Example Elasticsearch Setup (Ubuntu)

Setup: Elasticsearch | Redis | Solr

These are example steps for setting up an Elasticsearch instance on Ubuntu. They will create a user elasticsearch, download version 5.4.0, install it under /opt/elasticsearch and add config under /opt/elasticsearch/config/.

<org> should be replaced with some identifier (your organization, user, etc).

Create user

useradd -d /home/elasticsearch -m elasticsearch

Download

mkdir -p /opt/elasticsearch/<org>/data
cd /opt/elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.0.tar.gz
tar --strip-components=1 -xvf elasticsearch-5.4.0.tar.gz

Configure

# ... add service script ...
touch /opt/elasticsearch/<org>/com-<org>-elasticsearch.sh

# edit /opt/elasticsearch/config/elasticsearch.yml

chown -R elasticsearch.elasticsearch /opt/elasticsearch/
mkdir /var/log/elasticsearch
chown elasticsearch.elasticsearch /var/log/elasticsearch
sudo ln -s /opt/elasticsearch/<org>/com-<org>-elasticsearch.sh /etc/init.d/com-<org>-elasticsearch
sudo update-rc.d com-<org>-elasticsearch defaults 97 03

Tested with

• Ubuntu 16.04
• Elasticsearch 5.1.2, 5.3.1, 5.4.0

Example development config

cluster.name: dev.elastic
node.name: dev1.elastic
path.data: /opt/elasticsearch/<org>/data
path.logs: /var/log/elasticsearch
network.host: 127.0.0.1
http.port: 9200
transport.tcp.port: 9300

Service script

Replace <org> with your organization name (or something else)

#! /bin/sh
### BEGIN INIT INFO
# Provides: com-<org>-elasticsearch
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: elasticsearch
# Description: This file starts and stops a single Elasticsearch instance
### END INIT INFO

APP_DIR=/opt/elasticsearch
PID_FILE=elasticsearch.pid

case "$1" in
    start)
        su elasticsearch -c "$APP_DIR/bin/elasticsearch -p $APP_DIR/$PID_FILE -d"
        ;;
    stop)
        su elasticsearch -c "kill $(head -1 $APP_DIR/$PID_FILE)"
        ;;
    restart)
        su elasticsearch -c "kill $(head -1 $APP_DIR/$PID_FILE)"
        sleep 5
        su elasticsearch -c "$APP_DIR/bin/elasticsearch -p $APP_DIR/$PID_FILE -d"
        ;;
    status)
        1
        ;;
    *)
        echo "Usage: com-<org>-elasticsearch.sh {start|stop|restart}" >&2
        exit 3
        ;;
esac

Issues with Transaction Logs

Elasticsearch can sometimes have issues parsing the nested objects in the data and params fields, so disabling analysis on them may be needed.

PUT /core-transaction-logs
{  
   "mappings":{  
      "store":{  
         "dynamic_templates":[  
            {  
               "data_not_analyzed":{  
                  "path_match":"data",
                  "mapping":{  
                     "type":"object",
                     "index":"not_analyzed"
                  }
               }
            },
            {  
               "params_not_analyzed":{  
                  "path_match":"parameters",
                  "mapping":{  
                     "type":"object",
                     "index":"not_analyzed"
                  }
               }
            }
         ]
      }
   }
}