What will happen if ES is installed with other non-root user and try to start with root user ?

Problem

Following error occurred :

[root@CSRToolTest1 bin]# Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root.

Possible cause 

You must installed ES with other user.

Solution

Start ES with non-root user.

What will happen if ES is installed with root user and try to start with other non-root user ?

Problem

Following error occurred :

java.io.FileNotFoundException: /home/shaan/ELK/elasticsearch-2.2.0/logs/my-application-shaandev.log (Permission denied)

Possible cause 

You must have started ES with a non-root user (In this case ES is installed using the root user), which made <cluster.name>.log file with root user.

Now, when you try to start ES with proper user (non-root) , it’s not able to access this log file created by root.

Solution

Delete the file <cluster.name>.log (which is my-application-shaandev.log) or change the permission of it, then start it again.

How to delete an index ?

$ curl -XDELETE http://<ip>:<port>/<index>

Example
$ curl -XDELETE http://10.170.208.53:9200/logstash-2016.05.03

How to find current indices created in ES ?

$ curl http://<ip>:<port>/_cat/indices

Example

$ curl http://10.170.208.53:9200/_cat/indices

open logstash-2016.05.03 1 1 24 6 75.2mb 75.2mb

open .kibana 1 1 24 6 75.2kb 75.2kb

In above example, we have 2 indices.

How to use basic Elasticsearch operations ?

http://<IP>:<port>/<index-name>/_mapping
http://10.170.208.53:9200/index-2016.02.26/_mapping
Gives the description of fields in the message event, their data types and how they are configured.

http://<IP>:<port>/_template/<template_name>
http://10.170.208.53:9200/_template/temp
Gives the description of template specified.

http://<IP>:<port>/_cat/indices
http://10.170.208.53:9200/_cat/indices
Gives the list of indices currently present in elasticsearch.

http://<IP>:<port>/<index-name>/_search
http://10.170.208.53:9200/index-2016.02.29/_search
Gives the data present under specified index.

How to start, check and stop Elasticsearch ?

Start
Switch to the user which installed the ES.
Go to installation location of elasticsearch and start ES.
./bin/elasticsearch –d

Check
Check if ES is running or not
curl 'localhost:9200'
This should output the general information about your elasticsearch installation.

Stop
ps -aef | grep elasticsearch
kill -9 <processId>

How to configure Elasticsearch ?

Modify the configuration file - elasticsearch.yml

Go to installation location of elasticsearch
cd /home/ELK/elasticsearch-2.3.2/config/
vim elasticsearch.yml

Modify these highlighted values in open file : 
cluster.name: my-application
node.name: node-1
bootstrap.mlockall: true
network.host: 10.170.208.53

Note : Localhost might not work if it is not available in /etc/hosts

In that case you can assign complete IP address of VM.

So, ensure to have localhost entry :

#127.0.0.1   localhost localhost.localdomain localhost4

10.170.208.53 localhost

10.170.208.53 test localhost

How to configure Elasticsearch to automatically start during boot up ?

Applicable if installed using yum

Run this command
ps -p 1

If output is something like this : 
1 ?        00:00:00 init

Then run following command : 
chkconfig --add elasticsearch

Otherwise run following command : 
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service

How to access Elasticsearch using Marvel - Chrome plugin ?

Use Chrome plugin - Marvel 'sense'

A client side plugin to access ES indices

Add plugin 'Sense' to Google Chrome and restart browser.

Click on icon 'Sense' after the address bar.

Put URL to fetch indexes : http://IP_Address:ES_Port/_plugin/marvel/sense/index.html

Example : http://10.170.208.44:9200/_plugin/marvel/sense/index.html

Click Run icon to execute query.

How to check if Elasticsearch is running using REST API ?

Check the IP address and port where ES is running on the server :

# vi /etc/elasticsearch/elasticsearch.yml

http.port: 9200

network.host: 10.170.208.44

AT CLIENT SIDE

Check the URL with IP and port of ES in the browser :

http://10.170.208.44:9200/

AT SEVER SIDE

Use curl command 

# curl -XGET 'http://localhost:9200/'

How to check if Elasticsearch is running or not ?

Check if ES is running as a service

# service elasticsearch status

Check ES in Java processes

# ps -aef | grep java

Check by sending search request

# curl -XGET 'http://localhost:9200/'

What is NRT in elasticsearch ?

Elasticsearch is a near real time (NRT) search platform.

There is a slight latency (normally one second) from the time you index a document until the time it becomes searchable.

How to install, configure and start ElasticSearch ?

Prerequisite

• Ubuntu installed on the PC
• Download Open Java 1.7 RPM (OpenJava 1.7.0.9-2.3.4.1.el6_3.x86_64)
• Download ElasticSearch RPM (elasticsearch-2.1.1.rpm)

Install OpenJava 1.7

# yum install java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm

Install ES

# rpm -i elasticsearch-2.1.1.rpm

/etc/elasticsearch

/etc/elasticsearch/elasticsearch.yml

/etc/elasticsearch/logging.yml

/etc/elasticsearch/scripts

/etc/rc.d/init.d/elasticsearch

/etc/sysconfig/elasticsearch

/usr/lib/sysctl.d/elasticsearch.conf

/usr/share/elasticsearch

/usr/share/elasticsearch/bin

/usr/share/elasticsearch/bin/plugin

/usr/share/elasticsearch/lib

/usr/share/elasticsearch/plugins

/usr/share/elasticsearch/bin/elasticsearch

/var/lib/elasticsearch

/var/log/elasticsearch

Update YML file

Uncomment and set configuration of machine IP address and port for ES

# vi /etc/elasticsearch/elasticsearch.yml

http.port: 9200

network.host: 10.170.208.44

Set ES_HOME

# export ES_HOME=/usr/share/elasticsearch

Start ES

# export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.9.x86_64/jre/

# service elasticsearch start

Check if ES is running as a service

# service elasticsearch status

Check ES in Java processes

# ps -aef | grep elasticsearch