Elasticsearch

Elasticsearch is a full-text search and analysis engine. This tool indexes and stores the data, making it easier and more efficient to search and manage.

I. Install Elasticsearch with Docker

Add the following elasticsearch8 service to docker-compose.yml:

elasticsearch8:
  image: docker.asseco-ce.com/samo/server/samo-elasticsearch:8.12.2
  restart: always
  environment:
    - discovery.type=single-node
    - cluster.routing.allocation.disk.threshold_enabled=false
    - xpack.security.enabled=false
    - action.auto_create_index=.security*,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,metricbeat-*,.kibana,apm-*
    - ES_JAVA_OPTS=-Xms6g -Xmx6g
    - bootstrap.memory_lock=true
  ports:
    - "${es_port}:9200"
  privileged: true
  volumes:
    - ${data_dir}/elasticsearch8:/usr/share/elasticsearch/data

II. Install Elasticsearch on Ubuntu Server

1. Install Java

sudo apt update && sudo apt install openjdk-17-jdk -y

info

Java 11 or above is required for Elasticsearch 8.x.

2. Install Elasticsearch

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list

3. Configure Elasticsearch

Edit the Elasticsearch configuration file:

sudo nano /etc/elasticsearch/elasticsearch.yml

Modify or add the following lines:

# Allow Elasticsearch to run in single-node mode
discovery.type: single-node

# Disable disk allocation threshold
cluster.routing.allocation.disk.threshold_enabled: false

# Disable security features (authentication & SSL)
xpack.security.enabled: false

# Auto-create index settings (same as Docker config)
action.auto_create_index: .security*,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,metricbeat-*,.kibana,apm-*

# Allow more memory for Elasticsearch
bootstrap.memory_lock: true

4. Set JVM Heap Size

By default, Elasticsearch allocates 1GB of RAM, but the recommended setup specifies 6GB.

sudo nano /etc/elasticsearch/jvm.options

Find these lines:

-Xms1g
-Xmx1g

Change them to:

-Xms6g
-Xmx6g

tip

Set -Xms and -Xmx to the same value to avoid JVM heap resizing overhead. The heap size should not exceed 50% of available RAM.

5. Set Memory Lock (Prevents Swapping)

Enable memory locking:

sudo nano /usr/lib/systemd/system/elasticsearch.service

Find this line and ensure it's uncommented:

LimitMEMLOCK=infinity

info

If the line is commented out (starts with #), remove the # to enable it.

6. Start and Enable Elasticsearch

Run:

sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

tip

Use sudo systemctl status elasticsearch to verify the service is running correctly.

I. Install Elasticsearch with Docker​

II. Install Elasticsearch on Ubuntu Server​

1. Install Java​

2. Install Elasticsearch​

3. Configure Elasticsearch​

4. Set JVM Heap Size​

5. Set Memory Lock (Prevents Swapping)​

6. Start and Enable Elasticsearch​