we will use in this article ElasticSearch which is a flexible and powerful open-source, distributed real-time search and analytics engine. Using a simple set of APIs, it provides the ability for full-text search. Elastic search is freely available under the Apache 2 license, which provides the most flexibility.
How ElasticSearch works :
The ElasticSearch engine use two principal components which are the analysers and the inverted index to store(index) documents and retrieve them.
Understanding Analysis in Elasticsearch (Analyzers)
When we index a document, Elasticsearch takes the full text fields of the document and runs them through an analysis process. The text fields are tokenized into terms, and the terms are converted to lowercase letters. At least that’s the default behavior. The results of this analysis process are added to something called the inverted index, which is what we run search queries against.
Understanding the Inverted Index
the results of this analysis process are stored within an inverted index. An inverted index consists of all of the terms for a given field across all documents within an index. So when performing a search query, we are not actually searching the documents themselves, but rather an inverted index. This is important to understand because otherwise you might be left puzzled as to why some queries don’t match what you expect.
Install Elasticsearch on Linux
The Elasticsearch official team provides an apt repository to install Elasticsearch on Debian Linux system. After install below package and import GPG key for Elasticsearch packages.
sudo apt-get install apt-transport-httpswget -qO — https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Then configure the apt repository on your Debian system. The below command will add a repository to install latest Elasticsearch 7.X on your Ubuntu system.
add-apt-repository “deb https://artifacts.elastic.co/packages/7.x/apt stable main”
After adding the repository to your system. Run the following commands to update cache and then install Elasticsearch packages on your system.
sudo apt-get updatesudo apt-get install elasticsearch
The Elasticsearch has been installed on your system. You can customize this by editing the Elasticsearch configuration file. Edit configuration file in your favorite text editor and update it:
sudo nano /etc/elasticsearch/elasticsearch.yml
Change the following values:
network.host: 0.0.0.0cluster.name: “myCluster1”node.name: “myNode1”http.port: 9200
- network.host — Set the network host to 0.0.0.0 to listen on all interfaces and make it publically available. You can use your LAN address for LAN access only.
- cluster.name — Name of the cluster. For the multi-node cluster, all the nodes must use the same cluster name.
- node.name — Set the unique name of the node to identify in a cluster.
Elasticsearch can be started and stopped as follows
sudo systemctl start elasticsearch.servicesudo systemctl stop elasticsearch.service
Kibana is an open source data visualization dashboard for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster.
Run the following command to install kibana package on your system
sudo apt-get install kibana
Kibana can be started and stopped as follows, but after starting ElasticSearch
sudo systemctl start kibana.service
sudo systemctl stop kibana.service
Connect to Kibana
Kibana is now accessible via your FQDN or the public IP address of your Elastic Stack server, then navigate to
your_server_ip : in local is localhost or 127.0.0.1
Finally you will see something like this :