Elasticsearch is a distributed, RESTful search and analytics engine capable of addressing a growing number of use cases. It provides a multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents all with easy installation.
Elasticsearch serves as the heart of the Elastic Stack by storing your data for lightning-fast search, fine‑tuned relevancy, and powerful analytics that scale with ease. With Elasticsearch, you can perform and combine many types of searches giving you the freedom to work as you want.
In this tutorial, we’ll show you how to quickly and easily install and configure Elasticsearch on a single Cloud Server with the possibility to scale out as needed.
Deploying a new Cloud Server
To get started installing Elasticsearch, you will first need to deploy a Cloud Server with Ubuntu 20.04 or 18.04. Log into your UpCloud Control Panel and click the Deploy server button.
If you are new to UpCloud, you can get started by signing up for the free trial.
The deployment page shows a number of options for customizing your new Cloud Server.
- Choose the server location from the available data centres
- Pick a configuration, the €13 per month plan is a good starting point
- Select your operating system e.g. Ubuntu 20.04 or 18.04
- Add any SSH keys you want to use
- Give your server a hostname and description
Deploy!
You can find more in-depth deployment instructions in a separate tutorial.
Installing Elasticsearch
Once your Cloud Server is up and running, connect to it using SSH. Afterwards, you can get started by adding the Elasticsearch repository.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
Next, update the repo lists to include the new source.
sudo apt update
Then install Elasticsearch with the command below.
sudo apt install elasticsearch
When the installation is done, you will likely want to configure Elasticsearch for your use case. Head over to the next section to continue.
Configuring Elasticsearch
After installing Elasticsearch, you are almost ready to get cracking. However, depending on your use case and requirements, you might want to have a look at the settings.
Open the elasticsearch.yml file in a text editor.
sudo nano /etc/elasticsearch/elasticsearch.yml
First things first, you should name your cluster and the node you are configuring.
A node can only join a cluster if it shares the cluster.name with all the other nodes in the cluster. You should name your cluster appropriately to describe the purpose of the cluster.
# -------------------------------- Cluster ---------------------------------- # # Use a descriptive name for your cluster: # cluster.name: example-cluster #
The node.name is used as a human-readable identifier for the nodes in the Elasticsearch cluster. By default, the node.name is set to the hostname of the server but can be configured manually.
# --------------------------------- Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-1 #
By default, Elasticsearch is only accessible from localhost or the IP address 127.0.0.1. If you want to query it from another server or your local computer, you’ll need to set the network.host to an appropriate IP address.
# -------------------------------- Network ---------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # #network.host: 192.168.0.1 #
You also have the option to change the default port 9200 according to your preferences. If you do set a custom port, remember to configure your firewall accordingly.
# By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # #http.port: 9200 # # For more information, consult the network module documentation.
Once you are done with the settings, save the file and exit the editor.
Then start the Elasticsearch service and enable it to start at boot.
sudo systemctl start elasticsearch sudo systemctl enable elasticsearch
The startup might take a few seconds but should complete without issue or output. Afterwards, you can check the status of the service with the following command.
sudo systemctl status elasticsearch
With the Elasticsearch service running, continue with firewall configuration before getting to testing the search.
Configuring firewall rules
If you enabled Elasticsearch on a public network, you should restrict access to the HTTP query port 9200 to just your IP addresses.
Replace the <your-ip-address> in the following command with your public IP or the public IP of another server.
sudo ufw allow from <your-ip-address> to any port 9200
Repeat the above allow command to include other IP addresses from where you want to have access.
Also, make sure to allow SSH connections to make sure you are not locked out from your server.
sudo ufw allow ssh
Then enable the firewall and verify the enabled rules by checking the firewall status.
sudo ufw enable
sudo ufw status
Status: active To Action From -- ------ ---- 9200 ALLOW <your-ip-address> 22 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6)
With the firewall configured, you can be sure unauthorised access attempts won’t get through.
Follow up by testing the Elasticsearch yourself.
