Elasticsearch is a powerful open-source search and analytics engine that is part of the Elastic Stack, which includes tools like Kibana, Logstash, and Beats. It is widely used for log and event data analysis, full-text search, and real-time data monitoring. This article will guide you through the steps to install and configure Elasticsearch on a Linux system.

Prerequisites:

• A Linux server (Ubuntu 20.04 is used in this example)
• A user with sudo privileges
• Java 8 or later installed

Step 1: Install Java

Elasticsearch requires Java to run. You can install OpenJDK 11, which is available in the default repositories.

sudo apt update
sudo apt install openjdk-11-jdk -y

Verify the installation:

java -version

Step 2: Download and Install Elasticsearch

First, import the Elasticsearch GPG key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Next, add the Elasticsearch repository to your APT sources list:

sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

Update the package index and install Elasticsearch:

sudo apt update
sudo apt install elasticsearch -y

Step 3: Configure Elasticsearch

Elasticsearch configuration files are located in the /etc/elasticsearch directory. The main configuration file is elasticsearch.yml.

Open the elasticsearch.yml file for editing:

sudo nano /etc/elasticsearch/elasticsearch.yml

You can configure various settings here, but for a basic setup, you might want to set the cluster.name and node.name:

cluster.name: my-cluster
node.name: node-1

Step 4: Start and Enable Elasticsearch

Start the Elasticsearch service:

sudo systemctl start elasticsearch

Enable the service to start on boot:

sudo systemctl enable elasticsearch

Verify that Elasticsearch is running:

sudo systemctl status elasticsearch

Step 5: Test Elasticsearch

By default, Elasticsearch listens on port 9200. You can test the installation by sending an HTTP request to this port:

curl -X GET "localhost:9200/"

You should see a JSON response with information about your Elasticsearch cluster.

Step 6: Secure Elasticsearch (Optional)

For production environments, it's essential to secure your Elasticsearch instance. Here are a few basic steps:

1. Firewall Configuration: Ensure that only trusted sources can access your Elasticsearch instance.

sudo ufw allow from trusted_ip to any port 9200
sudo ufw enable

2. Enable Security Features: Elasticsearch offers built-in security features like authentication and encryption. You can enable these in the elasticsearch.yml file.

xpack.security.enabled: true

After making changes, restart Elasticsearch:

sudo systemctl restart elasticsearch

Conclusion

You have now installed and configured Elasticsearch on your Linux server. This setup allows you to start indexing and searching your data. For more advanced configurations and optimizations, refer to the official Elasticsearch documentation.