Setting Up and Optimizing Elasticsearch on Rocky Linux 8

by

Elasticsearch is a robust, free, and open-source analytics engine designed for the real-time storage, search, and analysis of large data volumes. Built on Java and powered by Apache Lucene, it’s renowned for its rapid performance, scalability, and extensive feature set. Elasticsearch is particularly useful for monitoring application performance, logging, and log analytics.

This guide will walk you through installing Elasticsearch on Rocky Linux 8.

Prerequisites

  • A server configured with Rocky Linux 8.
  • Root access to the server.

Install Java

As Elasticsearch is Java-based, Java must be installed on your server. Use the following command to install Java:

dnf install java-11-openjdk-devel -y

After installation, verify it using:

java -version

Expected output:

openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)

Install Elasticsearch

Elasticsearch is not included by default in Rocky Linux 8 repositories, so you need to set up a custom repository.

Begin by importing the Elasticsearch GPG key:

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create an Elasticsearch repository file:

nano /etc/yum.repos.d/elasticsearch.repo

Add these lines:

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Save and close the file, then proceed to install Elasticsearch:

dnf install elasticsearch -y

Configure Elasticsearch

The main configuration file for Elasticsearch is located at /etc/elasticsearch/elasticsearch.yml. Edit it using:

nano /etc/elasticsearch/elasticsearch.yml

Adjust the node name, cluster name, data path, and network host as follows:

cluster.name: Elastic Cluster
node.name: rockylinux
path.data: /var/lib/elasticsearch
network.host: 127.0.0.1

Save your changes, then start the Elasticsearch service and set it to start automatically on boot:

systemctl start elasticsearch
systemctl enable elasticsearch

Check that Elasticsearch is running using:

systemctl status elasticsearch

Sample output:

? elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2021-08-09 04:34:34 UTC; 8s ago
     Docs: https://www.elastic.co
 Main PID: 5247 (java)
    Tasks: 62 (limit: 11411)
   Memory: 1.1G
   CGroup: /system.slice/elasticsearch.service
           ??5247 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=1>
           ??5412 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller

Aug 09 04:33:29 RockyLinux8 systemd[1]: Starting Elasticsearch...
Aug 09 04:34:34 RockyLinux8 systemd[1]: Started Elasticsearch.

Verify Elasticsearch

Elasticsearch should now be active and listening on port 9200. Verify by running:

ss -antpl | grep 9200

Expected response:

LISTEN 0      128    [::ffff:127.0.0.1]:9200            *:*    users:(("java",pid=5247,fd=283))

Additionally, verify Elasticsearch with:

curl -X GET 'http://localhost:9200'

Expected output:

{
  "name" : "rockylinux",
  "cluster_name" : "Elastic Cluster",
  "cluster_uuid" : "NuDPakHARaOJOMyi6ABQwA",
  "version" : {
    "number" : "7.14.0",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1",
    "build_date" : "2021-07-29T20:49:32.864135063Z",
    "build_snapshot" : false,
    "lucene_version" : "8.9.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

How to Use Elasticsearch

Use Curl to add data into Elasticsearch:

curl -H 'Content-Type: application/json' -X POST 'http://localhost:9200/tutorial/blog/1' -d '{ "message": "My first blog!" }'

Expected response:

{"_index":"tutorial","_type":"blog","_id":"1","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":0,"_primary_term":1}

Retrieve your data:

curl -X GET 'http://localhost:9200/tutorial/blog/1'

Response:

{"_index":"tutorial","_type":"blog","_id":"1","_version":1,"_seq_no":0,"_primary_term":1,"found":true,"_source":{ "message": "My first blog!" }}

For a formatted output:

curl -X GET 'http://localhost:9200/tutorial/blog/1?pretty'

Output:

{
  "_index" : "tutorial",
  "_type" : "blog",
  "_id" : "1",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "message" : "My first blog!"
  }
}

Conclusion

You’ve successfully installed and configured Elasticsearch on Rocky Linux 8. This setup allows you to efficiently add, read, delete, and update data using Elasticsearch.

FAQs

What is Elasticsearch?
Elasticsearch is an open-source search and analytics engine, useful for quickly searching and analyzing large volumes of data in real time.
Why do I need Java for Elasticsearch?
Elasticsearch is built using Java, and therefore requires a Java environment to run.
How can I start the Elasticsearch service?
Use the command systemctl start elasticsearch to start the service and systemctl enable elasticsearch to have it start on boot.
How can I verify if Elasticsearch is running?
Use systemctl status elasticsearch to check the status or curl -X GET 'http://localhost:9200' to test connectivity and obtain cluster information.
Can I use Elasticsearch for log analytics?
Yes, Elasticsearch is extensively used for log analytics due to its powerful capabilities in handling and querying large-scale log data.