Install Elasticsearch from archive on Linux or MacOS | Elasticsearch Guide [8.5] | Elastic
Elastic Docs›
Elasticsearch Guide [8.5]›
Set up Elasticsearch›
Installing Elasticsearch
« Installing Elasticsearch
Install Elasticsearch with .zip on Windows »
Install Elasticsearch from archive on Linux or MacOSedit
Elasticsearch is available as a .tar.gz archive for Linux and MacOS.
This package contains both free and subscription features.
Start a 30-day trial to try out all of the features.
The latest stable version of Elasticsearch can be found on the
Download Elasticsearch page.
Other versions can be found on the
Past Releases page.
Elasticsearch includes a bundled version of OpenJDK
from the JDK maintainers (GPLv2+CE). To use your own version of Java,
see the JVM version requirements
Download and install archive for Linuxedit
The Linux archive for Elasticsearch v8.5.3 can be downloaded and installed as follows:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-linux-x86_64.tar.gz.sha512
shasum -a 512 -c elasticsearch-8.5.3-linux-x86_64.tar.gz.sha512
tar -xzf elasticsearch-8.5.3-linux-x86_64.tar.gz
cd elasticsearch-8.5.3/
Compares the SHA of the downloaded .tar.gz archive and the published checksum, which should output
elasticsearch-{version}-linux-x86_64.tar.gz: OK.
This directory is known as $ES_HOME.
Download and install archive for MacOSedit
The MacOS archive for Elasticsearch v8.5.3 can be downloaded and installed as follows:
curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-darwin-x86_64.tar.gz
curl https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-darwin-x86_64.tar.gz.sha512 | shasum -a 512 -c -
tar -xzf elasticsearch-8.5.3-darwin-x86_64.tar.gz
cd elasticsearch-8.5.3/
Compares the SHA of the downloaded .tar.gz archive and the published checksum, which should output
elasticsearch-{version}-darwin-x86_64.tar.gz: OK.
This directory is known as $ES_HOME.
Enable automatic creation of system indicesedit
Some commercial features automatically create indices within Elasticsearch.
By default, Elasticsearch is configured to allow automatic index creation, and no
additional steps are required. However, if you have disabled automatic index
creation in Elasticsearch, you must configure
action.auto_create_index in elasticsearch.yml to allow
the commercial features to create the following indices:
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
If you are using Logstash
or Beats then you will most likely
require additional index names in your action.auto_create_index setting, and
the exact value will depend on your local configuration. If you are unsure of
the correct value for your environment, you may consider setting the value to
* which will allow automatic creation of all indices.
Run Elasticsearch from the command lineedit
Run the following command to start Elasticsearch from the command line:
./bin/elasticsearch
When starting Elasticsearch for the first time, security features are enabled and
configured by default. The following security configuration occurs
automatically:
Authentication and authorization are enabled, and a password is generated for
the elastic built-in superuser.
Certificates and keys for TLS are generated for the transport and HTTP layer,
and TLS is enabled and configured with these keys and certificates.
An enrollment token is generated for Kibana, which is valid for 30 minutes.
The password for the elastic user and the enrollment token for Kibana are
output to your terminal. For example:
The generated password for the elastic built-in superuser is:
<password>
The enrollment token for Kibana instances, valid for the next 30 minutes:
<enrollment-token>
The hex-encoded SHA-256 fingerprint of the generated HTTPS CA DER-encoded certificate:
<fingerprint>
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'bin/elasticsearch-create-enrollment-token -s node'.
If you have password-protected the Elasticsearch keystore, you will be prompted
to enter the keystore’s password. See Secure settings for more
details.
By default Elasticsearch prints its logs to the console (stdout) and to the <cluster
name>.log file within the logs directory. Elasticsearch logs some
information while it is starting, but after it has finished initializing it
will continue to run in the foreground and won’t log anything further until
something happens that is worth recording. While Elasticsearch is running you can
interact with it through its HTTP interface which is on port 9200 by default.
To stop Elasticsearch, press Ctrl-C.
All scripts packaged with Elasticsearch require a version of Bash
that supports arrays and assume that Bash is available at /bin/bash.
As such, Bash should be available at this path either directly or via a
symbolic link.
