Elasticsearch Data Source

Video Lecture

SBCODE
^{(Pay Per View)}

×

 (Pay Per View)

You can use PayPal to purchase a one time viewing of this video for $1.49 USD.

Pay Per View Terms

• One viewing session of this video will cost the equivalent of $1.49 USD in your currency.
• After successful purchase, the video will automatically start playing.
• You can pause, replay and go fullscreen as many times as needed in one single session for up to an hour.
• Do not refresh the browser since it will invalidate the session.
• If you want longer-term access to all videos, consider purchasing full access through Udemy or YouTube Memberships instead.
• This Pay Per View option does not permit downloading this video for later viewing or sharing.
• All videos are Copyright © 2019-2025 Sean Bradley, all rights reserved.

Description

I demonstrate installing and querying Elasticsearch 7.16.

Elasticsearch uses the JavaVM. So I recommend a minimum spec of 2GB RAM for the server that you use for the Elasticsearch service.

I am using Debian Package Instructions from https://www.elastic.co/guide/en/elasticsearch/reference/current/install-elasticsearch.html

Download and install the public signing key.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Install dependencies

sudo apt-get install apt-transport-https

Save the repository definition

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Update and install the Elasticsearch package

sudo apt-get update && sudo apt-get install elasticsearch

Confirm status and start.

sudo service elasticsearch status
sudo service elasticsearch start

If you have a problem, you can view Elasticsearch logs using

sudo journalctl --unit elasticsearch

A new user was created named elasticsearch

ps -u elasticsearch

Test the http interface is running by using curl

curl "http://localhost:9200"

View the configuration files in /etc/elasticsearch/

cd /etc/elasticsearch/
ls -lh

Edit the elasticsearch.yml to allow remote connections through the http interface.

sudo nano /etc/elasticsearch/elasticsearch.yml

Use these settings

cluster.name: my-application
node.name: node-1
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node-1"]

Save, restart and check status

sudo service elasticsearch restart

Create an example index

curl -X PUT "http://localhost:9200/index1"

View the index metadata

curl "http://localhost:9200/index1?pretty"

Add some data to the index

curl -H "Content-Type: application/json" -XPOST "http://localhost:9200/index1/_doc" -d '{"abc":123, "name":"xyx", "@timestamp" : "'$(date -Iseconds)'"}'

View the contents of the index

curl "http://localhost:9200/index1/_search?pretty"

View available indexes in your Elasticsearch

curl http://localhost:9200/_cat/indices

Delete an index

curl -XDELETE 'http://localhost:9200/index1'

Use IPTables to restrict port 9200

iptables -A INPUT -p tcp -s localhost --dport 9200 -j ACCEPT
iptables -A INPUT -p tcp -s ###.###.###.### --dport 9200 -j ACCEPT
iptables -A INPUT -p tcp --dport 9200 -j DROP
iptables -L

Warning

iptables settings will be lost in case of system reboot. You will need to reapply them manually,

or

install iptables-persistent

sudo apt install iptables-persistent

This will save your settings into two files called,

/etc/iptables/rules.v4

/etc/iptables/rules.v6

Any changes you make to the iptables configuration won't be auto saved to these persistent files, so if you want to update these files with any changes, then use the commands,

iptables-save > /etc/iptables/rules.v4

iptables-save > /etc/iptables/rules.v6

Useful Links

IPTables Cheat Sheet