Eleasticsearch is a powerful search engine, based on the Lucene library, that provides a distributed, multitenant-capable, full-text search engine. With an HTTP web interface and schema-free JSON documents, Elasticsearch might well be ideal solution for the visualization of your company data.
I’m going to walk you through the process of installing Elasticsearch on Ubuntu 18.04.
SEE: Securing Linux policy (Tech Pro Research)
What you need
All you will need is a running instance of Ubuntu Server 18.04 and a user account with sudo privileges.
Update/upgrade
The first thing to do is update and upgrade your server. Do note that, should the kernel be updated in the process, a restart of the server will be required. Because of this, run the update/upgrade process during a time when an update is possible.
To run the update/upgrade process, log into your Ubuntu server and issue the following command:
sudo apt-update
sudo apt-get upgrade -y
Install dependencies
Elasticsearch depends on Java. Issue the follow commands to install the dependency:
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer -y
Install and configure Elasticsearch
To install Elasticsearch, issue the following commands:
cd /tmp
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.2.deb
sudo dpkg -i elasticsearch-6.3.2.deb
Open the Elasticsearch configuration file with the command:
sudo nano /etc/elasticsearch/elasticsearch.yml
Locate the line:
# network.host: 192.168.0.1
Remove the comment (the # character) and change the IP Address to that of your hosting server. Save and close that file.
Finally, start and enable the service with the command:
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
Point a web browser to http://SERVER_IP:9200/_cat/health?v (where SERVER_IP is the IP address of your hosting server). You should see similar output as that shown in Figure A.
Figure A
Install and configure Kibana
Now we’re going to install the Kibana Dashboard, which can display the results of Elasticsearch. This is done with the following steps:
cd /tmp
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-amd64.deb
sudo dpkg -i kibana-6.3.2-amd64.deb
Configure Kibana by opening the configuration file with the command:
sudo nano /etc/kibana/kibana.yml
Locate the following lines:
#server.host: "localhost"
#elasticsearch.url: "http://localhost:9200"
Change those lines to:
server.host: "SERVER_IP"
elasticsearch.url: "http://SERVER_IP:9200"
where SERVER_IP is the IP address of your hosting server.
Save and close that file.
Finally, issue the following command:
sudo sysctl -w vm.max_map_count=262144
Reboot the server. Once the server reboots, start and enable the Kibana service with the commands:
sudo systemctl enable kibana.service
sudo systemctl start kibana.service
Open the dashboard
You can now point your browser to http://SERVER_IP:5601 to view the Kibana Dashboard (Figure B).
Figure B
There’s one final step to take.
Install and configure Logstash
We now need the means to add data into Elasticsearch. This will be done with Logstash. To install this tool, issue the commands:
cd /tmp
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.deb
sudo dpkg -i logstash-6.3.2.deb
Open the Logstash configuration file with the command:
sudo nano /etc/logstash/logstash.yml
Change the following line:
# http.host: "127.0.0.1"
Remove the # character and change the IP address to your hosting server IP. Save and close that file.
Start and enable the Logstash service with the commands:
sudo systemctl enable logstash.service
sudo systemctl start logstash.service
Point your browser to http://SERVER_IP:5601, and you are ready to begin working. Congratulations, you now have a powerful search engine installed and ready to go. I highly recommend you head over to the official Elasticsearch documentation to learn more on how to create searches.
