Table of Contents
In this article, we will see how to install elasticsearch on Ubuntu 22.04 LTS. Elasticsearch is a really really fast distributed analytics engine using RESTful API to address a growing number of use cases which includes faster data access. It also allows you to centrally store your data and make it available anytime you need at lightning fast speed using its powerful analytics engine. Elasticsearch stores data in the form of JSON documents where each documents correlates a set of keys with their corresponding values. It comes with lot of other inbuilt features that allows it to be integrated with other useful tools like logstash and Kibana.
It has most of the features freely available under either SSPL or the Elastic License. If you need some of the advanced features such as alerting, machine learning and access to support then you need to go for paid subscription. Elasticsearch is easily deployable in almost all kind of famous environments. Here we will see the steps to install Elasticsearch on Ubuntu 22.04 LTS based systems in great detail with the help of an example.
How to Install Elasticsearch on Ubuntu 22.04 LTS (Jammy Jellyfish)
Also Read: How to Install Xrdp on Ubuntu 22.04 LTS (Jammy Jellyfish)
Step 1: Prerequisites
a) You should have a running Ubuntu 22.04 LTS Server.
b) You should have sudo or root access to run privileged commands.
c) You should have wget, curl, shasum and dpkg utility available in your Server.
Step 2: Update Your Server
You need to first download and install all the latest available updates from default Ubuntu repo by using sudo apt update && sudo apt upgrade command as shown below. This will sync your system to the latest available package versions.
cyberithub@ubuntu:~$ sudo apt update && sudo apt upgrade [sudo] password for cyberithub: Hit:1 https://artifacts.elastic.co/packages/8.x/apt stable InRelease Hit:2 http://in.archive.ubuntu.com/ubuntu jammy InRelease Get:3 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] Get:4 https://dl.google.com/linux/chrome/deb stable InRelease [1,825 B] Get:5 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB] Get:6 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease [108 kB] Get:7 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,080 B] Get:8 http://in.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [724 kB] Get:9 http://security.ubuntu.com/ubuntu jammy-security/main amd64 DEP-11 Metadata [41.5 kB] Get:10 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 DEP-11 Metadata [22.0 kB] Get:11 http://in.archive.ubuntu.com/ubuntu jammy-updates/main i386 Packages [430 kB] Get:12 http://in.archive.ubuntu.com/ubuntu jammy-updates/main amd64 DEP-11 Metadata [99.9 kB] Get:13 http://in.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [932 kB] Get:14 http://in.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 DEP-11 Metadata [274 kB] Get:15 http://in.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 DEP-11 Metadata [940 B] Get:16 http://in.archive.ubuntu.com/ubuntu jammy-backports/main amd64 DEP-11 Metadata [7,996 B] Get:17 http://in.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 DEP-11 Metadata [15.3 kB] Fetched 2,887 kB in 5s (546 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 4 packages can be upgraded. Run 'apt list --upgradable' to see them. Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: grub-common grub-pc grub-pc-bin grub2-common 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 4,081 kB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y ........................................................................
Step 3: Download Elasticsearch
You have to visit official website and download the latest version of Elasticsearch debian package using wget utility as shown below. After running below command, you will notice that the package is downloaded in the current working directory.
cyberithub@ubuntu:~$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.1-amd64.deb --2023-06-23 17:24:43-- https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.1-amd64.deb Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7:: Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 596810114 (569M) [binary/octet-stream] Saving to: ‘elasticsearch-8.8.1-amd64.deb’ elasticsearch-8.8.1-amd64.deb 100%[============================================================================>] 569.16M 6.96MB/s in 82s 2023-06-23 17:26:05 (6.96 MB/s) - ‘elasticsearch-8.8.1-amd64.deb’ saved [596810114/596810114]
Step 4: Download SHA
Then you need to download the SHA file to compare and verify the checksum. You can simply download the file by using wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.1-amd64.deb.sha512 command as shown below.
cyberithub@ubuntu:~$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.1-amd64.deb.sha512
--2023-06-23 17:27:12-- https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.8.1-amd64.deb.sha512
Resolving artifacts.elastic.co (artifacts.elastic.co)... 34.120.127.130, 2600:1901:0:1d7::
Connecting to artifacts.elastic.co (artifacts.elastic.co)|34.120.127.130|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 160 [binary/octet-stream]
Saving to: ‘elasticsearch-8.8.1-amd64.deb.sha512’
elasticsearch-8.8.1-amd64.deb.sha512 100%[============================================================================>] 160 --.-KB/s in 0s
2023-06-23 17:27:13 (28.2 MB/s) - ‘elasticsearch-8.8.1-amd64.deb.sha512’ saved [160/160]
Step 5: Verify Checksum
Now to compare the SHA of the downloaded Debian package and the published checksum, you need to run shasum -a 512 -c elasticsearch-8.8.1-amd64.deb.sha512 command as shown below. It should show OK on the output.
