First glance at Elasticearch 5.0

Just about two weeks ago, elasticsearch officially released their new version, 5.0 (I wonder why did they go from 2.4 straight t 5.0…). The new version brings a long list of changes and improvements for every part of the elastic stack. You can read about those changes here:

Since there are so many changes it will take some time to ingest and test them. I will try to test the major new features in future posts. This is my impression of a quick first glance at the new version.


First of all, Elasticsearch won’t start if the number of processes defined for os user “elasticsearch” is less than 2048. So to avoid this problem, edit /etc/security/limits.conf and add:

elasticsearch soft nproc 2048
elasticsearch hard nproc 2048


There are several ways to install elasticsearch, but I am a fan of using yum to do that.

This is similar to the experience of installing Elastic 2.4 I wrote about here, with few minor changes.

First, we have to add the elasticsearch 5 repository:

echo "[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
type=rpm-md" > /etc/yum.repos.d/elasticsearch.repo

Then you can run the installation:

yum install elasticsearch

This creates a new user named elastcsearch under which the process will run. By default, the binaries are installed in /usr/share/elasticsearch and the configuration file is at /etc/elasticsearch/, just like in the old version.

Unlike the older versions, Elasticsearch 5 needs JDK 8 in order to run. If you try to run it on an older JDK the service will crash immediately and you will get this message in the log: Unsupported major.minor version 52.0

You need to uninstall your current java using:

yum remove java-*

And then download the latest JDK 8 from Oracle here, and install it using rpm.

If you are installing on Centos you will also want to set

bootstrap.system_call_filter: false

In /etc/elasticsearch/elasticsearch.yml or elasticsearch will not start. See this post for a description of the issue.

Now you can start elasticsearch service.

Run this if you want to configure Elasticsearch to start automatically when the server starts:

chkconfig --add elasticsearch
chkconfig elasticsearch on

Installing kibana and X-Pack

Next I installed Kibana:

echo "[kibana-5.x]
name=Kibana repository for 5.x packages
type=rpm-md" > /etc/yum.repos.d/kibana.repo

yum install kibana

You should edit Kibana configuration file at /etc/kibana/kibana.yml and set the and elasticsearch.url parameters.

And then I installed X-Pack. In X-Pack, elasticsearch bundled few common security, monitoring and alerting plugins into one comprehensive plugin. Unfortunately, most of its features require a paid version, and the basic, free version, only offers the monitoring option.:

[[email protected] /]# export PATH=$PATH:/usr/share/elasticsearch/bin

[[email protected] /]# elasticsearch-plugin install x-pack
-> Downloading x-pack from elastic
[=================================================] 100%
@ WARNING: plugin requires additional permissions @
* java.lang.RuntimePermission
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* createPolicy.JavaPolicy
* getPolicy
* putProviderProperty.BC
* setPolicy
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission write
* setHostnameVerifier
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
-> Installed x-pack

Note that the syntax for installing plugins has changed a littele in the new version (instead of “plugin install” you now use elasticsearch-plugin install”).

We also have to install X-Pack into Kibana:

[[email protected] bin]# export PATH=$PATH:/usr/share/kibana/bin
[[email protected] bin]# kibana-plugin install x-pack
Attempting to transfer from x-pack
Attempting to transfer from
Transferring 56932561 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete

Now restart Kibana ans Elasticsearch (which are both services now).

Logging in

If you will point your browser to port 9200 of your Elasticsearch server you woll be surprised to get a login page asking for username and password. Elasticsearch has it’s security on by default.

To disable security, chenge this in elasticsearch.yml and kibana.yml: false

Two administrative users exist by default: “elastic” ad “kibana” and their default password is “changeme”.

Here is how you change their passwords (I changed it to “password” but you should use something more secured, especially in production):

curl -XPUT -u elastic '' -d '{
"password" : "password"

curl -XPUT -u elastic '' -d '{
"password" : "password"

You will need to enter the existing password, “changeme” in order for this to succeed.

After entering username and password you will be able to get to the “You know, for search” message.

But you will notice tha Kibana still fails to start. This is because it cannot login to elasticsearch. You should again edit Kibana’s configuration file /etc/kibana/kibana.yml and set the correct username and password:

elasticsearch.username: "kibana"
elasticsearch.password: "password"

Now restart Kibana and you will get it’s new login page:


Kibana has a new shiny look:

View full size image

You can see some new menu options like monitoring, which is installed by x-pack and replaces the old marvel plugin and Timelion which is a new time series analyzing tool.

Entering the monitoring option shows an overview of the cluster health and metrics:

View full size image

Management option is where you manage elasticsearch users and roles:

View full size image

This is just to get the feel of the new version, which seems very nice and sleek. Examining all the new tools and options deeper is out of the scope of this post and I will try to have a closer look at some of them in future posts.


This entry was posted in ElasticSearch and tagged , , . Bookmark the permalink.

Leave a Reply