How to Install Elasticsearch on AlmaLinux 8

Elasticsearch is a highly scalable open-source full-text search and analytics engine. It is generally the underlying engine/technology that powers applications with complex search features and requirements. The software supports RESTful operations that allow you to store, search, and analyze significant volumes of data quickly and in near real-time. Elasticsearch is well-liked and popular amongst sysadmins and developers as it is a mighty search engine based on the Lucene library.

In the following tutorial, you will learn how to install Elastic Search on AlmaLinux 8.

Advertisement

Prerequisites

  • Recommended OS: AlmaLinux 8.
  • User account: A user account with sudo privilages or root access (su command).

Updating Operating System

Update your AlmaLinux operating system to make sure all existing packages are up to date:

sudo dnf upgrade --refresh -y

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@localhost ~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on How to Add a User to Sudoers on AlmaLinux.

To use the root account, use the following command with the root password to log in.

su

Install CURL Package

The CURL command is needed for some parts of this guide. To install this package, type the following command:

sudo dnf install curl -y

Install Java Package

To successfully install and, more importantly, use Elasticsearch, you need to install Java. The process is relatively easy.

Type the following command to install the OpenJDK package:

sudo dnf install java-11-openjdk-devel

Example dependencies that will be installed:

How to Install Elasticsearch on AlmaLinux 8

Type “Y”, then press the “ENTER KEY” to proceed with the installation.

Confirm Java has been successfully installed with the following command:

java -version

Example output:

openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)

Install Elasticsearch

Elasticsearch is not available in the standard AlmaLinux 8 App stream, so you need to install it from the Elasticsearch RPM repository.

Before adding the repository, import the GPG key with the following command:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

The next step is to create an Elasticsearch repo file as follows:

sudo nano /etc/yum.repos.d/elasticsearch.repo

Once inside the file, add the following lines:

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

To save (CTRL+O), then exit (CTRL+X).

Now Install Elasticsearch using the following command:

sudo dnf install elasticsearch

Example output:

How to Install Elasticsearch on AlmaLinux 8

Type “Y”, then press the “ENTER KEY” to proceed with the installation

By default, the Elasticsearch service is disabled on boot and not active. To start the service and enable it on system boot, type the following (systemctl) command:

sudo systemctl enable elasticsearch.service --now

Example output:

Executing: /usr/lib/systemd/systemd-sysv-install enable elasticsearch
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.

Verify that Elasticsearch is running correctly by using the curl command to send an HTTP request to port 9200 on localhost as follows:

curl -X GET "localhost:9200/"

Example output:

How to Install Elasticsearch on AlmaLinux 8

To view the system message that Elasticsearch logs on your system, type the following command:

sudo journalctl -u elasticsearch

Example output log:

-- Logs begin at Sat 2021-08-21 01:54:10 EDT, end at Sat 2021-08-21 02:11:00 EDT. --
Aug 21 02:09:17 localhost.localdomain systemd[1]: Starting Elasticsearch...
Aug 21 02:09:43 localhost.localdomain systemd[1]: Started Elasticsearch.
Advertisement

How to Configure Elasticsearch

Elasticsearch data is stored in the default directory location (/var/lib/elasticsearch). To view or edit the configuration files, you can find them in the directory location (/etc/elasticsearch), and java start-up options can be configured in the (/etc/default/elasticsearch) configuration file.

The default settings are primarily fine for single operating servers as Elasticsearch runs on localhost only. However, if you are going to set up a cluster, you will need to modify the configuration file to allow remote connections.

Set-up Remote Access (Optional)

By default, Elasticsearch listens only to localhost. To change this, open up the configuration file as follows:

sudo nano /etc/elasticsearch/elasticsearch.yml

Scroll down to line 56 and find the Network section and uncomment (#) the following line and replace it with the Internal Private IP address or External IP address as follows:

How to Install Elasticsearch on AlmaLinux 8

In the example, we uncommented (#) the (network.host) and changed it to an Internal Private IP address as above.

For security purposes, it is ideal for specifying addresses; however, if you have multiple Internal or External IP addresses hitting the server change the network interface to listen to all with entering (0.0.0.0) as follows:

How to Install Elasticsearch on AlmaLinux 8

Save the configuration file (CTRL+O), then exit (CLTR+X).

