Elasticsearch

savitry.in
savitry.in
March 09, 2025
0

 


1. What is Elasticsearch?

Elasticsearch is a distributed, RESTful search and analytics engine built on Apache Lucene. It is designed to handle structured and unstructured data efficiently, making it ideal for full-text search, logging, monitoring, and analytics use cases. Elasticsearch is widely used in applications that require fast search capabilities and scalable indexing.

2. What are the key features of Elasticsearch?

Key features of Elasticsearch include:

  • Real-time search – Supports near real-time (NRT) search and analytics.
  • Distributed architecture – Supports sharding and replication for scalability and fault tolerance.
  • Multi-tenancy – Handles multiple indices and queries efficiently.
  • RESTful API – Uses JSON over HTTP for easy interaction.
  • Schema-free JSON documents – Supports dynamic mapping and nested documents.
  • Full-text search – Powered by Apache Lucene with tokenization, stemming, and analyzers.
  • Aggregations – Supports complex data analysis with aggregations like sum, average, and histograms.

3. How does Elasticsearch store data?

Elasticsearch stores data in the form of JSON documents, which are organized into indices. Each index is divided into shards, which are further replicated for fault tolerance. A primary shard holds the original data, while replica shards serve as backups. The data is stored in an inverted index to enable fast full-text searches.

4. What is a node in Elasticsearch?

A node is a single running instance of Elasticsearch. A cluster consists of multiple nodes that work together to store data and handle indexing and search requests. Nodes can have different roles:

  • Master Node – Manages cluster operations and metadata.
  • Data Node – Stores and processes data, including indexing and search.
  • Ingest Node – Preprocesses documents before they are indexed.
  • Coordinating Node – Routes requests and distributes searches across other nodes.

5. What is an index in Elasticsearch?

An index is a collection of documents that share similar characteristics. It acts like a database in a traditional RDBMS, where documents are analogous to rows. Indices are identified by a unique name and can be queried using Elasticsearch APIs.

Example:

PUT /my_index
{
  "settings": { "number_of_shards": 2, "number_of_replicas": 1 }
}

6. What are the different types of queries supported by Elasticsearch?

Elasticsearch supports two main types of queries:

  • Term-level queries – Used for exact matches (e.g., term, range, exists).
  • Full-text queries – Used for text search with relevance scoring (e.g., match, multi_match, query_string).

Example of a match query:

GET /my_index/_search
{
  "query": {
    "match": { "title": "Elasticsearch tutorial" }
  }
}

7. Explain the concept of mapping in Elasticsearch.

Mapping in Elasticsearch defines how documents and fields are indexed and stored. It is similar to a schema in a relational database. There are two types of mapping:

  • Dynamic Mapping – Automatically detects field types based on input data.
  • Explicit Mapping – Predefined structure for strict control over field types.

Example of explicit mapping:

PUT /my_index
{
  "mappings": {
    "properties": {
      "name": { "type": "text" },
      "age": { "type": "integer" },
      "created_at": { "type": "date" }
    }
  }
}

8. What is the significance of analyzers in Elasticsearch?

Analyzers in Elasticsearch process text fields during indexing and searching to improve search relevance. They consist of:

  • Character filters – Remove unwanted characters (e.g., HTML tags).
  • Tokenizers – Split text into individual words (tokens).
  • Token filters – Modify tokens (e.g., convert to lowercase, remove stop words).

Example of a custom analyzer:

PUT /my_index
{
  "settings": {
    "analysis": {
      "analyzer": {
        "custom_analyzer": {
          "type": "custom",
          "tokenizer": "standard",
          "filter": ["lowercase", "stop"]
        }
      }
    }
  }
}

9. How does Elasticsearch handle scaling and distributed search?

Elasticsearch uses sharding and replication for scalability and high availability:

  • Sharding – Splits an index into multiple parts (shards) to distribute data across nodes.
  • Replication – Creates copies of primary shards (replica shards) to prevent data loss and improve query performance.
  • Distributed Search – Queries are automatically distributed across shards and merged before returning results.

Example of setting up an index with multiple shards and replicas:

PUT /my_index
{
  "settings": {
    "number_of_shards": 3,
    "number_of_replicas": 1
  }
}

10. What are the challenges you might face while using Elasticsearch?

Some common challenges when using Elasticsearch include:

  • Data consistency issues – Due to distributed nature, updates may take time to propagate.
  • Cluster management – Large clusters require careful node allocation and monitoring.
  • High memory usage – Large queries and aggregations can consume a lot of RAM.
  • Indexing performance – Bulk indexing should be optimized to avoid slow performance.
  • Query tuning – Proper analyzers, filters, and query types should be used for optimal search results.


You may like these posts

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !