How to install Elasticsearch on Linux Server

Elasticsearch is one of the components of ELK, which is commonly used for log analytics, full-text search, security intelligence, and business analytics.Elasticsearch requires JAVA 8. It is highly recommended that you should use Oracle JDK, which is higher than JDK version 1.8.0_131.

For simplicity, you can use RPM file to install Elasticsearch. In my case, I will prefer to install it from “TAR” file in order to define another installation directory. All index and binary file will be kept under “/appdata” directory. However, if you prefer to install from RPM or DEB base package, you do not need to follow those steps. Just download binaries from this link and perform the installation.

To Perform default Installation Steps:

#rpm -ivh <logstash_package_name>
#dpkg -i <logstash_package_name>


Manual Installation Steps

Step 1: Install JDK

Download JDK from this link and extract binaries under /usr/local/java. Then create symbolic links with “ln -s” command.

#mkdir  /usr/loca/java
#cp <jdk.tar.gz> /usr/loca/java
#cd /usr/loca/java
#tar  -xzvf  <jdk.tar.gz>
#unlink  java
#ln  -s  /usr/local/java/jdk1.8.0_171/bin/java /usr/bin/java
#java  -version

Step 2: Download and extract tar file

#curl -L -O
#cp  elasticsearch-6.4.2.tar.gz /appdata
#tar -xvf elasticsearch-6.4.2.tar.gz

Step 3: Create Service file and start service

I have installed binaries under /appdata mount point. You should check your configuration. If you have installed to another directory you should edit this script and change /appdata to yours.

#vi  /usr/lib/systemd/system/elasticsearch.service

ExecStart=/appdata/elasticsearch/bin/elasticsearch \
-p ${PID_DIR}/ \

# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# elasticsearch logging system is initialized. Elasticsearch
# stores its logs in /var/log/elasticsearch and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
# Specifies the maximum file descriptor number that can be opened by this process
# Specifies the maximum number of bytes of memory that may be locked into RAM
# Set to "infinity" if you use the 'bootstrap.memory_lock: true' option
# in elasticsearch.yml and 'MAX_LOCKED_MEMORY=unlimited' in /etc/sysconfig/elasticsearch
# Disable timeout logic and wait until process is stopped
# SIGTERM signal is used to stop the Java process
# Java process is never killed
# When a JVM receives a SIGTERM signal it exits with code 143
# Built for distribution-5.4.0 (distribution)

Step 4: Change  Elasticsearch YML file

I only edited these configuration sets. Please check configuration file and edit, as you need.

Data Path: /appdata/elasticsearch/data

Log Path: /appdata/elasticsearch/logs

Listen Network: localhost

Port: 9200

# cat /appdata/elasticsearch/config/elasticsearch.yml |grep  -v  '#' <strong>/appdata/elasticsearch/data</strong>
path.logs: /appdata/elasticsearch/logs
http.port: 9200 

Step 5: Start Elasticsearch

#systemctl enable elasticsearch
#systemctl start elasticsearch


I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me