Elasticsearch Data Source

Video Lecture

Elasticsearch Data Source Elasticsearch Data Source Elasticsearch Data Source

Description

I demonstrate installing and querying Elasticsearch 7.10.

Elasticsearch uses the JavaVM. So I recommend a minimum spec of 2GB RAM for the server that you use for the Elasticsearch service.

I am using Debian Package Instructions from https://www.elastic.co/guide/en/elasticsearch/reference/current/install-elasticsearch.html

Download and install the public signing key.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Install dependencies

sudo apt-get install apt-transport-https

Save the repository definition

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Update and install the Elasticsearch package

sudo apt-get update && sudo apt-get install elasticsearch

Confirm status and start.

sudo service elasticsearch status
sudo service elasticsearch start

If you have a problem, you can view Elasticsearch logs using

sudo journalctl --unit elasticsearch

A new user was created named elasticsearch

ps -u elasticsearch

Test the http interface is running by using curl

curl "http://localhost:9200"

View the configuration files in /etc/elasticsearch/

cd /etc/elasticsearch/
ls -lh

Edit the elasticsearch.yml to allow remote connections through the http interface.

sudo nano /etc/elasticsearch/elasticsearch.yml

Modify network.host and add transport.host

network.host: 0.0.0.0
transport.host: localhost

Save, restart and check status

sudo service elasticsearch restart

Create an example index

curl -X PUT "http://localhost:9200/index1"

View the index metadata

curl "http://localhost:9200/index1?pretty"

Add some data to the index

curl -H "Content-Type: application/json" -XPOST "http://localhost:9200/index1/_doc" -d '{"abc":123, "name":"xyx", "@timestamp" : "'$(date -Iseconds)'"}'

View the contents of the index

curl "http://localhost:9200/index1/_search?pretty"

View available indexes in your Elasticsearch

curl http://localhost:9200/_cat/indices

Delete an index

curl -XDELETE 'http://localhost:9200/index1'

Use IPTables to restrict port 9200

iptables -A INPUT -p tcp -s localhost --dport 9200 -j ACCEPT
iptables -A INPUT -p tcp -s ###.###.###.### --dport 9200 -j ACCEPT
iptables -A INPUT -p tcp --dport 9200 -j DROP
iptables -L

Warning

iptables settings will be lost in case of system reboot. You will need to reapply them manually,

or

install iptables-persistent

sudo apt install iptables-persistent

This will save your settings into two files called,

/etc/iptables/rules.v4

/etc/iptables/rules.v6

Any changes you make to the iptables configuration won't be auto saved to these persistent files, so if you want to update these files with any changes, then use the commands,

iptables-save > /etc/iptables/rules.v4

iptables-save > /etc/iptables/rules.v6

IPTables Cheatsheet