Elasticsearch is a free and open source search engine, based on Apache Lucene and equipped with Full Text capability and support for distributed architectures. This is a long-established solution in the field of real-time data analysis.
In this tutorial you’ll find all the necessary steps to create and configure an Elasticsearch server on Linux Ubuntu 18.04.
First, connect to your server via an SSH connection. If you haven’t done so yet, following our guide is recommended to connect securely with SSH. In case of a local server, go to the next step and open the terminal of your server.
Java installation
Before proceeding with the installation of Elasticsearch, install the Java Development Kit. To do so, follow our guide on how to install Java on Ubuntu 18.04. In case JDK is already installed on your system, skip this step.
Installation of Elasticsearch
The installation package can be downloaded directly from the Elastic website:
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.3.2-amd64.deb
After completing the download, proceed by installing the package:
$ sudo dpkg -i elasticsearch-7.3.2-amd64.deb
Then, proceed by installing and starting the service through:
$ sudo systemctl enable elasticsearch.service
$ sudo systemctl start elasticsearch.service
Configuration of the firewall
In case of a firewall on the system, it may be necessary to allow traffic to the Elasticsearch service, by enabling the appropriate port.
When using the UFW firewall, type this command to unlock the default Elasticsearch port:
At this point, the firewall will allow connections on port 9200.
Checking the status of the service
Verify whether the service is running and check the TCP ports that are currently listening, by running:
$ netstat -a -o -n | grep LISTEN
Then, the listening ports 9200 and 9300 as should be seen, as follows:
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp6 0 0 127.0.0.1:9200 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:9200 :::* LISTEN off (0.00/0/0)
tcp6 0 0 127.0.0.1:9300 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:9300 :::* LISTEN off (0.00/0/0)
Using Elasticsearch
Now that the service is running, use tests by entering data and checking that they are later found.
N.B. If you use a remote server, replace localhost with the the IP address of your server in the commands shown below.
In this example, enter 3 commercial products:
$ curl -POST 'http://localhost:9200/products/1' -curl -H 'Content-Type: application/json' -d '
{
"name": "Coffe Machine 1",
"uuid": "00000010"
}'
By making the call above, a new document will be inserted in the index "products" with attribute "name" corresponding to "Coffe Machine 1" and with an identifier "uuid":
{"_index":"index","_type":"products","_id":"cUqGY20Bm2mQybZCoeKU","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":1,"_primary_term":1}
Elasticsearch will respond as shown above, by specifying the id of the inserted product and other reporting data.
Then proceed by inserting 2 other products:
$ curl -POST 'http://localhost:9200/index/products' -curl -H 'Content-Type: application/json' -d '
{
"name": "White Desk",
"uuid": "WD000010"
}'
$ curl -POST 'http://localhost:9200/index/products' -curl -H 'Content-Type: application/json' -d '
{
"name": "Black Desk",
"uuid": "WD000011"
}'
Once completed, you can proceed bycarrying out your first search indicating "Desk" as a search parameter :
$ curl -X GET "http://localhost:9200/index/_search?q=Desk*&pretty"
As you can see, 2 results, including the two desks inserted above, are obtained:
{
...
"hits" : [
{
….
"_source" : {
"name" : "White Desk",
"uuid" : "WD000010"
}
},
{
...
"_score" : 1.0,
"_source" : {
"name" : "Black Desk",
"uuid" : "WD000011"
}
}
]
}
}
Configuration of Elastisearch
All Elasticsearch configuration files are in the /etc/elasticsearch directory. The most important file is elasticsearch.yml which allows to modify the basic operating parameters of the system, such as the cluster information, the TCP / IP connection parameters or the folders where to store the data.
All the configuration files present use the YAML format, so when editing these files, pay attention to the indentation.
Improving security
One of the first thing to do to increase the security of the service is to limit incoming connections, admitting only the local ones. In this way, only your application on the server can use the service.
To modify the listening card alter the file /etc/elasticsearch/elasticsearch.yml going to uncomment and modify the following line:
…
network.host: 127.0.0.1
...
Save the file and restart the service to apply the changes:
$ sudo systemctl restart elasticsearch.service
Wait a few minutes and check that the service is listening only on the local interface by launching:
$ netstat -a -o -n | grep LISTEN
To keep the service available also for external use, changing the listening port to hide the presence of Elasticsearch is always possible.
Edit the main configuration file /etc/elasticsearch/elasticsearch.yml:
…
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 2900
...
NB Instead of 2900 door any other door can be inserted.
After saving the file, restart the service:
$ sudo systemctl restart elasticsearch.service
To check the status of the service, after applying the changes, always use netstat:
$ netstat -a -o -n | grep LISTEN