cyberithub@ubuntu:~$ shasum -a 512 -c elasticsearch-8.8.1-amd64.deb.sha512 elasticsearch-8.8.1-amd64.deb: OK
Step 6: Install Elasticsearch
After verifying the debian package, you can install it from current directory by using sudo dpkg -i elasticsearch-8.8.1-amd64.deb command as shown below.
cyberithub@ubuntu:~$ sudo dpkg -i elasticsearch-8.8.1-amd64.deb
Selecting previously unselected package elasticsearch.
(Reading database ... 202323 files and directories currently installed.)
Preparing to unpack elasticsearch-8.8.1-amd64.deb ...
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Unpacking elasticsearch (8.8.1) ...
Setting up elasticsearch (8.8.1) ...
--------------------------- Security autoconfiguration information ------------------------------
Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.
The generated password for the elastic built-in superuser is : *ooZ5ToJ2F5a61kbs85Y
If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
Step 7: Configure Elasticsearch
By default, elasticsearch will be accessible on localhost Port 9200 so you don't have to change any network setting in elasticsearch.yml configuration file as shown below.
cyberithub@ubuntu:~$ sudo nano /etc/elasticsearch/elasticsearch.yml # ---------------------------------- Network ----------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # #network.host: localhost # # By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # #http.port: 9200
But in case you want to use any other IP or hostname instead of localhost then you need to change the setting of network.host. For example, in our case we would like Elasticsearch to be accessible on IP 192.168.0.105 so we changed the network.host setting like below.
cyberithub@ubuntu:~$ sudo nano /etc/elasticsearch/elasticsearch.yml # ---------------------------------- Network ----------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # network.host: 192.168.0.105 # # By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # #http.port: 9200
Similarly, if you don't want to use default port on localhost and would like Elasticsearch to listens for HTTP traffic on different port then you need to change the setting of http.port. For example, in our case we are using a free Port 5558 as you can see below.
cyberithub@ubuntu:~$ sudo nano /etc/elasticsearch/elasticsearch.yml # ---------------------------------- Network ----------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # # network.host: localhost # # By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # http.port: 5558
Finally you can change both network.host and http.port in case you don't want to use the default one.
cyberithub@ubuntu:~$ sudo nano /etc/elasticsearch/elasticsearch.yml # ---------------------------------- Network ----------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # network.host: 192.168.0.105 # # By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # http.port: 5558
Another important setting that you need to do is to set the security features. By default, xpack.security.enabled will be set to true. This means you cannot query anything from elasticsearch without passing credentials. In case, you don't want to use any username and password, you need to disable this feature by setting it as false as shown below.
cyberithub@ubuntu:~$ sudo nano /etc/elasticsearch/elasticsearch.yml #----------------------- BEGIN SECURITY AUTO CONFIGURATION ----------------------- # # The following settings, TLS certificates, and keys have been automatically # generated to configure Elasticsearch security features on 23-06-2023 11:58:39 # # -------------------------------------------------------------------------------- # Enable security features xpack.security.enabled: false
But if you are looking to use the security feature then you need to first set the password for reserved user elastic and then use the same to authenticate during curl query.
NOTE:
elasticsearch-setup-passwords utility in your system might not be in same location as mine so to find this utility you just need to search it by using sudo find / -name elasticsearch-setup-passwords command.cyberithub@ubuntu:~$ cd /usr/share/elasticsearch/bin/ cyberithub@ubuntu:/usr/share/elasticsearch/bin$ sudo ./elasticsearch-setup-passwords interactive
Step 8: Enable Elasticsearch Service
After configuring elasticsearch, you can reload the daemon by using sudo systemctl daemon-reload command and then enable the elasticsearch service by using sudo systemctl enable elasticsearch.service command to auto start after every reboot.
cyberithub@ubuntu:~$ sudo systemctl daemon-reload cyberithub@ubuntu:~$ sudo systemctl enable elasticsearch.service Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /lib/systemd/system/elasticsearch.service.
