Skip to main content

How To Install Elasticsearch on Ubuntu/Debian

In this guide we will install Elasticsearch, Kibana and Logstash on Ubuntu and Debian systems.

Updated this week

Elasticsearch is a distributed search and analytics system designed for indexing, storage, and real-time search. It provides powerful full-text search and analytics capabilities.

Prerequisites

Please install Nginx prior to Elasticsearch. Our guide walks you through it.

1. Install Elasticsearch

1.1 Import the Elastic GPG key into APT

First, run this command to add the Elasticsearch public GPG key to APT:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch |sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg

1.2 Add the Elastic APT repository

Then, place the Elastic source list in the sources.list.d directory, where APT checks for available repositories.

echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

1.3 Refresh APT package lists

Next, refresh APT’s package index to include the new Elastic repository:

sudo apt update

1.4 Install Elasticsearch

Now you can install Elasticsearch:

sudo apt install elasticsearch

1.5 Configure the main settings file

Next, open the YAML file with your preferred editor:

sudo nano /etc/elasticsearch/elasticsearch.yml

Set the bind address to restrict access to the local system for a single server setup. Find the network.host line, uncomment it and change value to localhost:

network.host: localhost

1.6 Start and enable Elasticsearch

Run the following commands to start Elasticsearch service and enable auto start on boot:

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

1.7 Verify the node is responding

Query the HTTP endpoint on the local system:

curl -X GET "localhost:9200"

You should see JSON output describing the node version, build info, and the tagline:


{
  "name" : "server_hostname",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "ZDTEVTeURFGPsrdtpFh1aA",
  "version" : {
    "number" : "7.17.29",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "580aff1a0064ce4c93293aaab6fcc55e22c10d1c",
    "build_date" : "2025-06-19T01:37:57.847711500Z",
    "build_snapshot" : false,
    "lucene_version" : "8.11.3",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

2. Install Kibana

Kibana is a web-based interface used to search and visualize log data.

2.1 Run Kibana installation command

Use the following command:

sudo apt install kibana

2.2 Enable and start the Kibana service

Run these commands to start Kibana and enable auto start on every boot:

sudo systemctl enable kibana
sudo systemctl start kibana

2.3 Create an admin login for Kibana basic auth

Kibana restricts access to localhost, so we’ll configure Nginx as a reverse proxy to make it reachable from outside the server.

Choose a non-obvious username instead of the example:

echo "kibanauser:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users

You will be prompted for the password. Keep this safe.

2.4 Create an Nginx server block for the reverse proxy

Create the file (replace your_domain.ltd with your actual domain pointed to your server):

sudo nano /etc/nginx/sites-available/your_domain.ltd

Then paste this content and replace your_domain.ltd as well:

server {
    listen 80;

    server_name your_domain.ltd;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

2.5 Enable the site and test Nginx

Create the link to enable the config:

sudo ln -s /etc/nginx/sites-available/your_domain.ltd /etc/nginx/sites-enabled/your_domain.ltd

Check syntax and reload:

sudo nginx -t
sudo systemctl reload nginx

2.6 Open the firewall for Nginx (if it is not already open):

Run this commmand if you are using UFW:

sudo ufw allow 'Nginx Full'

Use these commands if you are using IPtables:

sudo iptables -A INPUT -p tcp --dport 80   -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443  -j ACCEPT

Save IPtables rules:

sudo netfilter-persistent save
sudo netfilter-persistent reload

2.7 Verify Kibana is reachable

Enter this address in your browser (replace your_domain.ltd) and authenticate with the credentials you created previously on step 2.3.

http://your_domain.ltd/status

You should see server status, resource usage, and installed plugins.

3. Install Logstash

With Logstash, you can gather data from diverse inputs, transform it to a standard format, and forward it to a different database.

3.1 Run Logstash installation command

Run the following command:

sudo apt install logstash

3.2 Create a Basic Pipeline

Create a new configuration file:

sudo nano /etc/logstash/conf.d/simple-pipeline.conf

Add this configuration:


input {
  tcp {
    port => 5044
    codec => json_lines
  }
}

filter {
  # Optional: You can add filters here later if you want to parse or transform data
}

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "custom-logs-%{+YYYY.MM.dd}"
  }
  stdout { codec => rubydebug }
}

Explanation:

  • Input: Listens for incoming JSON data over TCP port 5044

  • Filter: Placeholder for data transformations (currently none)

  • Output: Sends processed logs directly to Elasticsearch

  • stdout: Prints output to the terminal for debugging

3.3 Test the Configuration

Before enabling Logstash permanently, validate your configuration:

sudo -u logstash /usr/share/logstash/bin/logstash --path.settings /etc/logstash -t

You should see:

Config Validation Result: OK. Exiting Logstash after a few seconds.

3.4 Start and Enable Logstash

Once the configuration is valid:

sudo systemctl start logstash
sudo systemctl enable logstash

Check that it’s running:

sudo systemctl status logstash

3.5 Open the Port 5044 in your firewall

If you are using UFW, run this command:

sudo ufw allow 5044/tcp

Run these commands if you are using IPtables:

sudo iptables -A INPUT -p tcp --dport 5044 -j ACCEPT
sudo netfilter-persistent save
sudo netfilter-persistent reload

4. Accessing Elasticsearch

In your browser enter your domain or server's IP address. If your connection to Kibana was interrupted, sign back in with the credentials from Step 2.3. Upon successful login, you’ll see the Kibana home screen:

Related Articles
How To Install Webmin on Ubuntu/Debian
How To Install PostgreSQL 17 on Ubuntu/Debian
How to Install Apache Web Server on Ubuntu/Debian
How to allow MySQL/MariaDB remote connections in Ubuntu/Debian Server?
How to Install Minecraft Server On Ubuntu
Did this answer your question?