This guide walks you through installing Elasticsearch 8.x and Kibana on RHEL 10, Rocky Linux 10, or AlmaLinux 10. Elasticsearch 8.x ships with security enabled by default, which means TLS encryption and authentication are configured automatically during installation. We will cover every step from adding the official Elastic repository to verifying a working Kibana dashboard.

Prerequisites

Before you begin, make sure you have the following in place:

  • A running instance of RHEL 10, Rocky Linux 10, or AlmaLinux 10 with a minimum of 4 GB RAM (8 GB recommended for production)
  • Root or sudo access to the server
  • A stable internet connection for downloading packages
  • Firewall access to ports 9200 (Elasticsearch) and 5601 (Kibana)

Start by updating your system packages to the latest versions:

sudo dnf update -y

Install a few helpful utilities if they are not already present:

sudo dnf install -y curl wget vim tar

Step 1 – Import the Elastic GPG Key and Add the Yum Repository

Elasticsearch packages are signed with the Elastic GPG key. Import it so that your package manager can verify the integrity of downloaded RPMs:

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Next, create a repository file for the Elasticsearch 8.x branch:

sudo tee /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

Verify that the repository is available:

sudo dnf repolist | grep elasticsearch

You should see the elasticsearch repository listed in the output.

Step 2 – Install Elasticsearch 8.x

With the repository in place, install Elasticsearch:

sudo dnf install -y elasticsearch

Important: During installation, Elasticsearch 8.x generates a default superuser password and an enrollment token for Kibana. This information is printed to the terminal. Copy and save it somewhere safe – you will need it later. The output looks similar to this:

--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : <your-password-here>

...

The enrollment token for Kibana instances, valid for the next 30 minutes:
<your-enrollment-token-here>

If you missed the output, you can regenerate the password and enrollment token later (covered in the security section below).

Step 3 – Configure Elasticsearch

The main configuration file is located at /etc/elasticsearch/elasticsearch.yml. Open it with your preferred text editor:

sudo vim /etc/elasticsearch/elasticsearch.yml

For a single-node setup, set the following values. Adjust them according to your environment:

# Cluster and node name
cluster.name: my-cluster
node.name: node-1

# Network - bind to localhost or your server IP
network.host: 127.0.0.1
http.port: 9200

# Single node discovery
discovery.type: single-node

# Data and log paths (defaults are fine for most setups)
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

If you plan to allow remote connections to Elasticsearch, set network.host to 0.0.0.0 or the specific IP address of your server. For a production cluster, remove the discovery.type: single-node line and configure proper discovery settings instead.

Configure JVM Heap Size

Elasticsearch runs on the JVM, and tuning the heap size directly affects performance. The heap configuration file is located at /etc/elasticsearch/jvm.options.d/. Create a custom file to override the defaults:

sudo tee /etc/elasticsearch/jvm.options.d/heap.options <<EOF
-Xms2g
-Xmx2g
EOF

A good rule of thumb is to set the heap to half of your available system RAM, but never exceed 32 GB. On a server with 4 GB of RAM, setting it to 2 GB is a reasonable starting point. Both -Xms and -Xmx should always be equal to avoid runtime resizing.

Step 4 – Enable and Start Elasticsearch

Enable Elasticsearch to start at boot and then start the service:

sudo systemctl daemon-reload
sudo systemctl enable --now elasticsearch

Check the service status to confirm it started without errors:

sudo systemctl status elasticsearch

You should see active (running) in the output.

Verify Elasticsearch is Running

Since Elasticsearch 8.x enables HTTPS by default, use the following curl command with the elastic superuser password you saved during installation:

curl -k -u elastic:<your-password> https://localhost:9200

If you configured Elasticsearch to use HTTP (without TLS), test with:

curl http://localhost:9200

A successful response returns JSON output with the cluster name, version number, and a “You Know, for Search” tagline:

{
  "name" : "node-1",
  "cluster_name" : "my-cluster",
  "cluster_uuid" : "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "version" : {
    "number" : "8.x.x",
    ...
  },
  "tagline" : "You Know, for Search"
}

Step 5 – Install Kibana

Since we already added the Elastic repository, installing Kibana is straightforward:

sudo dnf install -y kibana

Step 6 – Configure Kibana

Open the Kibana configuration file:

sudo vim /etc/kibana/kibana.yml

Set the following parameters:

# Kibana server settings
server.port: 5601
server.host: "0.0.0.0"
server.name: "kibana"

# Elasticsearch connection
elasticsearch.hosts: ["https://localhost:9200"]

Setting server.host to 0.0.0.0 allows connections from any IP address. For tighter security, bind it to a specific interface IP.

