Share on Social Media

Unleash the power of search by learning how to install Elasticsearch on Rocky Linux 9! This step-by-step guide walks you through the installation process, empowering you to set up your own search engine for data analysis. #centlinux #linux #elasticsearch

What is Elasticsearch?

Elasticsearch is an open-source, distributed search and analytics engine built on top of Apache Lucene. It’s designed to handle large volumes of data and provide lightning-fast search capabilities along with advanced data analysis and visualization features. Elasticsearch is often used for various purposes, including full-text search, log and event data analysis, monitoring, and business intelligence.

Key Features of Elasticsearch

Full-Text Search: Elasticsearch excels at full-text search, allowing you to search through large volumes of text-based data quickly and accurately.
Distributed and Scalable: Elasticsearch is designed to be distributed and horizontally scalable. This means that you can add more machines to your Elasticsearch cluster as your data grows, ensuring that performance remains consistent.
Near Real-Time Search: Elasticsearch provides near real-time search capabilities. This means that data indexed into Elasticsearch is searchable almost immediately after it’s added, making it suitable for applications that require up-to-date information.
Document-Oriented: Elasticsearch stores data in JSON documents. Each document represents a piece of data, and these documents are organized within indices.
RESTful API: Elasticsearch offers a RESTful API that allows you to interact with the engine using HTTP requests. This makes it easy to integrate Elasticsearch with various programming languages and frameworks.
Powerful Query Language: Elasticsearch provides a rich query language that enables you to perform complex searches, aggregations, and filtering on your data.
Aggregations and Analytics: Alongside search, Elasticsearch offers powerful aggregation capabilities. You can perform data summarization, statistical analysis, and other advanced analytics on your indexed data.
Real-Time Monitoring and Analytics: Elasticsearch is often used to store and analyze log and event data for real-time monitoring and analysis of system and application behavior.
Integration with Kibana and Logstash: Elasticsearch is commonly used in conjunction with other tools from the Elastic Stack, including Kibana (for data visualization and dashboard creation) and Logstash (for data ingestion and processing).
Open Source and Active Community: Elasticsearch is open-source software with an active community of developers and users. This means there’s a wealth of documentation, tutorials, and support available.

Due to its capabilities and versatility, Elasticsearch is used by a wide range of organizations to build applications that require powerful search and analytics functionality. It’s used in domains such as e-commerce, content management, security information and event management (SIEM), monitoring, and more.

How to install Elasticsearch on Rocky Linux 9

Opensearch vs Elasticsearch

OpenSearch and Elasticsearch are both powerful search engines, but they have some key differences to consider:

Origin:

Elasticsearch: Developed and maintained by a commercial company called Elastic.
OpenSearch: An open-source fork of Elasticsearch created by Amazon Web Services (AWS).

Codebase:

Elasticsearch: Continuously innovates and adds features, resulting in a larger codebase compared to the original fork.
OpenSearch: Shares the core functionality of Elasticsearch from the time of the fork (version 7.10), but may have diverged slightly since then due to independent development.

Features:

Elasticsearch: Offers a wider range of features, including some that are commercially licensed.
OpenSearch: Focuses on open-source development, with some features previously available in free Elasticsearch versions potentially requiring alternative implementations.

Security:

Elasticsearch: May offer more advanced security features, especially in paid tiers.
OpenSearch: Provides essential security features like password protection and data encryption, but advanced options might require additional configuration.

Community & Support:

Elasticsearch: Has a well-established community and extensive documentation, along with paid support options from Elastic.
OpenSearch: Has a growing community driven by AWS and other contributors. Support might be more reliant on community forums and resources.

Cost:

Elasticsearch: Offers a free version with basic features, with paid subscriptions for additional functionality and support.
OpenSearch: Completely free to use and deploy, potentially reducing costs associated with running a search engine.

Choosing between them:

For cutting-edge features and established support: Opt for Elasticsearch, especially if you’re comfortable with potentially paid licensing.
For a fully open-source solution and cost-effectiveness: Choose OpenSearch, considering the trade-off in features and potential need for more community-driven support.
For existing AWS infrastructure: OpenSearch might integrate more seamlessly if you’re already heavily invested in AWS services.

Ultimately, the best choice depends on your specific needs, budget, and familiarity with open-source vs. commercial software models.

Environment Specification

We are using a minimal installed Rocky Linux 9 virtual machine with following specifications.

CPU – 3.4 Ghz (2 cores)
Memory – 4 GB
Storage – 40 GB
Operating System – Rocky Linux release 9.2 (Blue Onyx)
Hostname – elastic-01.centlinux.com
IP Address – 192.168.116.84/24

Dell Inspiron 15 3530 Touchscreen Laptop Computer, 15.6 Inch FHD Anti Glare Screen, Intel 10 Cores i7-1355U, 64 GB RAM, 2 TB SSD, Wi-Fi 6, Win11 Pro & MS Office Pro Lifetime License, Accessories

(50512)

$999.99 (as of June 30, 2025 19:49 GMT +00:00 – )

Prepare your Linux Server

By using ssh command login to your Rocky Linux server as root user.

Set a static IP address for your Linux machine by using nmcli command.

