This guide explains how to install and use Elasticsearch 8.x on Rocky Linux 9|AlmaLinux 9. Elasticsearch is a distributed, free, and open search analytics engine built on Apache Lucene and has simple REST APIs. The data analyzed by Elasticsearch include:- text, numeric data, geospatial, structured, and unstructured data.
Elasticsearch is preferred due to its distributed nature, speed of search, and scalability, and forms the core of Elastic Stack. Elastic Stack defines the basis of data ingestion, data enrichment, data storage, data analysis, and data visualization. Elastic Stack is simply abbreviated as ELK Stack (after Elasticsearch, Logstash, and Kibana). As of this article, the latest Elasticsearch release is version 8.17.0.
Elasticsearch use cases
Some key use cases include the following:-
- Application search
- Website search
- Business analytics
- Security analytics
- Geospatial data analysis and visualization
- Logging and log analytics
- Application performance monitoring
- Infrastructure metrics and container monitoring
Elasticsearch, kibana, and Logstash marriage
Kibana is a UI data visualization and analytic platform for real-time histograms, line graphs, pie charts, and maps. It is a management tool for Elasticsearch. Kibana is one of the core products of the Elastic Stack. The products in the Elastic Stack are designed to be used together.
Logstash another product of Elastic Stack is used to aggregate and process data and send it to Elasticsearch. It is a server-side data processing pipeline for data ingestion to Elasticsearch from multiple sources simultaneously. The three Elastic Stack components i.e Logstash, Kibana, and Elasticsearch work hand-in-hand.
Setup pre-requisites
When installing Elastic Stack, you must install the same version across the stack i.e if you are using elastic search version 8.x, ensure you also install Kibana version 8.x, logstash 8.x, etc.
Ensure your systems meets the following requirements:
- At least 2GB of RAM
- 20GB Hard disk
- See Supported Platforms
- A sudo user account
- Stable internet access
- JAVA preferably OpenJDK or JVM
Install Elasticsearch from the official yum repo
The rpm package is available for installation from the official website or from the YUM repository.
Step 1: Update the system
Update the system to refresh the packages.
sudo dnf update -yStep 2: Install JAVA runtime
Elasticsearch depends on JAVA to run. Install JAVA with the following command.
dnf install java-11-openjdk-develVerify JAVA version installed:
$ java -version
openjdk version "11.0.25" 2024-10-15 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.25.0.9-1) (build 11.0.25+9-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.25.0.9-1) (build 11.0.25+9-LTS, mixed mode, sharing)Step 3: Install Elasticsearch 8.x
To begin with, import the Elasticsearch GPG key:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearchThen add Elasticsearch yum repository:
cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elastic repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOFClean and update your YUM package index for changes to take effect.
sudo yum clean all
sudo yum makecacheInstall Elasticsearch in Rocky Linux 9 | AlmaLinux 9
sudo dnf install --enablerepo=elasticsearch elasticsearchSample output from the command execution.
Last metadata expiration check: 0:00:48 ago on Thu 16 Jan 2025 06:37:30 PM EAT.
Dependencies resolved.
===============================================================================================================================================================================
Package Architecture Version Repository Size
===============================================================================================================================================================================
Installing:
elasticsearch x86_64 8.17.0-1 elasticsearch 607 M
Transaction Summary
===============================================================================================================================================================================
Install 1 Package
Total download size: 607 M
Installed size: 1.1 G
Is this ok [y/N]: yThis is a huge package. Give it a moment to install.
To download and install the Elasticsearch rpm package manually, run the commands:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.17.0-x86_64.rpm
**** Install the RPM after download ****
sudo rpm --install elasticsearch-8.17.1-x86_64.rpmConfirm Elasticsearch installation.
rpm -qi elasticsearchThe command output.
Name : elasticsearch
Epoch : 0
Version : 8.17.0
Release : 1
Architecture: x86_64
Install Date: Thu 16 Jan 2025 06:39:36 PM EAT
Group : Application/Internet
Size : 1210192603
License : Elastic License
Signature : RSA/SHA512, Wed 11 Dec 2024 05:23:40 PM EAT, Key ID d27d666cd88e42b4
Source RPM : elasticsearch-8.17.0-1-src.rpm
Build Date : Wed 11 Dec 2024 03:15:26 PM EAT
Build Host : bk-agent-prod-gcp-1733918713820850043
Relocations : /usr
Packager : Elasticsearch
Vendor : Elasticsearch
URL : https://www.elastic.co/
Summary : Distributed RESTful search engine built for the cloud
Description :
Reference documentation can be found at
https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html
and the 'Elasticsearch: The Definitive Guide' book can be found at
https://www.elastic.co/guide/en/elasticsearch/guide/current/index.htmlStep 4: Configure Elasticsearch
Edit the Elasticsearch YAML file located on /etc/elasticsearch/elasticsearch.yml. Locate the cluster.name and node.name and uncomment the lines. Then set the following parameters.
sudo vim /etc/elasticsearch/elasticsearch.ymlEdit your details.
cluster.name: CloudSpinx-cluster
node.name: node-1
path.data: /var/lib/elasticsearch
network.host: 127.0.0.1Start and enable Elasticsearch service on boot.