Testing the connection
The simplest way to query the Elasticsearch server is to use curl or another similar command-line HTTP tool.
The following example command allows you to get the server details. Note that localhost is only accessible from within the Cloud Server itself. Replace the localhost with the public IP of the Cloud Server if you want to query Elasticsearch from an external source.
curl -X GET 'http://localhost:9200'
{
"name" : "elastic.example.com",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "NCY3941lRtWECJTI_fASlw",
"version" : {
"number" : "7.12.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "3186837139b9c6b6d23c3200870651f10d3343b7",
"build_date" : "2021-04-20T20:56:39.040728659Z",
"build_snapshot" : false,
"lucene_version" : "8.8.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}You can also make further queries using the indexes.
curl -X GET 'http://localhost:9200/_nodes/node-1/name?pretty'
Note the ?pretty parameter at the end which is used to format the output making it easier to read on the command line. Without that, all output will be printed into a single line.
Querying the database
Now that we have a working Elasticsearch node up and running, let’s input some data we can use to test it.
Create a new index with an attached message using the following command.
curl -X POST -H 'Content-Type: application/json' 'localhost:9200/example/helloworld/1?pretty' -d '{ "message": "Hello world!" }'You should get an output similar to the one below to confirm.
{
"_index" : "example",
"_type" : "helloworld",
"_id" : "1",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"_seq_no" : 0,
"_primary_term" : 1
}Query the index directly for the input we just made by using the command below.
curl -X GET -H 'Content-Type: application/json' 'localhost:9200/example/helloworld/1?pretty'
{
"_index" : "example",
"_type" : "helloworld",
"_id" : "1",
"_version" : 1,
"_seq_no" : 0,
"_primary_term" : 1,
"found" : true,
"_source" : {
"message" : "Hello World!"
}
}Search the database for the same data using the query below. The command is split between multiple lines for legibility, copy the whole thing as a single command.
curl -X POST -H 'Content-Type: application/json' 'localhost:9200/_search?pretty' -d'
{
"query": {
"match": {
"_type": "helloworld"
}
}
}'{
"took" : 25,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "example",
"_type" : "helloworld",
"_id" : "1",
"_score" : 1.0,
"_source" : {
"message" : "Hello world!"
}
}
]
}
}The output of the search shows the number of hits your search had and lists the results.
You can also make changes to the data in the previous index.
Edit the index by changing the message with the next command.
curl -X PUT -H "Content-Type: application/json" 'localhost:9200/example/helloworld/1?pretty' -d '{ "message": "Hello again!" }'{
"_index" : "example",
"_type" : "helloworld",
"_id" : "1",
"_version" : 2,
"result" : "updated",
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"_seq_no" : 2,
"_primary_term" : 1
}Then check that the changes were saved by querying the index again. E.g. with the following command.
curl -X GET -H "Content-Type: application/json" 'localhost:9200/example/helloworld/1?pretty'
{
"_index" : "example",
"_type" : "helloworld",
"_id" : "1",
"_version" : 2,
"_seq_no" : 1,
"_primary_term" : 1,
"found" : true,
"_source" : {
"message" : "Hello again!"
}
}If you want to remove the example data, you can remove the index it was stored in.
Delete the index with the command below.
curl -X DELETE 'localhost:9200/example'
All done! Elasticsearch is working great and you should have an idea of the basic queries. Feel free to test the command further to get a better grasp of the search and indexes.
Summary
Congratulations! You should now have a fully working Elasticsearch node up and running. A simple single-node setup is a quick way to get started with Elasticsearch which then offers the possibility to scale up with ease. In practice, interacting with Elasticsearch works the same regardless of the number of nodes thanks to the automated rebalancing and routing.
Elasticsearch scale effortlessly across a cluster of any size making it able to easily handle even millions of events per second. It’s capable of distributing data by dividing indices into shards with optional replicas. Each node hosts one or more shards and acts as a coordinator to delegate operations to an appropriate shard.