Enroll nodes in an existing clusteredit
When Elasticsearch starts for the first time, the security auto-configuration process
binds the HTTP layer to 0.0.0.0, but only binds the transport layer to
localhost. This intended behavior ensures that you can start
a single-node cluster with security enabled by default without any additional
configuration.
Before enrolling a new node, additional actions such as binding to an address
other than localhost or satisfying bootstrap checks are typically necessary
in production clusters. During that time, an auto-generated enrollment token
could expire, which is why enrollment tokens aren’t generated automatically.
Additionally, only nodes on the same host can join the cluster without
additional configuration. If you want nodes from another host to join your
cluster, you need to set transport.host to a
supported value
(such as uncommenting the suggested value of 0.0.0.0), or an IP address
that’s bound to an interface where other hosts can reach it. Refer to
transport settings for more
information.
To enroll new nodes in your cluster, create an enrollment token with the
elasticsearch-create-enrollment-token tool on any existing node in your
cluster. You can then start a new node with the --enrollment-token parameter
so that it joins an existing cluster.
In a separate terminal from where Elasticsearch is running, navigate to the directory
where you installed Elasticsearch and run the
elasticsearch-create-enrollment-token tool
to generate an enrollment token for your new nodes.
bin/elasticsearch-create-enrollment-token -s node
Copy the enrollment token, which you’ll use to enroll new nodes with
your Elasticsearch cluster.
From the installation directory of your new node, start Elasticsearch and pass the
enrollment token with the --enrollment-token parameter.
bin/elasticsearch --enrollment-token <enrollment-token>
Elasticsearch automatically generates certificates and keys in the following directory:
config/certs
Repeat the previous step for any new nodes that you want to enroll.
Check that Elasticsearch is runningedit
You can test that your Elasticsearch node is running by sending an HTTPS request to port
9200 on localhost:
curl --cacert $ES_HOME/config/certs/http_ca.crt -u elastic https://localhost:9200
Ensure that you use https in your call, or the request will fail.
--cacert
Path to the generated http_ca.crt certificate for the HTTP layer.
Enter the password for the elastic user that was generated during
installation, which should return a response like this:
"name" : "Cp8oag6",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "AT69_T_DTp-1qgIJlatQqA",
"version" : {
"number" : "8.5.3",
"build_type" : "tar",
"build_hash" : "f27399d",
"build_flavor" : "default",
"build_date" : "2016-03-30T09:51:41.449Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "1.2.3",
"minimum_index_compatibility_version" : "1.2.3"
},
"tagline" : "You Know, for Search"
Log printing to stdout can be disabled using the -q or --quiet
option on the command line.
Run as a daemonedit
To run Elasticsearch as a daemon, specify -d on the command line, and record
the process ID in a file using the -p option:
./bin/elasticsearch -d -p pid
If you have password-protected the Elasticsearch keystore, you will be prompted
to enter the keystore’s password. See Secure settings for more
details.
Log messages can be found in the $ES_HOME/logs/ directory.
To shut down Elasticsearch, kill the process ID recorded in the pid file:
pkill -F pid
The Elasticsearch .tar.gz package does not include the systemd module. To
manage Elasticsearch as a service, use the Debian or RPM
package instead.
Configure Elasticsearch on the command lineedit
Elasticsearch loads its configuration from the $ES_HOME/config/elasticsearch.yml
file by default. The format of this config file is explained in
Configuring Elasticsearch.
Any settings that can be specified in the config file can also be specified on
the command line, using the -E syntax as follows:
./bin/elasticsearch -d -Ecluster.name=my_cluster -Enode.name=node_1
Typically, any cluster-wide settings (like cluster.name) should be
added to the elasticsearch.yml config file, while any node-specific settings
such as node.name could be specified on the command line.
Connect clients to Elasticsearchedit
When you start Elasticsearch for the first time, TLS is configured automatically for the
HTTP layer. A CA certificate is generated and stored on disk at:
$ES_HOME/config/certs/http_ca.crt
The hex-encoded SHA-256 fingerprint of this
certificate is also output to the terminal. Any clients that connect to Elasticsearch,
such as the
Elasticsearch Clients,
Beats, standalone Elastic Agents, and Logstash must validate that they trust the
certificate that Elasticsearch uses for HTTPS. Fleet Server and Fleet-managed
Elastic Agents are automatically configured to trust the CA certificate.