You will need to restart the Elasticsearch service with the following command for changes to take effect:

sudo systemctl restart elasticsearch
Advertisement

How to Use Elasticsearch

To use Elasticsearch using the curl command is a straightforward process. Below are some of the most commonly used:

Delete index

Below the index is named samples.

curl -X DELETE 'http://localhost:9200/samples'

List all indexs

curl -X GET 'http://localhost:9200/_cat/indices?v'

List all docs in index

curl -X GET 'http://localhost:9200/sample/_search'

Query using URL parameters

Here we use Lucene query format to write q=school:Harvard.

curl -X GET http://localhost:9200/samples/_search?q=school:Harvard

Query with JSON aka Elasticsearch Query DSL

You can query using parameters on the URL. But you can also use JSON, as shown in the following example. JSON would be easier to read and debug when you have a complex query than one giant string of URL parameters.

curl -XGET --header 'Content-Type: application/json' http://localhost:9200/samples/_search -d '{
      "query" : {
        "match" : { "school": "Harvard" }
    }
}'

List index mapping

All Elasticsearch fields are indexes. So this lists all fields and their types in an index.

curl -X GET http://localhost:9200/samples

Add Data

curl -XPUT --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/1 -d '{
   "school" : "Harvard"			
}'

Update Doc

Here is how to add fields to an existing document. First, we create a new one. Then we update it.

curl -XPUT --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/2 -d '
{
    "school": "Clemson"
}'

curl -XPOST --header 'Content-Type: application/json' http://localhost:9200/samples/_doc/2/_update -d '{
"doc" : {
               "students": 50000}
}'

Backup index

curl -XPOST --header 'Content-Type: application/json' http://localhost:9200/_reindex -d '{
  "source": {
    "index": "samples"
  },
  "dest": {
    "index": "samples_backup"
  }
}'

Bulk load data in JSON format

export pwd="elastic:"

curl --user $pwd  -H 'Content-Type: application/x-ndjson' -XPOST 'https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/0/_bulk?pretty' --data-binary @<file>

Show cluster health

curl --user $pwd  -H 'Content-Type: application/json' -XGET https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/_cluster/health?pretty

Aggregation and Bucket Aggregation

For an Nginx web server, this produces web hit counts by user city:

curl -XGET --user $pwd --header 'Content-Type: application/json'  https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/logstash/_search?pretty -d '{
        "aggs": {
             "cityName": {
                    "terms": {
                     "field": "geoip.city_name.keyword",
                                "size": 50

        }
   }
  }
}
'

This expands that to product response code count of the town in an Nginx web server log

curl -XGET --user $pwd --header 'Content-Type: application/json'  https://58571402f5464923883e7be42a037917.eu-central-1.aws.cloud.es.io:9243/logstash/_search?pretty -d '{
        "aggs": {
          "city": {
                "terms": {
                        "field": "geoip.city_name.keyword"
                },
        "aggs": {
          "responses": {
                "terms": {
                     "field": "response"
                 }
           }
         }
      },
      "responses": {
                "terms": {
                     "field": "response"
                 }
        }
   }
}'

Using ElasticSearch with Basic Authentication

If you have turned on security with ElasticSearch, then you need to supply the user and password like shown below to every curl command:

curl -X GET 'http://localhost:9200/_cat/indices?v' -u elastic:(password)

Pretty Print

Add ?pretty=true to any search to pretty-print the JSON. Like this:

 curl -X GET 'http://localhost:9200/(index)/_search'?pretty=true

To query and return only certain fields

To return only certain fields, put them into the _source array:

GET filebeat-7.6.2-2020.05.05-000001/_search
 {
    "_source": ["suricata.eve.timestamp","source.geo.region_name","event.created"],
    "query":      {
        "match" : { "source.geo.country_iso_code": "GR" }
    }
}

To Query by Date

When the field is of type date, you can use date math, like this:

GET filebeat-7.6.2-2020.05.05-000001/_search
 {
    "query": {
        "range" : {
            "event.created": {
                "gte" : "now-7d/d"
            }
        }
}
}

How to Remove (Uninstall) Elasticsearch

If you no longer require Elasticsearch, you can remove the software with the following command:

sudo dnf autoremove elasticsearch

Example output:

How to Install Elasticsearch on AlmaLinux 8

Type “Y”, then press the “ENTER KEY” to proceed with the removal of Elasticsearch.

Comments and Conclusion

You have learned how to install Elasticsearch on AlmaLinux 8 from Elasticsearch’s official repository and configure the basics in the tutorial. Overall, ElasticSearch has many popular features, some were mentioned at the start of the tutorial, but others include enabling users to search various fields using a single query. ElasticSearch provides an outstanding level of sharding, which means horizontal scalability, which enhances the performance even with an increase in load.

For further reading, visit the official documentation page.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
adplus-dvertising
0
Would love your thoughts, please comment.x
()
x