Managing Elasticsearch Services

This appendix describes how you can manage Elasticsearch service.

After installing Elasticsearch, you can add an Elasticsearch service, verify that the service starts automatically, and remove the service.

Adding Elasticsearch as a Service

To add Elasticsearch as a service and verify that the service is created:

  1. Open a terminal window, running as root.

  2. Change directory to ELK_INSTALL/setup:

    cd ELK_INSTALL/setup

  3. Run this command to add the service:

    ./psft-es-service.sh --add --install_base_dir BASE_DIR

  4. Use one of these methods to verify that the service was added:

    • The output of the following ps command must show a running Elasticsearch process:

      ps -ef | grep elastic

    • Beginning with ELK DPK version 04, use the systemctlcommand:

      systemctl status elasticsearch

      This should give an output with the status "active (running)," as shown in the following sample:

      elasticsearch.service - Elasticsearch
Loaded: loaded (/etc/systemd/system/elasticsearch.service;enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-09-01 22:24:38 PDT; 12s ago
Docs: http://www.elastic.co
Main PID: 59416 (java)
Tasks: 45
Memory: 2.2G
CGroup: /system.slice/elasticsearch.service

    • For the ELK DPK version 03 and earlier versions, use the chkconfigcommand:

      chkconfig --list | grep elastic

      This should give an output such as:

      elasticsearch 0:off 1:off 2:on 3:on 4:on 5:on 6:off

    • For the ELK DPK version 03 and earlier versions, use the service command:

      service elasticsearch status

      This should give an output such as:

      elasticsearch (pid 21292) is running...

Verifying that the Elasticsearch Service Starts Automatically

After you install the Elasticsearch service and verify the installation, test to make sure the service starts automatically after you reboot the Linux server.

  1. Reboot the Linux server.

  2. Verify that the service has come up automatically.

    • Beginning with ELK DPK version 04, use this command to verify that the service has come up automatically:

      systemctl status Elasticsearch

      This should give an output with the status "active (running)," as shown in the following sample:

      elasticsearch.service - Elasticsearch
Loaded: loaded (/etc/systemd/system/elasticsearch.service;enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-09-01 22:24:38 PDT; 12s ago
Docs: http://www.elastic.co
Main PID: 59416 (java)
Tasks: 45
Memory: 2.2G
CGroup: /system.slice/elasticsearch.service

    • For the ELK DPK version 03 and earlier versions, use the service command:

      service elasticsearch status

      This should give an output such as:

      elasticsearch (pid 5028) is running...

Removing the Elasticsearch Service

To remove the Elasticsearch service:

  1. Open a terminal window, running as root.

  2. Change directory to ELK_INSTALL/setup:

    cd ELK_INSTALL/setup

  3. Run this command to remove the service:

    ./psft-es-service.sh --delete

  4. Use one of these methods to verify that the service was deleted:

    • The output of the following ps command should not include any Elasticsearch process:

      ps -ef | grep elastic

    • Beginning with ELK DPK version 04, use this command:

      systemctl status elasticsearch

    • For the ELK DPK version 03 and earlier versions, use the chkconfig command. The command should give an empty output:

      chkconfig --list | grep elastic

    • For the ELK DPK version 03 and earlier versions, use the service command:

      service elasticsearch status

      This should give an output such as:

      elasticsearch: unrecognized service