Back to Blog
Elastic illustration: versatile data use case flexibility

Getting Started with Elasticsearch

January 9, 20264 min readAde A.
ElasticsearchSearchDatabase
Share:

Getting Started with Elasticsearch

Elasticsearch is a distributed, RESTful search and analytics engine that's become the backbone of modern search. It's the heart of the Elastic Stack (formerly ELK), and it handles everything from full-text search to log analytics to security monitoring at scale.

If you're trying to build search into your application or need to analyze massive amounts of data in real-time, Elasticsearch is probably what you want. Here's how to actually get started.

1) Elastic Cloud (The Easy Way)

Fastest path from zero to running cluster: Elastic Cloud. They manage availability, upgrades, security, and all the operational headaches.

You can go hosted (pick region, version, size, get credentials) or serverless (zero-ops projects with instant API endpoints). For most people starting out, this is the move.

Typical flow: create deployment, copy the Elasticsearch endpoint and credentials, ingest some data, explore with Kibana. You're running queries in 10 minutes.

2) Docker Compose (The Developer Way)

If you want to run locally and actually see what's happening under the hood, Docker Compose works well.

Here's a minimal stack with Elasticsearch and Kibana:

services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:8
    container_name: es01
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=false # dev only
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
    ports:
      - "9200:9200"
    volumes:
      - esdata:/usr/share/elasticsearch/data

  kibana:
    image: docker.elastic.co/kibana/kibana:8
    depends_on: [es01]
    environment:
      - ELASTICSEARCH_HOSTS=["http://es01:9200"]
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=${ELASTIC_PASSWORD}
    ports:
      - "5601:5601"

volumes:
  esdata: {}

Set ELASTIC_PASSWORD=Changeme_123! in a .env file, run docker compose up -d, and you're good.

Verify it's running:

curl -s -u elastic:$ELASTIC_PASSWORD http://localhost:9200 | jq .
# Kibana: http://localhost:5601

3) Kubernetes with ECK (The Production Way)

If you're running Kubernetes and want proper day-2 operations (upgrades, scaling, TLS, user management), use Elastic Cloud on Kubernetes (ECK).

Install the operator:

kubectl apply -f https://download.elastic.co/downloads/eck/<ECK_VERSION>/all-in-one.yaml

Deploy Elasticsearch and Kibana:

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: es-quickstart
spec:
  version: 8.12.0
  nodeSets:
    - name: default
      count: 1
      config:
        node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana-quickstart
spec:
  version: 8.12.0
  count: 1
  elasticsearchRef:
    name: es-quickstart

Apply, get credentials, port-forward, done:

kubectl apply -f elasticsearch.yaml
kubectl apply -f kibana.yaml
kubectl get secret es-quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}'
kubectl port-forward svc/kibana-quickstart-kb-http 5601:5601

4) Direct Install (The Bare Metal Way)

For VMs or bare metal, use official packages.

Debian/Ubuntu:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | \
  sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | \
  sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update && sudo apt-get install elasticsearch
sudo systemctl enable --now elasticsearch

macOS:

brew tap elastic/tap
brew install elastic/tap/elasticsearch-full
elasticsearch

Security is enabled by default. Keep versions aligned across the stack (Elasticsearch, Kibana, Beats, Logstash). Tune JVM heap and storage for production.

5) Startlocal Script (The Quick Test Way)

Elastic's quick-start script sets up a local, secured single node:

curl -fsSL https://elastic.co/start-local | sh

Follow the on-screen instructions. It downloads binaries, starts Elasticsearch, prints connection details, and can launch Kibana. Good for quick tests.

Why Elasticsearch?

Unlike traditional databases optimized for CRUD, Elasticsearch excels at full-text search and analytics at scale. Relevance tuning, aggregations, time series, geo queries—with near real-time indexing.

Real Use Cases

Application search: typo tolerance, relevance scoring, synonyms, fast responses.

Log management: ingest logs from thousands of services, query and visualize in Kibana.

Security analytics: detect anomalies and threats from security events in near real-time.

Business intelligence: combine search with aggregations for exploratory analytics and dashboards.

Production Considerations

Prefer 3+ nodes for HA. Size JVM heap and storage carefully—half your RAM for heap, leave the rest for the OS file cache.

Keep all Elastic Stack components on the same major/minor version. Version mismatches cause weird issues.

Enable TLS and role-based access control. Rotate credentials and API keys. Don't run production with default passwords.

Elasticsearch isn't just a search engine—it's a data platform that happens to be really good at search.