Elasticsearch is a distributed, RESTful search and analytics engine built on Apache Lucene. It stores data as JSON documents in indices and provides near-real-time full-text search, log aggregation, metrics analysis, and complex aggregation queries through a simple HTTP/JSON API. Elasticsearch is the core component of the Elastic Stack (ELK Stack) — Elasticsearch stores and searches the data, Logstash processes and ships logs, and Kibana provides the visualisation dashboard. Common uses include application log analysis, security event monitoring (SIEM), e-commerce product search, and analytics pipelines. Elasticsearch 8.x requires Java 17 or later and includes built-in security (TLS, authentication) enabled by default. This guide covers installing Elasticsearch 8 on RHEL 9, configuring it for a single-node deployment, and verifying the installation.
Prerequisites
- RHEL 9 with at least 4 GB RAM (8 GB recommended)
- At least 20 GB free disk space
Step 1 — Add the Elastic Repository
# Import the Elastic GPG key and add the repo
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
cat > /etc/yum.repos.d/elasticsearch.repo <<'EOF'
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOFStep 2 — Install Elasticsearch
dnf install -y elasticsearchNote the enrollment token and elastic user password printed during installation — save them securely.
Step 3 — Configure Elasticsearch
# /etc/elasticsearch/elasticsearch.yml
cluster.name: my-cluster
node.name: node-1
# Storage paths
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
# Network — bind to localhost for single-node; use server IP for multi-node
network.host: 127.0.0.1
http.port: 9200
# Single-node discovery (no clustering)
discovery.type: single-node
# JVM heap — set to 50% of RAM, max 32GB
# Edit /etc/elasticsearch/jvm.options.d/heap.options:
# -Xms2g
# -Xmx2g# Set JVM heap size
mkdir -p /etc/elasticsearch/jvm.options.d
echo -e "-Xms2gn-Xmx2g" > /etc/elasticsearch/jvm.options.d/heap.optionsStep 4 — Tune Kernel for Elasticsearch
# Elasticsearch requires high vm.max_map_count
echo "vm.max_map_count = 262144" >> /etc/sysctl.conf
sysctl -p
# Disable swap (Elasticsearch performance degrades severely with swapping)
swapoff -a
# Comment out swap entries in /etc/fstab to make permanentStep 5 — Start and Enable Elasticsearch
systemctl daemon-reload
systemctl enable --now elasticsearch
systemctl status elasticsearch
# Wait ~30 seconds, then test (Elasticsearch 8 uses HTTPS by default)
curl --cacert /etc/elasticsearch/certs/http_ca.crt
-u elastic:YourElasticPassword
https://localhost:9200Step 6 — Index and Query a Document
# Index a document
curl -X PUT --cacert /etc/elasticsearch/certs/http_ca.crt
-u elastic:YourElasticPassword
-H "Content-Type: application/json"
https://localhost:9200/products/_doc/1
-d '{"name": "RHEL 9", "type": "OS", "vendor": "Red Hat"}'
# Search
curl --cacert /etc/elasticsearch/certs/http_ca.crt
-u elastic:YourElasticPassword
"https://localhost:9200/products/_search?q=RHEL"Conclusion
Elasticsearch 8 on RHEL 9 provides a powerful, distributed search and analytics engine with TLS and authentication enabled by default. The single-node configuration is suitable for development and small production deployments. Setting the JVM heap to 50% of available RAM and increasing vm.max_map_count are the two most important operational tuning steps. Add Kibana and Logstash to complete the ELK Stack.
Next steps: How to Install Kibana on RHEL 9, How to Install Redis on RHEL 9, and How to Install MongoDB on RHEL 9.
