How to Install Elasticsearch on RHEL 8

Elasticsearch is a distributed, RESTful search and analytics engine capable of handling large volumes of structured and unstructured data in near real time. It is the core component of the Elastic Stack, widely used for log aggregation, full-text search, and observability pipelines. On RHEL 8, installing Elasticsearch requires adding the official Elastic repository and configuring the service for your environment. This tutorial walks through a complete single-node installation suitable for development and small production workloads.

Prerequisites

• RHEL 8 server with at least 2 CPU cores and 4 GB RAM (8 GB recommended)
• Root or sudo privileges
• firewalld installed and running
• Java is not required — Elasticsearch 8.x bundles its own JDK

Step 1 — Add the Elastic 8.x Repository

Import the Elastic GPG key and create the repository file so dnf can pull packages directly from Elastic’s servers.

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

cat > /etc/yum.repos.d/elasticsearch.repo << 'EOF'
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

Step 2 — Install Elasticsearch

Update the repository metadata and install the Elasticsearch package. The installer automatically creates the elasticsearch system user and sets appropriate file permissions.

dnf install -y elasticsearch

Step 3 — Configure elasticsearch.yml

Edit the main configuration file to set the cluster name, bind address, and discovery mode. For a development single-node setup, disable X-Pack security to simplify initial testing.

# /etc/elasticsearch/elasticsearch.yml

cluster.name: my-cluster
node.name: node-1
network.host: 0.0.0.0
http.port: 9200

# Single-node discovery — remove for multi-node clusters
discovery.type: single-node

# Disable security for development only
# Enable and configure certificates for production
xpack.security.enabled: false
xpack.security.enrollment.enabled: false

If the server has less than 4 GB of RAM, also cap the JVM heap in /etc/elasticsearch/jvm.options.d/heap.options:

-Xms1g
-Xmx1g

Step 4 — Enable and Start Elasticsearch

Use systemctl to enable Elasticsearch at boot and start it immediately. The service may take 20–30 seconds to become ready on first launch.

systemctl daemon-reload
systemctl enable --now elasticsearch

# Check service status
systemctl status elasticsearch

Step 5 — Verify the Installation

Query the HTTP API on port 9200 to confirm Elasticsearch is responding and reporting the correct cluster health.

# Basic node info
curl http://localhost:9200

# Cluster health
curl http://localhost:9200/_cluster/health?pretty

# List indices
curl http://localhost:9200/_cat/indices?v

A healthy response from /_cluster/health will show "status" : "green" for a single-node cluster with no replicas, or "yellow" if replica shards are unassigned (normal for single-node).

Step 6 — Open the Firewall for Remote Access

If other hosts need to reach Elasticsearch, open port 9200 (HTTP API) and optionally 9300 (inter-node transport) in firewalld.

# Allow HTTP API access
firewall-cmd --permanent --add-port=9200/tcp

# Allow transport port (needed for multi-node clusters)
firewall-cmd --permanent --add-port=9300/tcp

firewall-cmd --reload

# Confirm rules
firewall-cmd --list-ports

For production environments, restrict access to specific source IP ranges rather than opening ports to all hosts:

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="9200" protocol="tcp" accept'
firewall-cmd --reload

Conclusion

You now have a running Elasticsearch 8.x instance on RHEL 8, configured as a single-node cluster accessible over HTTP. The service starts automatically on boot, and the firewall is configured to allow remote API access. For development work the current setup is sufficient; before moving to production you should enable X-Pack security, configure TLS certificates, and set up index lifecycle management to control disk usage.

Next steps: How to Install Kibana on RHEL 8, How to Configure Logstash on RHEL 8, and How to Set Up Elasticsearch Snapshots on RHEL 8.