ElasticSearch - Installation

Elasticsearch is a distributed search and analytics engine, scalable data store, and vector database built on Apache Lucene. It’s optimized for speed and relevance on production-scale workloads. Use Elasticsearch to search, index, store, and analyze data of all shapes and sizes in near real time. Kibana is the graphical user interface for Elasticsearch. It’s a powerful tool for visualizing and analyzing your data, and for managing and monitoring the Elastic Stack.

Elasticsearch is the heart of the Elastic Stack. Combined with Kibana, it powers these Elastic solutions and use cases:

• Elasticsearch: Build powerful search and RAG applications using Elasticsearch's vector database, AI toolkit, and advanced retrieval capabilities.
• Observability: Resolve problems with open, flexible, and unified observability powered by advanced machine learning and analytics.
• Security: Detect, investigate, and respond to threats with AI-driven security analytics to protect your organization at scale.

 

1. Download the installation file from https://www.elastic.co/downloads/elasticsearch.

2. Extract the .tar.gz file:

zzh@ZZHPC:~/Downloads$ tar -xzf elasticsearch-9.0.0-linux-x86_64.tar.gz

zzh@ZZHPC:~/Downloads$ mv elasticsearch-9.0.0 sfw

3. Start ElasticSearch:

zzh@ZZHPC:~/Downloads/sfw/elasticsearch-9.0.0/bin$ ./elasticsearch

 

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.

ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
X5xc8Ewz9_5sifJ-3umO

ℹ️ HTTP CA certificate SHA-256 fingerprint:
e2f48d612ed24a40f7559f4aa1b7dbf2f953f0361b185db6218f9ab67c2eb19e

ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTkyLjE2OC4xLjE2OjkyMDAiXSwiZmdyIjoiZTJmNDhkNjEyZWQyNGE0MGY3NTU5ZjRhYTFiN2RiZjJmOTUzZjAzNjFiMTg1ZGI2MjE4ZjlhYjY3YzJlYjE5ZSIsImtleSI6IlA1OTNRcFlCWG95ajIxMGNQdndyOnd6ZERvU1NlTjBjTUFtbzByMTdTekEifQ==

ℹ️ Configure other nodes to join this cluster:
• On this node:
⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
⁃ Restart Elasticsearch.
• On other nodes:
⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

 

4. Visit https://localhost:9200 with the above user and password:

 

5. First Search in Elasticsearch

✅ Step 1: Add a document (indexing)

Let’s add a document to an index called test.

curl -X POST "https://localhost:9200/test/_doc/1" \
--user elastic:X5xc8Ewz9_5sifJ-3umO \
--insecure \
-H "Content-Type: application/json" \
-d '{
  "message": "Hello world from Elasticsearch",
  "user": "frank",
  "timestamp": "2025-04-17T10:00:00"
}'

✔️ This creates a document with ID 1 in an index called test.

{
    "_index": "test",
    "_id": "1",
    "_version": 2,
    "result": "updated",
    "_shards": {
        "total": 2,
        "successful": 1,
        "failed": 0
    },
    "_seq_no": 1,
    "_primary_term": 2
}

(I ran the command twice and the response is of the second time. Not sure if it is the same with the first time.)

🔎 Step 2: Search for "hello"

Now do a basic full-text search:

curl -X GET "https://localhost:9200/test/_search" \
--user elastic:X5xc8Ewz9_5sifJ-3umO \
--insecure \
-H "Content-Type: application/json" \
-d '{
  "query": {
    "match": {
      "message": "hello"
    }
  }
}'

Response:

{
    "took": 55,
    "timed_out": false,
    "_shards": {
        "total": 1,
        "successful": 1,
        "skipped": 0,
        "failed": 0
    },
    "hits": {
        "total": {
            "value": 1,
            "relation": "eq"
        },
        "max_score": 0.2876821,
        "hits": [
            {
                "_index": "test",
                "_id": "1",
                "_score": 0.2876821,
                "_source": {
                    "message": "Hello world from Elasticsearch",
                    "user": "frank",
                    "timestamp": "2025-04-17T10:00:00"
                }
            }
        ]
    }
}

 

🔐 Need to Reset Your Password?

If you lost the password, you can reset it like this (run inside the Elasticsearch folder):

./bin/elasticsearch-reset-password -u elastic