How to Install Elasticsearch 8 on Ubuntu

Elasticsearch 8 is a powerful open-source search and analytics engine that forms the core of the Elastic Stack (ELK Stack). This guide covers installing Elasticsearch 8 on Ubuntu, walking you through two installation methods: the simplified extrepo approach and manual repository configuration. By the end, you’ll have a working Elasticsearch instance ready for log analysis, full-text search, or real-time analytics workloads.

Elasticsearch 8 introduced significant improvements over previous versions. Specifically, it includes built-in security with automatic TLS encryption, a simplified authentication model, and enhanced indexing performance. Whether you’re building a centralized logging system, powering search functionality for an application, or analyzing time-series data, Elasticsearch provides the foundation you need.

Choose Your Elasticsearch 8 Installation Method

Ubuntu offers two approaches for installing Elasticsearch 8 from the official Elastic repository. Since both methods provide the same packages and receive identical updates, you can choose based on your preference for simplicity versus control.

Method	Channel	Version	Updates	Best For
Extrepo (Recommended)	Extrepo Database	Latest 8.x	Automatic via apt upgrade	Most users who want a quick, reliable setup
Manual Repository	Elastic APT Repository	Latest 8.x	Automatic via apt upgrade	Users who prefer explicit repository control

This guide covers Ubuntu 22.04 LTS, 24.04 LTS, and 26.04 LTS. The Elastic repository uses a universal package format, so commands work identically across all supported LTS releases.

For most users, the extrepo method is recommended because it handles GPG key management and repository configuration automatically with a single command. Choose manual configuration only if you need custom repository settings or prefer explicit control over the setup process.

Update Ubuntu System Packages

Before installing any new software, update your system’s package index and upgrade existing packages. This ensures you have the latest security patches and avoids potential dependency conflicts during installation:

sudo apt update && sudo apt upgrade

After the upgrade completes, proceed with your chosen installation method below.

Option 1: Install Elasticsearch 8 with Extrepo (Recommended)

Extrepo simplifies external repository management by handling GPG keys and source configuration automatically. As a result, this method requires fewer commands and reduces the chance of configuration errors.

Install Extrepo

First, install the extrepo package if it’s not already present on your system:

sudo apt install extrepo

Enable the Elasticsearch 8 Repository

Next, enable the Elastic 8.x repository. This command downloads the GPG key and creates the appropriate source configuration:

sudo extrepo enable elastic_8

Additionally, extrepo provides repositories for other Elasticsearch major versions (elastic_7, elastic_9). To see all available Elastic repositories, run extrepo search elastic before deciding which version to enable.

After enabling the repository, update your package index to make the new packages available:

sudo apt update

Install Elasticsearch

Once the repository is configured, install Elasticsearch:

sudo apt install elasticsearch

The installation process may take a few minutes as it downloads the package and configures the service. Once complete, proceed to the service configuration section below.

Option 2: Install Elasticsearch 8 with Manual Repository Configuration

Alternatively, if you prefer explicit control over repository configuration, this method manually adds the Elastic APT repository using the modern DEB822 format.

Install Required Prerequisites

First, ensure curl and gpg are installed. These tools are needed to download and process the repository signing key:

sudo apt install curl gpg

Import the Elasticsearch GPG Key

Next, download the Elasticsearch signing key and convert it to the binary format used by APT. This key verifies that packages genuinely come from Elastic:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

Add the Elasticsearch Repository

Then, create a repository source file in the DEB822 format. This modern format is clearer to read and less error-prone than the legacy one-line format:

cat <<EOF | sudo tee /etc/apt/sources.list.d/elasticsearch.sources
Types: deb
URIs: https://artifacts.elastic.co/packages/8.x/apt
Suites: stable
Components: main
Signed-By: /usr/share/keyrings/elasticsearch-keyring.gpg
EOF

After adding the repository, update your package index:

sudo apt update

Install Elasticsearch

Once the repository is configured, install Elasticsearch:

sudo apt install elasticsearch

The installation takes a few minutes. Afterward, continue to the next section to start and verify the service.

