Install Elasticsearch on CentOS 7 / Ubuntu 14.10 / Linux Mint 17.1

ElasticSearch Logo

Elasticsearch is an enterprise level open source search server based on Apache Lucene, it offers a real-time distributed search and analytics with a RESTful web interface and schema-free JSON documents. Elasticsearech is developed in java and is released under Apache License, currently it is ranked second in most popular enterprise search engine, behind Apace Solr.

This guide will help you to install Elasticsearch on CentOS 7 / Ubuntu 14.10 / Linux Mint 17.1.


As said earlier, Elasticsearch is developed in Java. Make sure you have the latest JDK installed on your system. Follow below tutorials to install Oracle JDK on Linux.

Installing Java JDK 8 on CentoS 7 / RHEL 7

Installing Java JDK 8 on Ubuntu 14.10 / Linux Mint 17.1s

Verify the version of JDK installed on the system.

Install Elasticsearch:

Elasticsearch can be downloaded directly from official website, more than that it offers a pre-built binary packages for RHEL and Debian derivatives.

Download and install public signing key.

### Ubuntu 14.10 & Linux Mint 17.1 ###

$ wget -qO - | sudo apt-key add -

### RHEL 7 / CentOS 7 ###

# rpm --import

Add and enable Elasticsearch repository.

### Ubuntu 14.10 & Linux Mint 17.1 ###

$ sudo add-apt-repository "deb stable main"

### RHEL 7 / CentOS 7 ###

# cat <<EOF >> /etc/yum.repos.d/elasticsearch.repo
name=Elasticsearch repository for 1.4.x packages

Install Elasticsearch by using following command.

### Ubuntu 14.10 & Linux Mint 17.1 ###

$ sudo apt-get update && sudo apt-get install elasticsearch

### RHEL 7 / CentOS 7 ###

# yum -y install elasticsearch

Configure Elasticsearch to auto-start during system startup.

### Ubuntu 14.10 & Linux Mint 17.1 ###

$ sudo update-rc.d elasticsearch defaults 95 10

### RHEL 7 / CentOS 7 ###

# /bin/systemctl daemon-reload
# /bin/systemctl enable elasticsearch.service
# /bin/systemctl start elasticsearch.service

Configuring Elasticsearch:

Elasticsearch configuration files can be found in /etc/elasticsearch/ directory, you could see only two files in it, elasticsearch.yml and logging.yml. logging.yml manages the logging of elasticsearch, logs files are stored in /var/log/elasticsearch directory.

elasticsearch.yml is the main configuration file of elasticsearch, contains default settings for running production cluster.

Elasticsearch, by default, binds to all network cards (, and listens on port no 9200 – 9300 for HTTP traffic and on 9300 – 9400 for internal node to node communication, ranges means that if the port is busy, it will automatically try the next port.

Edit elasticsearch.yml file.

# vi /etc/elasticsearch/elasticsearch.yml

In order to make Elasticsearch to listen on particular ip, place the ip address on following syntax. To protect elasticsearch from public access, you can set it to listen on localhost.

### Listening on particular IPv4 ###


### Disabling public access ###


Restart the Elasticsearch service.

# service elasticsearch restart

Once you restarted, wait for at least a minute to let the Elasticsearch get fully started, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we will use CURL to get the response.

# curl -X GET 'http://localhost:9200'

You should get the response like below.

"status" : 200,
"name" : "Toad-In-Waiting",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "1.4.4",
"build_hash" : "c88f77ffc81301dfa9dfd81ca2232f09588bd512",
"build_timestamp" : "2015-02-19T13:05:36Z",
"build_snapshot" : false,
"lucene_version" : "4.10.3"
"tagline" : "You Know, for Search"

Alternatively, you can use browser to query the Elasticsearch by visiting :9200. You should see the same as you saw using curl.

Elastisearch cluster:

Cluster Name:

The setting is used to discover and auto-join other nodes, If a group of Elasticsearch servers on the same network have the same cluster name, they will discover each others. Make sure you change the default cluster name of Elasticsearch server, to avoid auto-joining of other servers on the same network that are not under your control.

If you are running multiple Elasticsearch clusters on the same network, make sure you are using unique cluster names.<NAME OF YOUR CLUSTER>

Node Name:

This is like a host name for Elasticsearch server, node name is dynamically generated during the service startup. You can set it your own name by setting the following syntax. "<NAME OF YOUR NODE>"

Do not forget to restart the Elasticsearch service.

# service elasticsearch restart

Using Elasticsearch:

Lets add some data to Elasticsearch, we can use curl to talk to Elasticsearch over port 9200 using a RESTful API. With the curl, we can read, add, delete and update the data using API. Documents are stored in the following format

Elasticsearch  ⇒ Indices   ⇒ Types  ⇒ Documents ⇒ Fields

Indices = Plural of index, where the data of Elasticsearch is stored.

Types = Contains multiple documents, it is like type of data.

Documents = It contains the data fields.

Fields = Actual detailed data.


Use the following curl command to add data on to our Elasticsearch.

# curl -X POST 'http://localhost:9200/itzgeek/howtos/1' -d '{
"Title" : "Installing Elasticsearch",
"Date" :  "March 2015",
"Tag" :        "Ubuntu,CentOS,LinuxMint"

You should get the following response.



“itzgeek” is index of the Elasticsearch cluster.

“howtos” is the type of document

“1” is id of the entry under howtos and itzgeek index.


You can use the following command to query the data on Elasticsearch.

# curl -X GET 'http://localhost:9200/itzgeek/howtos/1'

Append ?pretty=true to get a formated output.

# curl -X GET 'http://localhost:9200/itzgeek/howtos/1?pretty=true'

Output will look like below.

"_index" : "itzgeek",
"_type" : "howtos",
"_id" : "1",
"_version" : 1,
"found" : true,
"Title" : "Installing Elasticsearch",
"Date" :  "March 2015",
"Tag" :        "Ubuntu,CentOS,LinuxMint"


To update the full document, use the following POST command. There will be no change in Index, type and document; fields will have a modified data.

# curl -X POST 'http://localhost:9200/itzgeek/howtos/1' -d '{
"Title" : "Installing LogStash",
"Date" :  "March 2015",
"Tag" :        "Ubuntu,CentOS,LinuxMint"

Response should look like below, it should contain version:2 and created:false; means that document has been updated.



Use the following command to remove the document.

# curl -X DELETE 'http://localhost:9200/itzgeek/howtos/1'

Response will look like below, If doucument is found,you will get found:true and incremented version.


If the document is not found, you will get found:false and incremented version.


That’s All!, you have successfully installed and configured Elasticsearch on Ubuntu 14.10 / RHEL 7 / Linux Mint 17.


Elasticsearch =

SetupGuide = Guide


Share This Post

  • Md. Ashikur Rahman

    Thanks for your excellent writeup.

    Please also cover the ELK stack setup.

    Waiting for your next step by step ELK setup guide.