Introduction

Elasticsearch is a platform used for real-time full-text searches in applications where a large amount of data needs to be analyzed. In combination with other tools, such as Kibana, Logstash, X-Pack, etc., Elasticsearch can aggregate and monitor Big Data at a massive scale.

With its RESTful API support, you can easily manage your data using the common HTTP method. Due to its speed and ease of use, it also became suitable for more complex tasks that Hadoop and Spark handle.

In this tutorial, we will show you how to get everything ready and how to install Elasticsearch on Ubuntu 18.04. The installation steps should work for other Linux distributions as well.

How to install Elasticsearch on Ubuntu.

Prerequisites

  • An Ubuntu-based system (this guide uses Ubuntu 18.04)
  • Access to a terminal or command line
  • A user with sudo permissions to install the packages

Install Necessary Dependencies

Since Elasticsearch runs on top of Java, you need to install the Java Development Kit (JDK).

You can check if you already have Java installed on your Ubuntu machine with:

java -version

The output displays the installed version of Java.

If you do not have Java installed, you will get the standard bash message: bash: /usr/bin/java: No such file or directory.

Before continuing with the installation, update the package index:

sudo apt update

To install default JDK, run the following command:

sudo apt install openjdk-8-jdk

Command for installing install default JDK 8 package in Ubuntu required for Elasticsearch.

When the process finishes, run the java -version command again. The output shows the following version in our case:

Terminal showing the output for the java version command.

To allow access to your repositories via HTTPS, you need to install an APT transport package:

sudo apt install apt-transport-https

The output when installing APT transport package.

The output above shows the final part when the process completes.

Install and Download Elasticsearch on Ubuntu

After you confirm Java and apt-transport-https installed successfully, proceed with steps to install Elasticsearch.

Add Elasticsearch Repository

First, update the GPG key for the Elasticsearch repository.

Use the wget command to pull the public key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Adding GPG key in the terminal before installing Elasticsearch.

The output should display OK if everything went as it should.


Note: You need to type the above command exactly as it is written in the example. Make sure you use uppercase letters and spaces appropriately. Also, do not forget to add a dash at the end of the command.


Next, use this command to add the repository to your system.

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

In the command above, we used 7.x since this is the latest Elasticsearch version at the time of writing this guide.

Install Elasticsearch

Finally, it is time to install Elasticsearch.

Update the package index one more time before proceeding.

sudo apt update

Then, run the installation:

sudo apt install elasticsearch

The package is around 300MB. Let the system download the archive and finish the installation.

Terminal output when installing Elasticsearch.

Start Elasticsearch Service

Once the installation is finished, Elasticsearch does not run until you start it. Also, when you reboot the machine, you need to rerun the Elasticsearch service as it does not start automatically.

To have Elasticsearch automatically reload when the system restarts, use the following commands:

First, reload the systemd configuration:

sudo systemctl daemon-reload

Then, enable the Elasticsearch service with:

sudo systemctl enable elasticsearch.service

The terminal output when enabling Elasticsearch service in Ubuntu.

And finally, after the service is enabled, start Elasticsearch:

sudo systemctl start elasticsearch.service

Let the process complete. It may take a few moments. There will be no specific response from the terminal.

Now, Elasticsearch will start every time you turn on or reboot the system.

If you make changes to configuration files, or need to restart Elasticsearch for any reason, use:

sudo systemctl restart elasticsearch.service

When you need to stop the service, use the following command:

sudo systemctl stop elasticsearch.service

Check Elasticsearch Status

Once you finish using the commands to start, restart, and stop Elasticsearch, you can also check the status of the service.

To do so, enter:

service elasticsearch status

Checking the Elasticsearch status in the terminal.

The output shows the status of the service, tasks, and other information.

Configure Elasticsearch

Elasticsearch comes preconfigured for basic usage. If you use only one node in your setup, you do not have to reconfigure the tool too much.

To make changes to the default Elasticsearch configuration, edit the elasticsearch.yml file. The file is located in the /etc/elasticsearch directory.

The configuration for logging is located in the /var/log/elasticsearch/logging.yml file. You can leave the defaults for logging for now and come back to it later if needed.


Note: any time you make a change to the Elasticsearch configuration, use the sudo systemctl restart elasticsearch.service command to restart the service.


Allow Remote Access

The default configuration does not allow your machine to be accessed by other hosts. To allow remote access, use a text editor of your choice and open the elasticsearch.yml file.

We will use vim:

sudo vim /etc/elasticsearch/elasticsearch.yml

Scroll down to the Network section. Find the line that says #network.host.

Uncomment the line (remove the pound (#) sign), set the IP address to 0.0.0.0, and add these lines:

transport.host: localhost

transport.tcp.port: 9300

http.port: 9200

The section should look like this:

Adding host information to the elasticsearch.yml file using the terminal and vim editor.

Exit and save changes. If working in vim, type :wq.

This configuration enables remote hosts to access this machine.


Note: Make sure to add all the lines we listed above. If you only set network.host to 0.0.0.0, you may be unable to restart the Elasticsearch service after this change.


Use UFW to Secure Elasticsearch (Optional)

If you allow remote access to Elasticsearch, then we strongly advise using the UFW tool, as a minimum security measure.

The Uncomplicated Firewall (UFW) is built into Linux and disabled by default. Enable UFW and create a few rules to limit the exposure of your network.

Before enabling UFW, add the necessary rules. For remote access over SSH, you need to allow access on port 22 (or the custom port if you changed the default SSH configuration).

In the terminal, type in:

sudo ufw allow 22

Then, you need to allow access on port 9200 for your remote machine. Elasticsearch listens on that port for incoming requests.

Create the rule with this command:

sudo ufw allow from external_IP to any port 9200

Change external_IP with the IP of the remote machine that will be used to access Elasticsearch.

Finally, enable the UFW tool:

sudo ufw enable

Here is the output example for the commands above:

Adding ufw rules using the terminal in Ubuntu.

To make sure you added the rules correctly, check the status of UFW.

sudo ufw status

This command shows both the status and the details of the rules you created.

Showing the ufw status in the terminal using the ufw status command.

Test Elasticsearch

Now that the Elasticsearch service is active, the machine is accessible remotely, and you enabled UFW, you can use curl to test if the tool works.

The default listening port for Elasticsearch is 9200. So, you can send an HTTP request on the localhost and see if you get a response.

To do so, enter:

curl localhost:9200

Running the curl command to test if Elasticsearch is active on Ubuntu.

The output should look similar to the one above. You will see the version information and other fields with the date, hash, etc.

Conclusion

This guide showed you how to install Elasticsearch on an Ubuntu 18.04 machine and how to verify that the service is up and running.

The tutorial provided the paths to the configuration files and how to set basic parameters to get you started with Elasticsearch.


Next you should also read