Elastic Stack : Install Elasticsearch2025/10/16

	Install Full-Text search engine [Elasticsearch].
[1]	Install and Run Elasticsearch. Installing Java is not required because integrated Java is included in Elasticsearch.

root@dlp:~#

wget https://artifacts.elastic.co/GPG-KEY-elasticsearch -O /etc/apt/keyrings/GPG-KEY-elasticsearch.key

root@dlp:~#

echo "deb [signed-by=/etc/apt/keyrings/GPG-KEY-elasticsearch.key] https://artifacts.elastic.co/packages/9.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-9.x.list

root@dlp:~#

apt update

root@dlp:~#

apt -y install elasticsearch

.....
.....
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : Q_1iL_6EpogFPHYMgMbL

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
Processing triggers for procps (2:4.0.4-9) ...
Processing triggers for systemd (257.8-1~deb13u2) ...

root@dlp:~#

systemctl enable --now elasticsearch

# verify status
# password is the one that is shown during the installation above

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200

Enter host password for user 'elastic':
{
  "name" : "dlp.srv.world",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "ILWDboVHTfG6Hxm6VbFFuw",
  "version" : {
    "number" : "9.1.5",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "90ee222e7e0136dd8ddbb34015538f3a00c129b7",
    "build_date" : "2025-10-02T22:07:12.966975992Z",
    "build_snapshot" : false,
    "lucene_version" : "10.2.2",
    "minimum_wire_compatibility_version" : "8.19.0",
    "minimum_index_compatibility_version" : "8.0.0"
  },
  "tagline" : "You Know, for Search"
}

[2]	If you use Elasticsearch from other Hosts, refer to the setting for Clustering. It needs to configure the same settings with Clustering even if single node using if receiving requests from other Hosts.

[3]	This is the basic usage of Elasticsearch. Create an Index first, it is like Database on RDB.

# show Index list ([pretty] means it shows JSON with human readable)

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200/_aliases?pretty

Enter host password for user 'elastic':
{
  ".security-7" : {
    "aliases" : {
      ".security" : {
        "is_hidden" : true
      }
    }
  }
}

# create Index

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt -X PUT "https://127.0.0.1:9200/test_index"

Enter host password for user 'elastic':
{"acknowledged":true,"shards_acknowledged":true,"index":"test_index"}

# verify

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200/_aliases?pretty

Enter host password for user 'elastic':
{
  ".security-7" : {
    "aliases" : {
      ".security" : {
        "is_hidden" : true
      }
    }
  },
  "test_index" : {
    "aliases" : { }
  }
}

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt https://127.0.0.1:9200/test_index/_settings?pretty

Enter host password for user 'elastic':
{
  "test_index" : {
    "settings" : {
      "index" : {
        "routing" : {
          "allocation" : {
            "include" : {
              "_tier_preference" : "data_content"
            }
          }
        },
        "number_of_shards" : "1",
        "provided_name" : "test_index",
        "creation_date" : "1760572482579",
        "number_of_replicas" : "1",
        "uuid" : "9JxiZ5C7QXq2fC1UliIOCA",
        "version" : {
          "created" : "9033000"
        }
      }
    }
  }
}

[4]	Define Mapping and insert test data. Mapping defines structure of Index. If inserting data, Mapping will be defined automatically, but it's possible to define manually, of course.

# insert data

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt \
-H "Content-Type: application/json" \
-X PUT "https://127.0.0.1:9200/test_index/_doc/001" -d '{

    "subject" : "Test Post No.1",
    "description" : "This is the initial post",
    "content" : "This is the test message for using Elasticsearch."
}'

Enter host password for user 'elastic':
{"_index":"test_index","_id":"001","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":0,"_primary_term":1}

# show Mapping

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt "https://127.0.0.1:9200/test_index/_mapping/?pretty"

Enter host password for user 'elastic':
{
  "test_index" : {
    "mappings" : {
      "properties" : {
        "content" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "description" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "subject" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        }
      }
    }
  }
}

# show data

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt "https://127.0.0.1:9200/test_index/_doc/001?pretty"

Enter host password for user 'elastic':
{
  "_index" : "test_index",
  "_id" : "001",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "subject" : "Test Post No.1",
    "description" : "This is the initial post",
    "content" : "This is the test message for using Elasticsearch."
  }
}

# search data
# example of Search conditions below means [description] field includes a word [initial]

root@dlp:~#

curl -u elastic --cacert /etc/elasticsearch/certs/http_ca.crt "https://127.0.0.1:9200/test_index/_search?q=description:initial&pretty=true"

Enter host password for user 'elastic':
{
  "took" : 57,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 0.2876821,
    "hits" : [
      {
        "_index" : "test_index",
        "_id" : "001",
        "_score" : 0.2876821,
        "_source" : {
          "subject" : "Test Post No.1",
          "description" : "This is the initial post",
          "content" : "This is the test message for using Elasticsearch."
        }
      }
    ]
  }
}

Matched Content