Install and configure elasticsearch on ubuntu linux

byAftab Ali -
0


Introduction 

Elasticsearch is an free and open-source, search. analytics, RESTful and distributed engine designed to store, search, and analyze large volumes of data quickly and in near real-time. It is often used for full-text search, search autocomplete, and log analytics. It integrates with other open-source tools such as Logstash and Kibana to provide a complete end-to-end search and analytics solution. It is horizontally scalable, meaning that it can be easily scaled to accommodate increasing amounts of data and users by adding more nodes to the cluster.


Requirement

  • Root privileges on ubuntu machine.
  • Basic knowledge of Linux commands.
  • 2 Cores and 4 GB memory recommended. 


In this post, We will show you how to install Elasticsearch on ubuntu 22.04 LTS

 

Step 1:  Import the GPG key

We need to import 1st elasticsearch by executing the given command.


wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -



Step 2:  Adding Repository

To add elasticsearch repository use the following command.


sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'



Step 3:  Installing Elasticsearch

We are good to install elasticsearch on ubuntu, Use the following command for the same.


To run system updates.


sudo apt-get update


To install elasticsearch.


sudo apt-get install elasticsearch -y



Step 4:  Testing Elasticsearch 

By default, Elasticsearch uses port 9200 for HTTP communication and port 9300 for TCP communication in Ubuntu. These are the default ports for the RESTful HTTP interface and the native Java client communication, respectively.


So, if you've installed Elasticsearch on Ubuntu, you can access the HTTP interface by navigating to http://localhost:9200 in your web browser. Additionally, Elasticsearch nodes can communicate with each other over port 9300.


Keep in mind that if you've made any changes to the Elasticsearch configuration, such as specifying a different port for HTTP or TCP communication, you'll need to use the configured port instead. The configuration files for Elasticsearch are typically located in the /etc/elasticsearch directory, and the primary configuration file is elasticsearch.yml.


After the installation of elasticsearch, we need to execute the query to test the basic functionality of elasticsearch.


curl -X GET "localhost:9200/"


In Ubuntu, the default location for Elasticsearch logs is typically found in the /var/log/elasticsearch/ directory. The main log file is usually named elasticsearch.log. You can view the Elasticsearch logs using a text editor or tools like cat or tail.

Here's an example using the cat command to view the content of the Elasticsearch log file:

sudo cat /var/log/elasticsearch/elasticsearch.log

Or, you can use the tail command to view the last few lines of the log in real-time:

sudo tail -f /var/log/elasticsearch/elasticsearch.log

If you have made any custom configurations that change the log path, you should check the elasticsearch.yml configuration file located in the /etc/elasticsearch/ directory. Look for the path.logs setting, which specifies the directory where Elasticsearch writes its log files.


Step 5:  Managing Elasticsearch Service 

To manage the elasticsearch service, we need to use the following commands:


To enable on boot elasticsearch service


sudo systemctl enable elasticsearch.service


To disable on boot elasticsearch service


sudo systemctl disable elasticsearch.service


To check elasticsearch service


sudo systemctl status elasticsearch.service


To stop elasticsearch service


sudo systemctl stop elasticsearch.service


To start elasticsearch service


sudo systemctl start elasticsearch.service


Step 6:  Increase JVM Memory  

To increase the JVM memory for Elasticsearch on Ubuntu 22.04 LTS, you'll need to modify the Elasticsearch configuration file. Elasticsearch uses a configuration file located at /etc/elasticsearch/jvm.options  to manage JVM memory setting.


Open the jvm.options file in a text editor. You can use a command-line text editor like nano or vim. For example:


sudo nano /etc/elasticsearch/jvm.options


Look for lines that start with -Xms and -Xmx. These settings control the minimum and maximum heap sizes, respectively. You might find lines like:


-Xms1g
-Xmx1g

The values (1g in this example) represent the initial and maximum heap sizes. You can increase or decrease these values based on your system's requirements.

Change the values to the desired heap size. For example, to set the minimum and maximum heap size to 2 gigabytes, you can use:


Step 7:  Backup and Restore Elasticsearch Data  

To back up and restore Elasticsearch data on Ubuntu Linux, you can use the snapshot and restore functionality provided by Elasticsearch. Here are the general steps for both processes:


Backup Elasticsearch Data:


Configure a Repository:

  • First, you need to configure a repository in Elasticsearch to store your snapshots. This can be a shared file system, Amazon S3, Hadoop Distributed File System (HDFS), or other supported repositories.
  • Modify the elasticsearch.yml configuration file to add the repository settings. For example, to use a shared file system repository, you might add:


path.repo: ["/path/to/your/backup/repository"]


Create a Snapshot:

  • Once the repository is configured, you can create a snapshot. Use the Elasticsearch Snapshot API or a tool like curl to create a snapshot:


sudo curl -X PUT "localhost:9200/_snapshot/your_repository/snapshot_name?wait_for_completion=true"


Replace your_repository with the name of your repository and snapshot_name with the desired name for your snapshot.


Restore Elasticsearch Data:


Shutdown Elasticsearch:

Before restoring data, it's recommended to stop the Elasticsearch service to prevent any issues during the restore process:


sudo systemctl stop elasticsearch


Restore from Snapshot:

Use the Elasticsearch Restore API or a tool like curl to restore from the snapshot:


sudo curl -X POST "localhost:9200/_snapshot/your_repository/snapshot_name/_restore?wait_for_completion=true"

Replace your_repository with the name of your repository and snapshot_name with the name of the snapshot you want to restore.


Start Elasticsearch:

After the restore is complete, start the Elasticsearch service:


sudo systemctl start elasticsearch


Additional Notes:

  • Verification: After the restore, it's advisable to verify that your data has been successfully restored by checking your Elasticsearch indices.
  • Repository Cleanup:Depending on your retention policies, you might want to periodically clean up old snapshots to manage disk space.
  • Security Considerations: Ensure that you have appropriate security measures in place, especially when dealing with sensitive data. Elasticsearch supports various security features, so make sure to configure them appropriately.


Always consult the official Elasticsearch documentation for detailed and version-specific information on snapshot and restore procedures.


Conclusion

In summary, installing Elasticsearch on Ubuntu 22.04 LTS is a straightforward process that involves adding the Elasticsearch repository, installing the package, and configuring essential settings. By following these steps, users can quickly set up Elasticsearch to leverage its powerful search and analytics capabilities on their Ubuntu systems. Adjusting configurations, such as JVM memory settings, allows for optimization based on specific requirements. Overall, the installation process is user-friendly, providing a solid foundation for utilizing Elasticsearch in a variety of applications on Ubuntu 22.04 LTS. If you still have any questions, please leave a comment below:


Tags:
Aftab Ali

My expertise is in ethical hacking, penetration testing, network security, monitoring and more.

Post a Comment (0)
Previous Post Next Post