Start and Enable the Elasticsearch Service

By default, Elasticsearch does not start automatically after installation. To enable the service for automatic startup at boot and start it immediately, run:

sudo systemctl enable elasticsearch --now

The --now flag combines enable and start into a single command. Elasticsearch may take 30-60 seconds to fully initialize on first startup, especially on systems with limited memory.

Verify the Service Status

At this point, confirm that Elasticsearch is running correctly:

sudo systemctl status elasticsearch

You should see output showing an active service:

● elasticsearch.service - Elasticsearch
     Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; preset: enabled)
     Active: active (running) since Sun 2024-12-29 08:30:00 UTC; 30s ago
       Docs: https://www.elastic.co
   Main PID: 12345 (java)
     Memory: 1.2G
        CPU: 45.123s
     CGroup: /system.slice/elasticsearch.service
             └─12345 /usr/share/elasticsearch/jdk/bin/java ...

If you see Active: active (running), your installation was successful. If the status shows failed or inactive, check the troubleshooting section below.

Test the Elasticsearch API

Elasticsearch 8 enables security by default, including TLS encryption. Consequently, for local testing, you can query the cluster information using the generated certificate:

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

This command prompts for the elastic user password, which was generated during installation. However, if you missed the initial password output, reset it with:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

After entering the password, the curl command returns cluster information in JSON format:

{
  "name" : "ubuntu-server",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "abc123...",
  "version" : {
    "number" : "8.19.9",
    "build_flavor" : "default",
    "build_type" : "deb",
    ...
  },
  "tagline" : "You Know, for Search"
}

Understand Elasticsearch Directories and Configuration

Familiarizing yourself with the key file locations helps with configuration, troubleshooting, and backup planning.

Key Directory Locations

Path	Purpose
/etc/elasticsearch/	Configuration files including elasticsearch.yml
/var/lib/elasticsearch/	Index data, cluster state, and snapshots
/var/log/elasticsearch/	Application and slow query logs
/etc/elasticsearch/certs/	TLS certificates for secure communication
/etc/default/elasticsearch	JVM options and environment variables

Main Configuration File

In particular, the primary configuration file controls cluster settings, network binding, and discovery options:

sudo nano /etc/elasticsearch/elasticsearch.yml

Generally, default configurations work well for single-node development setups. However, for production clusters or remote access, you’ll need to modify network and discovery settings as described in the next section.

Configure Remote Access (Optional)

By default, Elasticsearch only listens on localhost (127.0.0.1). If you need to access Elasticsearch from other machines (for example, to connect Kibana or Logstash running on different servers), you must configure network binding.

Edit Network Settings

To begin, open the main configuration file:

sudo nano /etc/elasticsearch/elasticsearch.yml

Then, locate the Network section and modify the network.host setting. Common configurations include:

Bind to a specific private IP:

network.host: 192.168.1.100

Bind to all interfaces (use with caution):

network.host: 0.0.0.0

Additional Cluster Settings

In addition, when enabling remote access, you may also want to configure:

# Identify your cluster
cluster.name: my-elasticsearch-cluster

# Name this node
node.name: node-1

# For single-node setups, disable discovery
discovery.type: single-node

Alternatively, for multi-node clusters, configure discovery.seed_hosts with the addresses of other nodes instead of using single-node mode.

Apply Configuration Changes

After making changes, restart Elasticsearch to apply them:

sudo systemctl restart elasticsearch

Finally, verify the service started successfully with sudo systemctl status elasticsearch before proceeding.

Configure JVM Memory Settings

Elasticsearch runs on the Java Virtual Machine (JVM), and proper memory allocation is critical for performance. By default, Elasticsearch configures heap size based on available system memory. However, you may need to adjust this for your workload.

To adjust memory, edit the JVM options file:

sudo nano /etc/elasticsearch/jvm.options.d/heap.options

Then, add memory settings (set both values equal to avoid performance issues):

-Xms2g
-Xmx2g

Memory guidance: Set heap to no more than 50% of available RAM, and never exceed 31GB. For a server with 8GB RAM, 2-4GB heap is appropriate. Always keep enough memory free for the operating system and filesystem cache.