Step 9: Start Elasticsearch Service
Then you need to start the service by using sudo systemctl start elasticsearch.service command. Once started, you can then verify the service status by using sudo systemctl status elasticsearch.service command as shown below.
cyberithub@ubuntu:~$ sudo systemctl start elasticsearch.service cyberithub@ubuntu:~$ sudo systemctl status elasticsearch.service ● elasticsearch.service - Elasticsearch Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2023-06-23 22:22:54 IST; 1min 13s ago Docs: https://www.elastic.co Main PID: 5431 (java) Tasks: 68 (limit: 2262) Memory: 1.1G CPU: 48.859s CGroup: /system.slice/elasticsearch.service ├─5431 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsearch/bin/elasti> ├─5499 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manager> └─5552 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller Jun 23 22:21:10 ubuntu systemd[1]: Starting Elasticsearch... Jun 23 22:22:54 ubuntu systemd[1]: Started Elasticsearch.
Step 10: Configure Firewall(Optional)
If you have ufw firewall running in your Server then you need to allow access to the default or customize Elasticsearch HTTP Port, whichever you are using. For example, to allow default Elasticsearch HTTP Port 9200 on Server 192.168.0.105, you need to use sudo ufw allow from 192.168.0.105 to any Port 9200 command as shown below.
cyberithub@ubuntu:~$ sudo ufw allow from 192.168.0.105 to any port 9200
Then you can reload the firewall by using sudo ufw reload command as shown below.
cyberithub@ubuntu:~$ sudo ufw reload
Finally, you can check the status by using sudo ufw status command as shown below.
cyberithub@ubuntu:~$ sudo ufw status
If the firewall is not enabled, you can enable it by using sudo ufw enable command as shown below.
cyberithub@ubuntu:~$ sudo ufw enable
Step 11: Testing Setup
Now that elasticsearch is successfully setup, it is time to test the connection by running a simple curl GET requests. This can be be done by running curl -X GET 'http://localhost:9200' command as shown below.
cyberithub@ubuntu:~$ curl -X GET 'http://localhost:9200'
{
"name" : "ubuntu",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "LR73g1FTS5WyTZvVh81xyw",
"version" : {
"number" : "8.8.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "f8edfccba429b6477927a7c1ce1bc6729521305e",
"build_date" : "2023-06-05T21:32:25.188464208Z",
"build_snapshot" : false,
"lucene_version" : "9.6.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Step 12: Using Elasticsearch
After testing the setup, you can go further and run below GET request to check the current node, cluster, roles etc settings in great detail.
cyberithub@ubuntu:~$ curl -X GET 'http://localhost:9200/_nodes?pretty'
{
"_nodes" : {
"total" : 1,
"successful" : 1,
"failed" : 0
},
"cluster_name" : "elasticsearch",
"nodes" : {
"nqXgl60uQDSil4KdutA_cg" : {
"name" : "ubuntu",
"transport_address" : "127.0.0.1:9300",
"host" : "127.0.0.1",
"ip" : "127.0.0.1",
"version" : "8.8.1",
"transport_version" : 8080199,
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "f8edfccba429b6477927a7c1ce1bc6729521305e",
"total_indexing_buffer" : 103179878,
"roles" : [
"data",
"data_cold",
"data_content",
"data_frozen",
"data_hot",
"data_warm",
"ingest",
"master",
"ml",
"remote_cluster_client",
"transform"
],
..........................................
You can create your first entry in Elasticsearch by sending below POST request using curl command. It should create an entry with successful message showing on the output as you can see below.
cyberithub@ubuntu:~$ curl -XPOST -H "Content-Type: application/json" 'http://localhost:9200/cyberithub/_doc/1' -d '{ "message": "Hello World!" }' {"_index":"cyberithub","_id":"1","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":0,"_primary_term":1}
In the above request, the URI of the request is /cyberithub/_doc/1 which means following:-
cyberithubis the index of the data in Elasticsearch_docis the endpoint name1is the entry ID for the given index and endpoint
You can also retrieve the above created data by sending below GET request using curl command.
cyberithub@ubuntu:~$ curl -XGET -H "Content-Type: application/json" 'http://localhost:9200/cyberithub/_doc/1' {"_index":"cyberithub","_id":"1","_version":1,"_seq_no":0,"_primary_term":1,"found":true,"_source":{ "message": "Hello World!" }}
Similarly, you can perform other operation using RESTful API that supports CRUD(Create, Read, Update and Delete) commands.