Elastic Stack 8 : Install Elasticsearch2023/08/04

	Install Full-Text search engine [Elasticsearch].
[1]	Install and Run Elasticsearch. Installing Java is not required because integrated Java is included in Elasticsearch.

root@dlp:~#

wget https://artifacts.elastic.co/GPG-KEY-elasticsearch -O /etc/apt/keyrings/GPG-KEY-elasticsearch.key

root@dlp:~#

echo "deb [signed-by=/etc/apt/keyrings/GPG-KEY-elasticsearch.key] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list

root@dlp:~#

apt update

root@dlp:~#

apt -y install elasticsearch

.....
.....
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : 6Ly2oaU0svQWvUs4Y0-a

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service

root@dlp:~#

systemctl enable --now elasticsearch

# verify status
# password is the one that is shown during the installation above

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200

Enter host password for user 'elastic':
{
  "name" : "dlp.srv.world",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "RYicrLvRT3CbSXacD8Xmjg",
  "version" : {
    "number" : "8.9.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "8aa461beb06aa0417a231c345a1b8c38fb498a0d",
    "build_date" : "2023-07-19T14:43:58.555259655Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

[2]	If you use Elasticsearch from other Hosts, refer to the setting for Clustering. It needs to configure the same settings with Clustering even if single node using if receiving requests from other Hosts.

[3]	This is the basic usage of Elasticsearch. Create an Index first, it is like Database on RDB.

# show Index list ([pretty] means it shows JSON with human readable)

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200/_aliases?pretty

Enter host password for user 'elastic':
{
  ".security-7" : {
    "aliases" : {
      ".security" : {
        "is_hidden" : true
      }
    }
  }
}

# create Index

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt -X PUT "https://127.0.0.1:9200/test_index"

Enter host password for user 'elastic':
{"acknowledged":true,"shards_acknowledged":true,"index":"test_index"}

# verify

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200/_aliases?pretty

Enter host password for user 'elastic':
{
  ".security-7" : {
    "aliases" : {
      ".security" : {
        "is_hidden" : true
      }
    }
  },
  "test_index" : {
    "aliases" : { }
  }
}

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200/test_index/_settings?pretty

Enter host password for user 'elastic':
{
  "test_index" : {
    "settings" : {
      "index" : {
        "routing" : {
          "allocation" : {
            "include" : {
              "_tier_preference" : "data_content"
            }
          }
        },
        "number_of_shards" : "1",
        "provided_name" : "test_index",
        "creation_date" : "1691106988536",
        "number_of_replicas" : "1",
        "uuid" : "yW_f_CXpSU6uAqRNpHXyTw",
        "version" : {
          "created" : "8090099"
        }
      }
    }
  }
}

[4]	Define Mapping and insert test data. Mapping defines structure of Index. If inserting data, Mapping will be defined automatically, but it's possible to define manually, of course.

# insert data

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt \
-H "Content-Type: application/json" \
-X PUT "https://127.0.0.1:9200/test_index/_doc/001" -d '{

    "subject" : "Test Post No.1",
    "description" : "This is the initial post",
    "content" : "This is the test message for using Elasticsearch."
}'

{"_index":"test_index","_id":"001","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":0,"_primary_term":1}

# show Mapping

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt "https://127.0.0.1:9200/test_index/_mapping/?pretty"

Enter host password for user 'elastic':
{
  "test_index" : {
    "mappings" : {
      "properties" : {
        "content" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "description" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "subject" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        }
      }
    }
  }
}

# show data

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt "https://127.0.0.1:9200/test_index/_doc/001?pretty"

Enter host password for user 'elastic':
{
  "_index" : "test_index",
  "_id" : "001",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "subject" : "Test Post No.1",
    "description" : "This is the initial post",
    "content" : "This is the test message for using Elasticsearch."
  }
}

# search data
# example of Search conditions below means [description] field includes a word [initial]

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt "https://127.0.0.1:9200/test_index/_search?q=description:initial&pretty=true"

Enter host password for user 'elastic':
{
  "took" : 13,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 0.2876821,
    "hits" : [
      {
        "_index" : "test_index",
        "_id" : "001",
        "_score" : 0.2876821,
        "_source" : {
          "subject" : "Test Post No.1",
          "description" : "This is the initial post",
          "content" : "This is the test message for using Elasticsearch."
        }
      }
    ]
  }
}

Matched Content