Skip to main content

🚀 Installing and Configuring Elasticsearch

📌 Step 1: Install Java Runtime and Development Kit​

Elasticsearch requires Java to run. Install the default JRE and JDK using:

sudo apt install default-jre

sudo apt install default-jdk

📌 Step 2: Add Elasticsearch Repository​

Before installing Elasticsearch, add its repository to your system:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg

echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/9.x/apt stable main" \
| sudo tee -a /etc/apt/sources.list.d/elastic-9.x.list

Update the package list:

sudo apt update

📌 Step 3: Install Elasticsearch​

Now, install Elasticsearch using:

sudo apt install elasticsearch

📌 Step 4: Configure Elasticsearch​

Edit the main configuration file:

sudo vi /etc/elasticsearch/elasticsearch.yml

Modify the following section to configure the cluster and network settings:

# ---------------------------------- Cluster -----------------------------------
cluster.name: elasticsearch
node.name: node-1

# ---------------------------------- Network -----------------------------------
# Set the bind address to a specific IP (IPv4 or IPv6):
# You can access Elasticsearch from any machine
network.host: 0.0.0.0

# ---------------------------------- Discovery ---------------------------------
discovery.seed_hosts: []
cluster.initial_master_nodes: ["node-1"]

🔹 Understanding These Settings:

  • cluster.name: Defines the name of your Elasticsearch cluster. Change this for better organization in multi-node setups.

  • node.name: Specifies the name of the Elasticsearch node. Useful when running multiple nodes.

  • network.host:

    • localhost: Elasticsearch is only accessible from the same machine.
    • 0.0.0.0: Allows access from any IP. Required for multi-node clusters and remote access.

  • discovery.seed_hosts: A list of other nodes in the cluster. Since this is a single-node setup, we leave it empty ([]).

  • cluster.initial_master_nodes: Defines the initial master node(s) when forming a new cluster. In a single-node setup, this should match the node.name.

📌 Multi-Node Setup & Kibana Integration​

🔹 What is a Multi-Node Setup?

  • A multi-node setup consists of multiple Elasticsearch nodes working together as a cluster.
  • Each node can have different roles, such as master node, data node, and coordinating node.
  • This improves performance, availability, and scalability.

🔹 Effect on Kibana:

  • Kibana connects to the entire cluster, not just a single node.
  • Under Stack Management → Nodes, you will see all the nodes in your cluster.
  • The cluster name (cluster.name: elasticsearch) will be visible in monitoring sections.
  • If multiple nodes exist, Kibana distributes queries across them for better performance.

📌 Step 5: Start and Enable Elasticsearch​

Start the Elasticsearch service:

sudo systemctl start elasticsearch

Enable Elasticsearch to start on boot:

sudo systemctl enable elasticsearch

📌 Step 6: Verify Elasticsearch Installation​

Run the following command to check if Elasticsearch is running:

curl -X GET "localhost:9200"

🎉 If everything is set up correctly, you should see a JSON response with Elasticsearch details!

📌 Step 7: Resetting the elastic User Password​

In Elasticsearch 8+, security is enabled by default. The elastic user is the superuser (admin) account.

If you missed the password during installation or want to reset it, run:

cd /usr/share/elasticsearch/bin/
sudo ./elasticsearch-reset-password -u elastic

🔹 This will generate a new password for the elastic user. Example output:

Password for the [elastic] user successfully reset.
New value: AbC123!xYz

📌 Step 8: Authenticate with Elasticsearch​

Now use the new password to access Elasticsearch:

curl -u elastic:AbC123!xYz https://localhost:9200 -k

Explanation:

  • -u elastic:AbC123!xYz → Provides the username (elastic) and the new password.
  • https://localhost:9200 → Connects to Elasticsearch on port 9200 over HTTPS.
  • -k → Ignores SSL certificate verification (useful for self-signed certs in dev/test environments).

✅ Now you can log in to Elasticsearch securely with your elastic superuser account!

🚀 Summary: In older versions, Elasticsearch was open by default (no password). In Elasticsearch 8+, authentication is always required, so you must use the elastic user with a password.