Other clients can establish trust by using either the fingerprint of the CA
certificate or the CA certificate itself.
If the auto-configuration process already completed, you can still obtain the
fingerprint of the security certificate. You can also copy the CA certificate
to your machine and configure your client to use it.
Use the CA fingerprintedit
Copy the fingerprint value that’s output to your terminal when Elasticsearch starts, and
configure your client to use this fingerprint to establish trust when it
connects to Elasticsearch.
If the auto-configuration process already completed, you can still obtain the
fingerprint of the security certificate by running the following command. The
path is to the auto-generated CA certificate for the HTTP layer.
openssl x509 -fingerprint -sha256 -in config/certs/http_ca.crt
The command returns the security certificate, including the fingerprint.
The issuer should be Elasticsearch security auto-configuration HTTP CA.
issuer= /CN=Elasticsearch security auto-configuration HTTP CA
SHA256 Fingerprint=<fingerprint>
Use the CA certificateedit
If your library doesn’t support a method of validating the fingerprint, the
auto-generated CA certificate is created in the following directory on each Elasticsearch
node:
$ES_HOME/config/certs/http_ca.crt
Copy the http_ca.crt file to your machine and configure your client to use this
certificate to establish trust when it connects to Elasticsearch.
Directory layout of archivesedit
The archive distributions are entirely self-contained. All files and
directories are, by default, contained within $ES_HOME — the directory
created when unpacking the archive.
This is very convenient because you don’t have to create any directories to
start using Elasticsearch, and uninstalling Elasticsearch is as easy as
removing the $ES_HOME directory. However, it is advisable to change the
default locations of the config directory, the data directory, and the logs
directory so that you do not delete important data later on.
Type
Description
Default Location
Setting
home
Elasticsearch home directory or $ES_HOME
Directory created by unpacking the archive
bin
Binary scripts including elasticsearch to start a node
and elasticsearch-plugin to install plugins
$ES_HOME/bin
conf
Configuration files including elasticsearch.yml
$ES_HOME/config
ES_PATH_CONF
conf
Generated TLS keys and certificates for the transport and HTTP layer.
$ES_HOME/config/certs
data
The location of the data files of each index / shard allocated
on the node.
$ES_HOME/data
path.data
logs
Log files location.
$ES_HOME/logs
path.logs
plugins
Plugin files location. Each plugin will be contained in a subdirectory.
$ES_HOME/plugins
repo
Shared file system repository locations. Can hold multiple locations. A file system repository can be placed in to any subdirectory of any directory specified here.
Not configured
path.repo
Security certificates and keysedit
When you install Elasticsearch, the following certificates and keys are
generated in the Elasticsearch configuration directory, which are used to connect a Kibana
instance to your secured Elasticsearch cluster and to encrypt internode communication.
The files are listed here for reference.
http_ca.crt
The CA certificate that is used to sign the certificates for the HTTP layer of
this Elasticsearch cluster.
http.p12
Keystore that contains the key and certificate for the HTTP layer for this node.
transport.p12
Keystore that contains the key and certificate for the transport layer for all
the nodes in your cluster.
http.p12 and transport.p12 are password-protected PKCS#12 keystores. Elasticsearch
stores the passwords for these keystores as secure
settings. To retrieve the passwords so that you can inspect or change the
keystore contents, use the
bin/elasticsearch-keystore tool.
Use the following command to retrieve the password for http.p12:
bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
Use the following command to retrieve the password for transport.p12:
bin/elasticsearch-keystore show xpack.security.transport.ssl.keystore.secure_password
Next stepsedit
You now have a test Elasticsearch environment set up. Before you start
serious development or go into production with Elasticsearch, you must do some additional
setup:
Learn how to configure Elasticsearch.
Configure important Elasticsearch settings.
Configure important system settings.
« Installing Elasticsearch
Install Elasticsearch with .zip on Windows »
Most Popular
Video
Get Started with Elasticsearch
Video
Intro to Kibana
Video
ELK for Logs & Metrics