Install Elasticsearch on Ubuntu

How to Install Elasticsearch on Ubuntu

Elasticsearch is a distributed, open-source search and analytics engine designed for handling large amounts of data. It is built on top of the Lucene search library, and it provides a scalable and efficient way to search, analyze, and visualize data in real-time.

Elasticsearch uses a document-oriented approach to store data, which means that data is stored as documents with fields and values, and each document is assigned a unique identifier. Elasticsearch allows for flexible querying and filtering of data, making it easy to search for specific documents or analyze data based on various criteria.

In addition to search and analytics, Elasticsearch can also be used for logging, monitoring, and security analysis. It integrates with a wide range of other technologies, including Kibana (a visualization and reporting tool), Logstash (a data processing pipeline), and Beats (data shippers for various sources).

Elasticsearch is highly scalable and fault-tolerant, with built-in features for clustering and replication. It can be deployed on-premises or in the cloud, and it supports various programming languages and platforms through its RESTful API. Overall, Elasticsearch is a powerful tool for handling large-scale data search and analysis needs.

Prerequisites to Install Elasticsearch on Ubuntu

To let this tutorial works correctly, provide the options below and move on.

  • A system running Ubuntu.
  • A non-root user with sudo privileges.
  • Java installation. (To make sure your environment is configured properly and that no unexpected issues have occurred.)
  • At least 2 GB RAM and 2 CPUs.

How does Elasticsearch work?

Elasticsearch receives raw data from many different sources, such as logs, system metrics, and web applications. Before being indexed in Elasticsearch, this raw data is parsed, standardized, and enhanced through a process called data intake. Users can use aggregations to acquire intricate summaries of their data once it has been indexed in Elasticsearch and can run complex queries against it. Users may administer the Elastic Stack, share dashboards, and produce rich data visualizations using Kibana.

Install Elasticsearch on Ubuntu is not complicated. Follow the following steps properly to smoothly install without any errors.

Ubuntu Install Elasticsearch Tutorial

Stay with us to improve the performance of your website and optimize it. Just let’s go through the steps of this guide to install Elasticsearch on Ubuntu.

Step1. Install Elasticsearch

The default package repositories for Ubuntu do not contain the Elasticsearch components. But, after adding the package source list for Elastic, they can be installed via APT. To update package lists (To let APT read the new Elastic source), run the command below:

sudo apt update

Now, you are ready to install Elasticsearch on Ubuntu. So, type:

sudo apt install elasticsearch

When asked to confirm installation, press Y. Press ENTER to accept the defaults and carry on if you are required to restart any services. Elasticsearch has been set up and is prepared for configuration. Also, to skip the explained step, you can run the following command instead of the previous one.

sudo apt install elasticsearch -y

Step 2. Configure Elasticsearch

Elasticsearch is fully installed, however before using it, you still need to configure it. Most of Elasticsearch’s configuration options are contained in its main configuration file, elasticsearch.yml, which we will update to configure Elasticsearch. This file can be found in the location /etc/elasticsearch. Edit the configuration file for Elasticsearch using your favorite text editor. We’ll use nano in this case:

sudo nano /etc/elasticsearch/elasticsearch.yml

On port 9200, Elasticsearch monitors traffic coming from anywhere. To prevent outsiders from viewing your data or shutting down your Elasticsearch cluster through its [REST API], you should limit external access to your Elasticsearch instance. Find the line that says “network” to limit access and hence boost security. host, uncomment it, and set localhost as its value to make it appear as follows:


. . .
# ---------------------------------- Network -----------------------------------
# Set the bind address to a specific IP (IPv4 or IPv6):
# <span style="color: #003366;">localhost</span>
. . .

Restart the Elasticsearch service for the changes to take effect.

sudo systemctl restart elasticsearch

For Elasticsearch to listen on all interfaces and bound IPs, we have chosen localhost. You can give an IP address in place of localhost if you just want it to listen on a single interface. Keep elasticsearch.yml open and shut. If you’re using nano, you may achieve this by typing CTRL+X, Y, and ENTER before releasing the keyboard keys. Elasticsearch can now be launched for the first time.

Use systemctl to launch the Elasticsearch service. Give Elasticsearch some time to launch. Otherwise, you can encounter errors that say you can’t connect.

sudo systemctl start elasticsearch

To let Elasticsearch start up every time your servers boot, run the command below:

sudo systemctl enable elasticsearch

So far, you installed and configured Elasticsearch on Ubuntu. Now, it’s time to secure Elasticsearch.

Step 3. Secure Elasticsearch

Now that your Elasticsearch service is operational, you obviously want to safeguard your installation. Yet how? UFW, the built-in firewall in Ubuntu, is capable and should be adequate. Just the local network can access your Elasticsearch server, which is sufficient for testing and development environments. But, in a real-world setting, you should restrict access to Elasticsearch to only certain hosts.

By default, anyone with access to the HTTP API can manage Elasticsearch. Because Elasticsearch only listens on the loopback interface, which can only be accessed locally, this is not usually a security problem. Hence, no public access is available, and security may not be a serious worry if all server users are trusted.

However, use the following command to allow access:

sudo ufw allow from yourIP to any port 9200

To enable UFW, type:

sudo ufw enable

Then, you can run the following command to check the status of UFW:

sudo ufw status

If the rules are properly specified, you should have output similar to this:

<span style="color: #0000ff;">Output</span>
Status: active

To                         Action      From
--                         ------      ----
<span style="color: #008080;">9200                       ALLOW</span>
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

Elasticsearch port 9200 should now be secured by the UFW, which has been enabled. However, you can purchase the Shield plugin as a commercial option if you want to spend money for more security.

How to Test and Use Elasticsearch on Ubuntu

Now that your Elasticsearch installation is safe, you can use the curl -XGET command to browse through pages. Since Elasticsearch runs on port 9200, you can test it with cURL and a GET request.

curl -X GET 'http://localhost:9200'

To do a more thorough search in Elasticsearch and get a more terse and understandable JSON output of the document, run the following command:

curl -X GET 'http://localhost:9200/_nodes?pretty'

The RESTful API that Elasticsearch utilizes answers to the standard CRUD commands—create, read, update, and delete. We will once more employ the cURL command to interact with it. You can start by adding the following entry:

curl -XPOST -H "Content-Type: application/json" 'http://localhost:9200/tutorial/Opera blog/1' -d '{ "message": "Opera blog!" }'

To retrieve this first entry with an HTTP GET request, type:

curl -X GET -H "Content-Type: application/json" 'http://localhost:9200/tutorial/operablog/1'

You can review further functionality of Elasticsearch by referring to the documentation on its official website.



In this article, you learned How to Install Elasticsearch on Ubuntu. You reviewed the required steps to install, configure, use, and secure Elasticsearch on Ubuntu. Now that the tool has been customized, you can search to your heart’s content or utilize it as else you see fit.

Elasticsearch is more than just a search engine that produces results in JSON and YAML formats for human consumption. Elasticsearch is frequently used by data analysts, DevOps specialists, and marketing professionals. If you encounter any problems, please do not hesitate to contact us. Our technical support team will try their best to solve your problems.

Leave a Reply

Your email address will not be published. Required fields are marked.