Enroll Kibana with an Enrollment Token

Elasticsearch 8.x uses enrollment tokens to securely connect Kibana. If you saved the token from the Elasticsearch installation output, you can use it directly. If the token has expired (they are valid for 30 minutes), generate a new one:

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

Run the Kibana setup tool with the enrollment token:

sudo /usr/share/kibana/bin/kibana-setup --enrollment-token <your-enrollment-token>

This command configures the TLS certificates and connection details automatically. You do not need to manually set elasticsearch.ssl options in kibana.yml when using the enrollment token method.

Step 7 – Enable and Start Kibana

sudo systemctl daemon-reload
sudo systemctl enable --now kibana

Confirm the service is running:

sudo systemctl status kibana

You should see active (running) in the output. Kibana can take a minute or two to fully initialize, so give it a moment before accessing the web interface.

Step 8 – Configure Firewall Rules

If firewalld is running on your server, open the required ports for both Elasticsearch and Kibana:

sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=5601/tcp
sudo firewall-cmd --reload

Verify that the rules are active:

sudo firewall-cmd --list-ports

You should see 9200/tcp and 5601/tcp in the output.

Step 9 – Access the Kibana Web Interface

Open your web browser and navigate to:

http://<your-server-ip>:5601

Log in using the elastic username and the password generated during the Elasticsearch installation. After logging in, you will land on the Kibana home page where you can start exploring your data.

Step 10 – Elasticsearch 8.x Security Overview

Elasticsearch 8.x enables security features out of the box. Here is what is configured automatically:

  • TLS encryption on both the transport layer (node-to-node) and the HTTP layer (client-to-node)
  • Built-in user authentication with the elastic superuser created during installation
  • Auto-generated CA and certificates stored under /etc/elasticsearch/certs/

If you need to reset the elastic user password, run:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic

To set passwords for other built-in users such as kibana_system, use the same tool:

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system

For production environments, consider creating dedicated users with specific roles instead of relying on the elastic superuser for day-to-day operations.

Step 11 – Create an Index Pattern in Kibana

An index pattern (called a Data View in newer Kibana versions) tells Kibana which Elasticsearch indices to query. To create one:

  1. Log in to the Kibana web interface
  2. Navigate to Management from the left sidebar, then select Stack Management
  3. Under Kibana, click on Data Views
  4. Click Create data view
  5. Enter a name and an index pattern (for example, logs-* to match all indices starting with “logs-“)
  6. Select the timestamp field if your data is time-based, then click Save data view to Kibana

Once the data view is created, head over to Discover in the left sidebar to start exploring and querying your indexed data.

Troubleshooting

Elasticsearch fails to start

Check the journal logs for detailed error messages:

sudo journalctl -u elasticsearch --no-pager -n 50

Common causes include insufficient memory, incorrect file permissions on data directories, or syntax errors in the configuration file.

JVM heap errors or out-of-memory issues

If Elasticsearch crashes with heap-related errors, review your JVM settings:

cat /etc/elasticsearch/jvm.options.d/heap.options

Make sure the heap values do not exceed half of your total system RAM. On a server with only 2 GB of RAM, set the heap to 1 GB at most and consider adding swap space.

Kibana shows “Kibana server is not ready yet”

This typically means Kibana cannot reach Elasticsearch. Check the following:

  • Confirm Elasticsearch is running: sudo systemctl status elasticsearch
  • Verify the elasticsearch.hosts value in /etc/kibana/kibana.yml matches the actual Elasticsearch address and protocol (http vs https)
  • Check Kibana logs: sudo journalctl -u kibana --no-pager -n 50

Connection refused on port 9200 or 5601

Verify the services are listening on the expected ports:

sudo ss -tlnp | grep -E '9200|5601'

If a service is not listening, review its configuration file and restart it. Also confirm your firewall rules are properly set:

sudo firewall-cmd --list-all

Certificate or TLS errors

If you see SSL/TLS errors when connecting Kibana to Elasticsearch, re-run the enrollment process:

sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
sudo /usr/share/kibana/bin/kibana-setup --enrollment-token <new-token>

Then restart Kibana:

sudo systemctl restart kibana

SELinux blocking access

On RHEL 10 and its derivatives, SELinux is enforcing by default. If you suspect SELinux is blocking Elasticsearch or Kibana, check the audit log:

sudo ausearch -m avc -ts recent

You can also temporarily set SELinux to permissive mode for testing purposes:

sudo setenforce 0

If that resolves the issue, create a proper SELinux policy module rather than leaving it in permissive mode on a production system.

Conclusion

You now have a working Elasticsearch 8.x and Kibana stack on RHEL 10, Rocky Linux 10, or AlmaLinux 10. Security is enabled by default in Elasticsearch 8.x, giving you TLS encryption and user authentication without extra configuration. From here, you can start ingesting data using Beats, Logstash, or the Elasticsearch REST API, and build dashboards and visualizations in Kibana to make sense of it all.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here