Install ElasticSearch on CentOS 7 / Debian 9 / Ubuntu 16.04 / Linux Mint 18

1

ElasticSearch Logo

Elasticsearch is an enterprise level open source search server based on Apache Lucene, offers a real-time distributed search and analytics with a RESTful web interface and schema-free JSON documents. Elasticsearch is developed in java and is released under Apache License. Currently, it is ranked second in most popular enterprise search engine, behind Apache Solr.

This guide will help you to install Elasticsearch on CentOS 7 / Ubuntu 16.04 / Linux Mint 18.

Prerequisites

As said earlier, Elasticsearch is developed in Java. Make sure you have the latest JDK installed on your system. Follow below tutorials to install Oracle JDK on Linux.

READ: How to install Java JDK 8 on Ubuntu 16.04 / Linux Mint 18

READ: How to install Java SDK 1.8 on RHEL 7 / CentOS 7

Verify the version of JDK installed on the system.

java -version

Output:

openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-2ubuntu1.16.04.3-b11)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)

Install Elasticsearch

Elasticsearch can be downloaded directly from the official website, more than that it offers a pre-built binary package for RHEL and Debian derivatives.

Download and install public signing key.

### Debian 9 / Ubuntu 16.04 & Linux Mint 18 ###

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

### RHEL 7 / CentOS 7 ###

# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Add and enable Elasticsearch repository.

### Debian 9 / Ubuntu 16.04 & Linux Mint 18 ###

$ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elk.list

### RHEL 7 / CentOS 7 ###

# cat <<EOF >> /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

Install Elasticsearch by using the following command.

### Debian 9 / Ubuntu 16.04 & Linux Mint 18 ###

$ sudo apt-get update 
$ sudo apt-get install -y elasticsearch

### RHEL 7 / CentOS 7 ###

# yum -y install elasticsearch

Configure Elasticsearch to auto-start during system startup.

### Debian 9 / Ubuntu 16.04 & Linux Mint 18 ###

$ sudo systemctl enable elasticsearch
$ sudo systemctl start elasticsearch

### RHEL 7 / CentOS 7 ###

# systemctl daemon-reload
# systemctl enable elasticsearch
# systemctl start elasticsearch

Configure Elasticsearch

Elasticsearch configuration files can be found in /etc/elasticsearch/ directory; you could see only two files in it, elasticsearch.yml and logging.yml.

logging.yml manages the logging of elasticsearch, and logs files are stored in /var/log/elasticsearch directory.

elasticsearch.yml is the main configuration file of elasticsearch, contains default settings for running production cluster.

Elasticsearch, by default, binds to all network cards (0.0.0.0), and listens on port no 9200 – 9300 for HTTP traffic and on 9300 – 9400 for internal node to node communication, ranges means that if the port is busy, it will automatically try the next port.

Edit elasticsearch.yml file.

# vi /etc/elasticsearch/elasticsearch.yml

To make Elasticsearch listen on particular ip, place the ip address on the following syntax. To protect elasticsearch from public access, you can set it to listen on localhost.

### Listening on particular IPv4 ###

network.bind_host: 192.168.0.1

### Disabling public access ###

network.bind_host: 127.0.0.1

Restart the Elasticsearch service.

# service elasticsearch restart

Once you restarted, wait for at least a minute to let the Elasticsearch get fully started. Otherwise, testing will fail. Elastisearch should be now listening on 9200 for processing HTTP request; we will use CURL to get the response.

# curl -X GET 'http://localhost:9200'

You should get the response like below.

{
  "name" : "gf5QYAn",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "S6gZNkMERpSr-MGXqEFUJw",
  "version" : {
    "number" : "5.5.2",
    "build_hash" : "b2f0c09",
    "build_date" : "2017-08-14T12:33:14.154Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.0"
  },
  "tagline" : "You Know, for Search"
}

Alternatively, you can use a browser to query the Elasticsearch. You should see the same as you saw using curl.

Elasticsearch cluster

Cluster Name

The setting cluster.name is used to discover and auto-join other nodes, If a group of Elasticsearch servers on the same network have the same cluster name, they will discover each other. Make sure you change the default cluster name of Elasticsearch server, to avoid auto-joining of other servers on the same network that is not under your control.

If you are running multiple Elasticsearch clusters on the same network, make sure you are using unique cluster names.

cluster.name:<NAME OF YOUR CLUSTER>

Node Name

Node name is like a host name for Elasticsearch server, dynamically generated during the service startup. You can set it your own name by setting the following syntax.

node.name: "<NAME OF YOUR NODE>"

Do not forget to restart the Elasticsearch service.

# service elasticsearch restart

Using Elasticsearch

Let’s add some data to Elasticsearch. We can use curl to talk to Elasticsearch over port 9200 using a RESTful API. With the curl, we can read, add, delete and update the data using API. Documents are stored in the following format

Elasticsearch  ⇒ Indices   ⇒ Types  ⇒ Documents ⇒ Fields

Indices = Plural of an index, where the data of Elasticsearch is stored.

Types = Contains multiple documents, it is like the type of data.

Documents = It contains the data fields.

Fields = Actual detailed data.

Add

Use the following curl command to add data on to our Elasticsearch.

# curl -X POST 'http://localhost:9200/itzgeek/howtos/1' -d '{
"Title" : "Installing Elasticsearch",
"Date" :  "March 2015",
"Tag" :        "Ubuntu,CentOS,LinuxMint"
}'

You should get the following response.

{"_index":"itzgeek","_type":"howtos","_id":"1","_version":1,"created":true}

Where

“itzgeek” is the index of the Elasticsearch cluster.

“howtos” is the type of document

“1” is the id of the entry under howtos and itzgeek index.

Read

You can use the following command to query the data on Elasticsearch.

# curl -X GET 'http://localhost:9200/itzgeek/howtos/1'

Append ?pretty=true to get a formated output.

# curl -X GET 'http://localhost:9200/itzgeek/howtos/1?pretty=true'

The output will look like below.

{
"_index" : "itzgeek",
"_type" : "howtos",
"_id" : "1",
"_version" : 1,
"found" : true,
"_source":{
"Title" : "Installing Elasticsearch",
"Date" :  "March 2015",
"Tag" :        "Ubuntu,CentOS,LinuxMint"
}
}

Update

To update the full document, use the following POST command. There will be no change in Index, type, and document; fields will have a modified data.

# curl -X POST 'http://localhost:9200/itzgeek/howtos/1' -d '{
"Title" : "Installing LogStash",
"Date" :  "March 2015",
"Tag" :        "Ubuntu,CentOS,LinuxMint"
}'

The response should look like below, should contain version:2 and created:false; means that document has been updated.

{"_index":"itzgeek","_type":"howtos","_id":"1","_version":2,"created":false}

Remove

Use the following command to remove the document.

# curl -X DELETE 'http://localhost:9200/itzgeek/howtos/1'

The response will look like below. If document is found you will get found:true and incremented version.

{"found":true,"_index":"itzgeek","_type":"howtos","_id":"1","_version":3}

If the document is not found, you will get found:false and incremented version.

{"found":false,"_index":"itzgeek","_type":"howtos","_id":"1","_version":4}

That’s All!, you have successfully installed and configured Elasticsearch on Ubuntu 14.10 / RHEL 7 / Linux Mint 17.

Links:

Elasticsearch = elastisearch.org

SetupGuide = Guide

You might also like