 machine and how to verify that the service is up and running.
We provided the paths to the configuration files and how to set basic parameters to get you started with Elasticsearch. Read our comprehensive Elk Stack Tutorial to learn more.