Elasticsearch

Installation

Ubuntu/Debian

# Update package manager
sudo apt update
 
# Install Java (required)
sudo apt install openjdk-11-jdk -y
 
# Add Elasticsearch repository GPG key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
 
# Add Elasticsearch repository
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
 
# Update package manager
sudo apt update
 
# Install Elasticsearch
sudo apt install elasticsearch -y
 
# Start and enable Elasticsearch
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
 
# Verify installation
sudo systemctl status elasticsearch
curl http://localhost:9200

CentOS/RHEL

# Install Java
sudo yum install java-11-openjdk -y
 
# Add Elasticsearch repository
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo nano /etc/yum.repos.d/elasticsearch.repo
 
# Add repository content
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh_on_metadata_change=true
 
# Install Elasticsearch
sudo yum install elasticsearch -y
 
# Start and enable Elasticsearch
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Docker Installation

# Pull Elasticsearch image
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.14.0
 
# Run container
docker run -d --name elasticsearch \
  -e discovery.type=single-node \
  -p 9200:9200 \
  -p 9300:9300 \
  docker.elastic.co/elasticsearch/elasticsearch:7.14.0

Service Management

# Start Elasticsearch
sudo systemctl start elasticsearch
 
# Stop Elasticsearch
sudo systemctl stop elasticsearch
 
# Restart Elasticsearch
sudo systemctl restart elasticsearch
 
# Check status
sudo systemctl status elasticsearch
 
# View logs
sudo tail -f /var/log/elasticsearch/elasticsearch.log

Cluster Health Check

# Check cluster health
curl http://localhost:9200/_cluster/health?pretty
 
# Check nodes
curl http://localhost:9200/_nodes?pretty
 
# Get cluster information
curl http://localhost:9200/?pretty
 
# Get indices
curl http://localhost:9200/_cat/indices?v

Index Management

# Create index
curl -X PUT http://localhost:9200/index_name
 
# Delete index
curl -X DELETE http://localhost:9200/index_name
 
# Get index information
curl http://localhost:9200/index_name?pretty
 
# List all indices
curl http://localhost:9200/_cat/indices?v
 
# Get index settings
curl http://localhost:9200/index_name/_settings?pretty
 
# Get index mappings
curl http://localhost:9200/index_name/_mapping?pretty

Document Management

# Index document
curl -X POST http://localhost:9200/index_name/_doc \
  -H 'Content-Type: application/json' \
  -d '{
    "field1": "value1",
    "field2": "value2"
  }'
 
# Get document
curl http://localhost:9200/index_name/_doc/document_id
 
# Update document
curl -X POST http://localhost:9200/index_name/_doc/document_id/_update \
  -H 'Content-Type: application/json' \
  -d '{
    "doc": {
      "field1": "new_value"
    }
  }'
 
# Delete document
curl -X DELETE http://localhost:9200/index_name/_doc/document_id

Search

# Simple search
curl http://localhost:9200/index_name/_search?q=field:value
 
# Search with query
curl -X POST http://localhost:9200/index_name/_search \
  -H 'Content-Type: application/json' \
  -d '{
    "query": {
      "match": {
        "field": "value"
      }
    }
  }'
 
# Count documents
curl http://localhost:9200/index_name/_count

Configuration

Elasticsearch Configuration File

# Main configuration
sudo nano /etc/elasticsearch/elasticsearch.yml

Important Settings

# Cluster name
cluster.name: my-cluster
 
# Node name
node.name: node-1
 
# Network settings
network.host: 0.0.0.0
http.port: 9200
 
# Discovery settings
discovery.seed_hosts: ["127.0.0.1"]
cluster.initial_master_nodes: ["node-1"]
 
# Heap size
-Xms1g
-Xmx1g

Apply Configuration Changes

# Edit config file
sudo nano /etc/elasticsearch/elasticsearch.yml
 
# Restart Elasticsearch
sudo systemctl restart elasticsearch

Firewall Configuration

# UFW (Ubuntu)
sudo ufw allow 9200
sudo ufw allow 9300
 
# Firewalld (CentOS)
sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=9300/tcp
sudo firewall-cmd --reload

Backup & Restore

# Create snapshot repository
curl -X PUT http://localhost:9200/_snapshot/my_backup \
  -H 'Content-Type: application/json' \
  -d '{
    "type": "fs",
    "settings": {
      "location": "/var/backups/elasticsearch"
    }
  }'
 
# Create snapshot
curl -X PUT http://localhost:9200/_snapshot/my_backup/snapshot_name
 
# List snapshots
curl http://localhost:9200/_snapshot/my_backup/_all?pretty
 
# Restore snapshot
curl -X POST http://localhost:9200/_snapshot/my_backup/snapshot_name/_restore

Performance Tuning

# Increase thread pool
echo "thread_pool.write.queue_size: 1000" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
 
# Adjust refresh interval
curl -X PUT http://localhost:9200/index_name/_settings \
  -H 'Content-Type: application/json' \
  -d '{
    "index": {
      "refresh_interval": "30s"
    }
  }'

Uninstall

Ubuntu/Debian

# Stop Elasticsearch
sudo systemctl stop elasticsearch
 
# Remove Elasticsearch
sudo apt remove elasticsearch -y
sudo apt autoremove -y
 
# Remove data
sudo rm -rf /var/lib/elasticsearch
sudo rm -rf /var/log/elasticsearch
sudo rm -rf /etc/elasticsearch

CentOS/RHEL

# Stop Elasticsearch
sudo systemctl stop elasticsearch
 
# Remove Elasticsearch
sudo yum remove elasticsearch -y
 
# Remove data
sudo rm -rf /var/lib/elasticsearch
sudo rm -rf /var/log/elasticsearch

Grafana SonarQube