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearchCheck the status of the elasticsearch service.
$ systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; preset: disabled)
Active: active (running) since Thu 2025-01-16 18:45:16 EAT; 14s ago
Docs: https://www.elastic.co
Main PID: 28352 (java)
Tasks: 72 (limit: 36004)
Memory: 3.2G
CPU: 34.779s
CGroup: /system.slice/elasticsearch.service
├─28352 /usr/share/elasticsearch/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=/usr/share/elasticsearch/bin/elasticsearch -Dcli.lib>
├─28410 /usr/share/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.he>
└─28430 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Jan 16 18:44:29 rocky9.cloudspinx.com systemd[1]: Starting Elasticsearch...
Jan 16 18:45:16 rocky9.cloudspinx.com systemd[1]: Started Elasticsearch.Step 5: Install Kibana
Just as Elasticsearch installation using RPM, you will install Kibana on your machine the same way.
Download and install the public signing key
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearchCreate Kibana repo file in the /etc/yum.repos.d/ directory
sudo vim /etc/yum.repos.d/kibana.repoPaste the following code.
[kibana]
name=Kibana repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md Note you have installed the same version of Kibana 8.x as Elasticsearch. Save and exit your editor.
Install Kibana:
sudo dnf update -y
sudo dnf install kibanaSample output:
Last metadata expiration check: 0:15:19 ago on Thu 16 Jan 2025 06:37:30 PM EAT.
Dependencies resolved.
===============================================================================================================================================================================
Package Architecture Version Repository Size
===============================================================================================================================================================================
Installing:
kibana x86_64 8.17.0-1 elasticsearch 333 M
Transaction Summary
===============================================================================================================================================================================
Install 1 Package
Total download size: 333 M
Installed size: 989 M
Is this ok [y/N]: yStart and enable the Kibana service.
sudo systemctl enable kibana
sudo systemctl start kibanaCheck the status of the Kibana installation
$ systemctl status kibana
[root@rocky9 ~]# systemctl status kibana
● kibana.service - Kibana
Loaded: loaded (/usr/lib/systemd/system/kibana.service; enabled; preset: disabled)
Active: active (running) since Thu 2025-01-16 18:55:02 EAT; 16s ago
Docs: https://www.elastic.co
Main PID: 31930 (node)
Tasks: 11 (limit: 36004)
Memory: 379.1M
CPU: 8.871s
CGroup: /system.slice/kibana.service
└─31930 /usr/share/kibana/bin/../node/glibc-217/bin/node /usr/share/kibana/bin/../src/cli/dist
Jan 16 18:55:02 rocky9.cloudspinx.com kibana[31930]: Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see htt>
Jan 16 18:55:03 rocky9.cloudspinx.com kibana[31930]: {"log.level":"info","@timestamp":"2025-01-16T15:55:03.171Z","log.logger":"elastic-apm-node","ecs.version":"8.10.0","agent>
Jan 16 18:55:03 rocky9.cloudspinx.com kibana[31930]: Native global console methods have been overridden in production environment.
Jan 16 18:55:04 rocky9.cloudspinx.com kibana[31930]: [2025-01-16T18:55:04.629+03:00][INFO ][root] Kibana is startingElasticsearch and Kibana UI are now installed on Rocky Linux 9 | AlmaLinux 9. Logstash installation instructions can be found on the official elasticsearch website. The installation process is basically the same as the Kibana installation.
Configure Kibana.
$ sudo vi /etc/kibana/kibana.yml
server.port: 5601
server.host: "localhost"
server.name: "kibana.example.com"
elasticsearch.host: "http://localhost:9200"After changes are made, enable and start the kibana service.
sudo systemctl enable --now kibana
sudo systemctl start kibanaStep 6: Allow ports through the firewall
Allow ports 9200 and 5601 through the firewall.
sudo firewall-cmd --permanent --zone=public --add-port={9200/tcp,5601/tcp}
sudo firewall-cmd --reloadStep 7: Using Kibana to test Elasticsearch
The configuration file for Kibana UI is /etc/kibana/kibana.yml. Kibana is served by a back-end server on server port: 5601. To access the Kibana UI for Elasticsearch configuration, type the address http://your_server_ip:5601 on your web browser.
This gives the following output.
You will be required to paste the enrollment token from the terminal to configure Elastic or to manually configure the Elastic. The enrollment token is automatically generated when you start Elasticsearch for the first time. You might need to scroll back a bit in the terminal to view it.
To generate a new enrollment token, run the following command from the Elasticsearch installation directory:
cd /usr/share/elasticsearch
bin/elasticsearch-create-enrollment-token --scope kibanaConclusion
This concludes the article on how to Install and use Elasticsearch 8.x on Rocky Linux 9 | AlmaLinux 9. Read more on Elasticsearch Documentation. I hope the article was an eye-opener for you. Note that you need to generate an enrollment token from your terminal to configure elastic search once you access it via the web browser.
More Resources.
