Elasticsearch is one of the components of ELK, which is commonly used for log analytics, full-text search, security intelligence, and business analytics.Elasticsearch requires JAVA 8. It is highly recommended that you should use Oracle JDK, which is higher than JDK version 1.8.0_131.
For simplicity, you can use RPM file to install Elasticsearch. In my case, I will prefer to install it from “TAR” file in order to define another installation directory. All index and binary file will be kept under “/appdata” directory. However, if you prefer to install from RPM or DEB base package, you do not need to follow those steps. Just download binaries from this link and perform the installation.
To Perform default Installation Steps:
RPM: #rpm -ivh <logstash_package_name> DEB: #dpkg -i <logstash_package_name>
Manual Installation Steps
Step 1: Install JDK
Download JDK from this link and extract binaries under /usr/local/java. Then create symbolic links with “ln -s” command.
#mkdir /usr/loca/java #cp <jdk.tar.gz> /usr/loca/java #cd /usr/loca/java #tar -xzvf <jdk.tar.gz> #unlink java #ln -s /usr/local/java/jdk1.8.0_171/bin/java /usr/bin/java #java -version
Step 2: Download and extract tar file
#curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.2.tar.gz #cp elasticsearch-6.4.2.tar.gz /appdata #tar -xvf elasticsearch-6.4.2.tar.gz
Step 3: Create Service file and start service
I have installed binaries under /appdata mount point. You should check your configuration. If you have installed to another directory you should edit this script and change /appdata to yours.
#vi /usr/lib/systemd/system/elasticsearch.service [Unit] Description=Elasticsearch Wants=network-online.target After=network-online.target [Service] Environment=ES_HOME=/appdata/elasticsearch Environment=CONF_DIR=/appdata/elasticsearch/config Environment=DATA_DIR=/appdata/elasticsearch/data Environment=LOG_DIR=/appdata/elasticsearch/logs Environment=PID_DIR=/var/run/elasticsearch EnvironmentFile=-/appdata/elasticsearch/config WorkingDirectory=/appdata/elasticsearch User=appuser Group=appgroup ExecStart=/appdata/elasticsearch/bin/elasticsearch \ -p ${PID_DIR}/elasticsearch.pid \ --quiet # StandardOutput is configured to redirect to journalctl since # some error messages may be logged in standard output before # elasticsearch logging system is initialized. Elasticsearch # stores its logs in /var/log/elasticsearch and does not use # journalctl by default. If you also want to enable journalctl # logging, you can simply remove the "quiet" option from ExecStart. StandardOutput=journal StandardError=inherit # Specifies the maximum file descriptor number that can be opened by this process LimitNOFILE=65536 # Specifies the maximum number of bytes of memory that may be locked into RAM # Set to "infinity" if you use the 'bootstrap.memory_lock: true' option # in elasticsearch.yml and 'MAX_LOCKED_MEMORY=unlimited' in /etc/sysconfig/elasticsearch LimitMEMLOCK=infinity # Disable timeout logic and wait until process is stopped TimeoutStopSec=0 # SIGTERM signal is used to stop the Java process KillSignal=SIGTERM # Java process is never killed SendSIGKILL=no # When a JVM receives a SIGTERM signal it exits with code 143 SuccessExitStatus=143 [Install] WantedBy=multi-user.target # Built for distribution-5.4.0 (distribution)
Step 4: Change Elasticsearch YML file
I only edited these configuration sets. Please check configuration file and edit, as you need.
Data Path: /appdata/elasticsearch/data
Log Path: /appdata/elasticsearch/logs
Listen Network: localhost
Port: 9200
# cat /appdata/elasticsearch/config/elasticsearch.yml |grep -v '#' path.data: <strong>/appdata/elasticsearch/data</strong> path.logs: /appdata/elasticsearch/logs network.host: 127.0.0.1 http.port: 9200
Step 5: Start Elasticsearch
#systemctl enable elasticsearch #systemctl start elasticsearch