Elasticsearch is a great tool for searching large data in real time. It has great support for finding specific information within massive datasets. With other tools like Kibana and Logstash, Elasticsearch can be used for large-scale data aggregation and monitoring.

This Elasticsearch article discusses the installation process of Elasticsearch on Ubuntu 24.04.

Table of Contents:

• How To Install Elasticsearch on Ubuntu 24.04
• Installing the Necessary Dependencies
• Install and Configuring Elasticsearch on Ubuntu 24.04
• Allow Remote Access
• Securing Elasticsearch
• Testing the Elasticsearch
• How to Uninstall the Elasticsearch from Ubuntu 24.04
• Conclusion

1. How To Install Elasticsearch on Ubuntu 24.04

Elasticsearch is by default not available in the default Ubuntu repository, however, you can add its repository by adding and verifying the GPG key. This key will verify the Elasticsearch package you install is from an authentic source and trusted.

Before you can proceed with the Elasticsearch installation, there are some prerequisite packages you need to install on your system.

2. Installing the Necessary Dependencies

Elasticsearch relies on Java to run. Before installing Elasticsearch, let’s verify if Java is already on your Ubuntu system by checking its version.

java -version

This command shows the installed version of Java. If you don’t see any output, Java isn’t installed, and you’ll need to do so before proceeding.

Run the below command to install the Java Runtime Environment (JRE) and OpenJDK Java Development Kit (JDK).

sudo apt install default-jre

sudo apt install openjdk-8-jdk

On Ubuntu-based systems, the default JRE is usually the latest version of OpenJDK. Using JRE, your system runs Java-based programs but doesn’t have the necessary tools for designing them (like a compiler).

The JDK includes the JRE to run Java programs along with additional tools for developing Java applications like compilers.

You can confirm Java installation by running the java -version command.

After setting up the Java, update your system packages:

sudo apt update

Before you can proceed with Elasticsearch installation, you have to install the Apt transport package. This allows access to your repositories using the HTTPS.

sudo apt install apt-transport-https

3. Install and Configuring Elasticsearch

As mentioned earlier, Elasticsearch is by default missing on Ubuntu. So the first step for Elasticsearch installation is to download the GPG key and add it to your system keys list.

First, we’ll import the official Elasticsearch public key into your system’s package manager (APT) using curl. This key verifies the Elasticsearch package during installation:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg

Next, we need to tell your package manager (APT) where to find Elasticsearch packages. We’ll do this by adding the Elastic source list to a special directory called /etc/apt/sources.list.d. This directory is where APT searches for additional software repositories:

echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

After adding the GPG key, update your system packages, so the new keys also get updated in the system configuration:

sudo apt update

Finally, install Elasticsearch using the apt install command:

sudo apt install elasticsearch

After installing Elasticsearch in Ubuntu 24.04 it doesn’t start itself. You’ll need to start it manually. Also, it doesn’t auto-start after you reboot your system. To start it automatically on boot, you have to run the following commands:

First, run this command to reload the systemd configuration:

sudo systemctl daemon-reload

To ensure, Elasticsearch starts automatically whenever you reboot your system. Run this command:

sudo systemctl enable elasticsearch.service

Once Elasticsearch is enabled, simply start it using this command:

sudo systemctl start elasticsearch.service

This will take around a minute to complete, once done you are ready to go. Now it will auto-start whenever you restart your system.

In case you modified the Elasticsearch configuration file, must restart its service using this command:

sudo systemctl restart elasticsearch.service

Similarly, to stop the Elasticsearch service, run:

sudo systemctl stop elasticsearch.service

Finally, check the Elasticsearch status if everything is fine and running:

service elasticsearch status

To exit the above window, press Q.

4. Allow Remote Access

To allow remote access to Elasticsearch, you have to edit its configuration file. The /etc/elasticsearch directory contains the configuration file (elasticsearch.yml) and it carries most settings.

Open this file using any preferred text editor like nano:

sudo nano /etc/elasticsearch/elasticsearch.yml

By default, Elasticsearch listens for incoming connections on port 9200 from any location. This can cause a system security risk. As any unauthorized user can access and manipulate your data. To prevent this, we are going to limit it to only local machines.

After opening the Elasticsearch configuration file, find the line containing network.host and uncomment it. Now change the value after network.host to localhost. This will make sure that Elasticsearch only listens to the local machine requests.

While we’ve set network.host to localhost for local access only. But you can also configure Elasticsearch to listen to a specific network interface if needed.

Instead of localhost, define the IP of the desired interface. This allows Elasticsearch to accept connections only from that specific network adapter.

After doing all the changes, save and quit the file.

5. Securing Elasticsearch

If you are going to use remote access with Elastic search, then it’s recommended to configure the UFW firewall and create some rules.

You can verify if UFW is already enabled by running:

sudo ufw status

If UFW is disabled, enable it by running:

sudo ufw enable

By default, UFW blocks all incoming traffic. To allow SSH access (usually on port 22), run:

sudo ufw allow 22

Now allow remote access to port 9200. Elasticsearch will listen to this port for any incoming requests:

sudo ufw allow from external_IP to any port 9200

Replace your local remote machine IP in the above command.

Finally, check if the UFW rule is added or not:

sudo ufw status

6. Testing the Elasticsearch

The Elasticsearch is configured and working, let’s test it working by sending a simple HTTP request to the local machine. Elasticsearch listens for requests on port 9200 by default. We can use curl to send a simple HTTP request and see if we receive a response from the service:

curl localhost:9200

If Elasticsearch is running and accessible, you should see a response containing information about the Elasticsearch cluster, such as its name, version, and health status.

7. How to Uninstall the Elasticsearch from Ubuntu 24.04

To uninstall Elasticsearch from Ubuntu 24.04 first stop the Elasticsearch service using this command:

sudo systemctl stop elasticsearch

Now that the service is stopped, remove the package using:

sudo apt remove --purge elasticsearch

The –purge flag removes any configuration files along with the package.

By default, uninstalling the package might leave some directories behind. These directories contain data and configuration. You can remove them manually if you’re sure you don’t need them:

sudo rm -rf /var/lib/elasticsearch

sudo rm -rf /etc/elasticsearch

Conclusion

To install Elasticsearch in Ubuntu 24.04 you have to add the Elasticsearch package source. By default, it is not available in Ubuntu’s default repository. To add the package source, download and add the GPG key to the Ubuntu keys list. Once done, you can proceed with the Elastic search installation. Before installation, ensure Java is available on your Ubuntu system. After installation, define the IP address of the local machine and allow it through the UFW firewall so it can access the Elasticsearch database.