Elastic Search

How Do I Enable Xpack in Elasticsearch

Elasticsearch is a free, open-source, distributed search and analytics engine based on the Apache Lucene project. It provides a robust RESTful API to manage and work with the engine. Elasticsearch is fast, highly scalable, and secure.

Elasticsearch engine is responsible for ingesting data, storage, analysis. Although Elasticsearch is powerful as a standalone service, it becomes mightier when powered with its sisters’ services such as Kibana and Logstash.

This tutorial will show you how to install Elasticsearch and Kibana and discover how to enable Elasticsearch security feature: Xpack.


To follow along with this guide, you will require:

  1. Root or sudo account
  2. Fresh Linux install – preferably Ubuntu or Debian

Step 1: Install Elasticsearch and Kibana

Let us start by setting up Elasticsearch on our system.

Install Java

Elasticsearch requires a Java environment to run. For this, we can install the OpenJDK package. Use the command:

sudo apt-get update

sudo apt-get install openjdk-11-jdk

Upon completion, verify Java is installed correctly with the command:

java --version

You should see an output similar to the one shown below:

Installing Elasticsearch

Once we have Java installed, we can proceed to install Elasticsearch. By default, Elasticsearch packages are not available in the official Debian/Ubuntu repositories. Hence, we need to import and add them manually.

Execute the command below to download and install the Elasticsearch repository signing key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch |

sudo apt-key add -

Next, install the apt-transport-https package before installing Elasticsearch. Run the command:

sudo apt-get install apt-transport-https

Finally, save the repository with the command:

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable

| sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Install Elasticsearch:

sudo apt update

sudo apt install elasticsearch

Once you have Elasticsearch installed, enable and start the service:

sudo systemctl enable elasticsearch.service

sudo systemctl start elasticsearch.service

To verify that the Elastisearch service is up and running, use the curl command as:

curl -X GET "http://localhost:9200"

If you have curl installed and Elasticsearch is running, you should see an output as shown:

Install Kibana

The next step is to install and set up Kibana. Kibana acts as a front-end interface for Elasticsearch and helps visualize, view, and search indexed data. It also helps to manage Elasticseach clusters from the web interface.

To install Kibana, enter the command:

sudo apt install kibana

Upon installation, edit the Kibana configuration and configure Elasticsearch.

sudo vim /etc/kibana/kibana.yml

Locate the following entries and uncomment them:

server.port: 5601

server.host: localhost

elasticsearch.hosts: ["http://localhost:9200"]

Save the file and close.

Enable and start the Kibana service:

sudo systemctl enable kibana.service

sudo systemctl start kibana.service

Once the Kibana service is up and running, open the browser and navigate to its endpoint:


Step 2: Enable Elasticsearch Security Feature (Xpack)

Now that we have both Elasticsearch and Kibana running, we can proceed to enable the Xpack feature.

Xpack is an extension of the ELK stack that provides features such as monitoring, report, alerts, security, and many other features. Depending on the version of ELK stack installed, you should have Xpack installed by default.

CAUTION: The process discussed in this guide will cause cluster downtime. Do not run in a production environment.

If you are using a free Elasticsearch license, you will have access to the standard xpack features. For all features, you may need to get a subscription.

Stop Kibana and Elasticsearch

The first step before enabling Xpack is to stop the Kibana and Elasticsearch services.
Enter the command:

sudo systemctl stop kibana.service

sudo systemctl stop elasticsearch.service

Edit Elasticsearch configuration

To enable Xpack, edit the elasticsearch.yml config file. Depending on the installation method, the path of the file may vary.

In our example, run the command:

sudo vim /etc/elasticsearch/elasticsearch.yml

Add the following entry to the elasticsearch.yml file.

xpack.security.enabled: true

Next, set up single node discovery.

Add the following entry

discovery.type: single-node

If you have multiple nodes, you will need to configure Elasticsearch security for each node in your cluster using TLS.

Check the documentation to learn more.

NOTE: Once you enable Xpack on your Elasticsearch cluster, you must specify the username and password to communicate with the cluster.


In this guide, we focused on how to set up and configure Elasticsearch and Kibana. We also covered how to enable the Xpack security feature of an Elasticseach cluster.

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list