Afterward, restart Elasticsearch to apply the memory settings:

sudo systemctl restart elasticsearch

Configure UFW Firewall for Elasticsearch

If you’ve enabled remote access, you’ll also need to configure your firewall to allow connections. For detailed firewall management, see our comprehensive UFW firewall configuration guide on Ubuntu.

Allow Specific IP Addresses

For security, the best approach is to allow only specific IP addresses. Replace 192.168.1.50 with the actual IP of the client machine:

sudo ufw allow from 192.168.1.50 to any port 9200

Allow a Subnet

Alternatively, to allow all machines on a local network:

sudo ufw allow from 192.168.1.0/24 to any port 9200

Verify Firewall Rules

Afterward, check your current firewall configuration:

sudo ufw status numbered

You should see output showing the new rule:

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 9200                       ALLOW IN    192.168.1.0/24

Security warning: Avoid using sudo ufw allow 9200 without source restrictions in production. This opens Elasticsearch to all incoming traffic, which is a significant security risk even with authentication enabled.

Troubleshooting Common Issues

Elasticsearch Fails to Start

If the service fails to start, check the logs for specific error messages:

sudo journalctl -u elasticsearch --no-pager -n 50

Common causes and solutions:

Insufficient memory: Elasticsearch requires at least 2GB of RAM. On systems with limited memory, reduce the heap size in /etc/elasticsearch/jvm.options.d/heap.options.

Permission errors: The elasticsearch user must own the data directory:

sudo chown -R elasticsearch:elasticsearch /var/lib/elasticsearch

Port already in use: Check if another process is using port 9200:

sudo ss -tlnp | grep 9200

Cannot Connect Remotely

If Elasticsearch runs but remote connections still fail, check the following:

Verify network binding:

sudo ss -tlnp | grep 9200

In this case, if output shows 127.0.0.1:9200, Elasticsearch is only listening locally. Update network.host in the configuration and restart the service.

Check firewall rules:

sudo ufw status

Make sure port 9200 is allowed from the client’s IP address.

Reset the Elastic User Password

If you’ve lost the initial password or need to change it:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

Remove Elasticsearch

If you need to uninstall Elasticsearch, follow these steps to completely remove the software along with its associated files.

Stop and Disable the Service

First, stop the running service and prevent it from starting at boot:

sudo systemctl stop elasticsearch
sudo systemctl disable elasticsearch

Remove the Package

Next, uninstall Elasticsearch and clean up unused dependencies:

sudo apt remove --purge elasticsearch
sudo apt autoremove

Remove Repository Configuration

Then, remove the repository files based on which installation method you used:

If you used extrepo:

sudo extrepo disable elastic_8

If you used manual repository configuration:

sudo rm /etc/apt/sources.list.d/elasticsearch.sources
sudo rm /usr/share/keyrings/elasticsearch-keyring.gpg

Remove Data and Configuration (Optional)

Warning: The following commands permanently delete all Elasticsearch indices, configuration files, and logs. Back up any data you need before proceeding.

sudo rm -rf /var/lib/elasticsearch
sudo rm -rf /var/log/elasticsearch
sudo rm -rf /etc/elasticsearch

Finally, update your package index to confirm the repository was removed:

sudo apt update

Conclusion

You’ve installed Elasticsearch 8 on Ubuntu using either the streamlined extrepo method or manual repository configuration. Your Elasticsearch instance is now ready to index data and serve search queries. For production deployments, consider configuring TLS certificates for inter-node communication, setting up authentication for all users, and implementing regular snapshot backups.

To expand your Elastic Stack further, you can add Kibana for visualization and Logstash or Beats for data ingestion. The official Elastic documentation provides comprehensive guides for these components and advanced configuration options.

Useful Links

For further reading and official resources:

• Elasticsearch Debian/Ubuntu Installation Guide: Official installation documentation from Elastic.
• Elasticsearch Release Highlights: Latest features and improvements in Elasticsearch 8.
• Elasticsearch Security Setup: Configure authentication and TLS for production use.