# nmcli c m enp0s3 ipv4.method manual ipv4.addresses 192.168.18.84/24 ipv4.gateway 192.168.18.1 ipv4.dns 192.168.18.1
# nmcli c down enp0s3 ; nmcli c up enp0s3

Set a hostname for the Elasticsearch server.

# hostnamectl set-hostname elastic-01.centlinux.com
# echo "192.168.18.84 elastic-01 elastic-01.centlinux.com" >> /etc/hosts

Update software packages in your Linux OS.

# dnf update -y

If the above command updates your Linux Kernel, then you should reboot your Linux OS before moving forward with this tutorial.

# reboot

Note down the Linux OS and Linux Kernel versions of the machine, that are being used in this tutorial.

# cat /etc/rocky-release
Rocky Linux release 9.2 (Blue Onyx)

# uname -r
5.14.0-284.25.1.el9_2.x86_64

Black Hat Bash: Creative Scripting for Hackers and Pentesters

(47529)

$32.99 (as of June 29, 2025 20:00 GMT +00:00 – )

Install Elasticsearch Yum Repository

Create a yum repository configuration file with the help of vim text editor.

# vi /etc/yum.repos.d/elasticsearch.repo

Add following lines in this file to define Elasticsearch yum repository.

[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=0
enabled=0
autorefresh=1
type=rpm-md

Build yum cache for newly installed yum repositories.

# dnf makecache
Elasticsearch repository for 8.x packages       1.0 MB/s |  31 MB     00:30
Rocky Linux 9 - BaseOS                          1.0 kB/s | 4.1 kB     00:03
Rocky Linux 9 - AppStream                       2.5 kB/s | 4.5 kB     00:01
Rocky Linux 9 - Extras                          1.1 kB/s | 2.9 kB     00:02
Metadata cache created.

Elasticsearch official yum repository has been installed. Now you can easily install Elasticsearch on Rocky Linux by executing dnf command.

Elasticsearch Installation on Rocky Linux

Elasticsearch yum repository is not enabled by default. We did this to avoid the automatic update of Elasticsearch software.

Execute following command to enable Elasticsearch yum repositories and install open-source analytics software.

# dnf install --enablerepo=elasticsearch -y elasticsearch
Last metadata expiration check: 0:06:57 ago on Wed 09 Aug 2023 09:00:05 PM PKT.
Dependencies resolved.
================================================================================
 Package              Architecture  Version          Repository            Size
================================================================================
Installing:
 elasticsearch        x86_64        8.9.0-1          elasticsearch        578 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 578 M
Installed size: 1.2 G
Downloading Packages:
elasticsearch-8.9.0-x86_64.rpm                  858 kB/s | 578 MB     11:30
--------------------------------------------------------------------------------
Total                                           858 kB/s | 578 MB     11:30
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Running scriptlet: elasticsearch-8.9.0-1.x86_64                           1/1
Creating elasticsearch group... OK
Creating elasticsearch user... OK

  Installing       : elasticsearch-8.9.0-1.x86_64                           1/1
  Running scriptlet: elasticsearch-8.9.0-1.x86_64                           1/1
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : lp7rCo7ODq=yPdjj712a

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service

/usr/lib/tmpfiles.d/elasticsearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.

  Verifying        : elasticsearch-8.9.0-1.x86_64                           1/1

Installed:
  elasticsearch-8.9.0-1.x86_64

Complete!

Note down the password of Elasticsearch superuser.

Enable and start Elasticsearch service.

# systemctl enable --now elasticsearch.service
Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /usr/lib/systemd/system/elasticsearch.service.

Reset the password of Elasticsearch superuser.

# /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y


Password for the [elastic] user successfully reset.
New value: 1SbPS44BMmhb+yaw1gCl

Recommended Training: Complete Guide to Elasticsearch from Bo Andersen

Configure Linux Firewall

Elasticsearch service runs on default port 9200/tcp. So, you must allow this service port in Linux firewall to make your Elasticsearch server accessible from the network.

# firewall-cmd --permanent --add-port=9200/tcp
success

# firewall-cmd --reload
success

Testing Elasticsearch Server

Query the Elasticsearch server by using following command syntax

# curl -X GET "https://elastic-01.centlinux.com:9200/_cluster/health?wait_for_status=yellow&timeout=50s&pretty" --key certificates/elasticsearch-ca.pem  -k -u elastic
Enter host password for user 'elastic':
{
  "cluster_name" : "elasticsearch",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 1,
  "active_shards" : 1,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Your Elasticsearch server has been installed successfully.

Video Tutorial: How to install Elasticsearch on Linux

Conclusion

Installing Elasticsearch on Rocky Linux 9 equips your system with a robust and scalable search and analytics engine, ideal for handling large volumes of data. By following the steps to configure the repository, install the package, and set up Elasticsearch as a service, you can seamlessly integrate it into your environment. With its powerful querying capabilities and performance, Elasticsearch is a valuable addition to any Linux-based system. Don’t forget to secure your installation and monitor its performance to ensure optimal operation.

Need expert AWS and Linux system administration? From cloud architecture to server optimization, I provide reliable and efficient solutions tailored to your needs. Hire me on Fiverr today!

Install Elasticsearch on Rocky Linux 9

Table of Contents