Part 2: Elasticsearch - Search and Analytics Engine
My First Elasticsearch Query
GET /logs-*/_search
{
"query": {
"match": { "error.message": "payment timeout" }
}
}What is Elasticsearch Really?
Installing Elasticsearch
Method 1: Docker (My Favorite for Development)
Method 2: Docker Compose (Multi-Node Development)
Method 3: Linux Installation (Production)
Core Elasticsearch Concepts
1. Documents and Indices
2. Mappings (Schema)
3. Shards and Replicas
4. Nodes and Clusters
Indexing Data
Method 1: Single Document via REST API
Method 2: Bulk API (High Throughput)
Method 3: Via Logstash or Beats
Searching Data
Query Syntax Options
Common Query Types
Match Query (Full-Text Search)
Term Query (Exact Match)
Range Query
Bool Query (Combine Multiple Conditions)
Practical Search Examples
Example 1: Find Errors in Last Hour
Example 2: Slow API Requests
Example 3: Search Across Multiple Fields
Example 4: Wildcard and Regex
Aggregations (Analytics)
Metric Aggregations
Count of Documents
Average, Min, Max, Sum
Percentiles
Bucket Aggregations
Terms Aggregation (Group By)
Date Histogram (Time Series)
Range Aggregation
Nested Aggregations
Index Templates
Index Lifecycle Management (ILM)
Performance Optimization
1. Use Filter Context When Possible
2. Limit Result Size
3. Use Index Patterns Wisely
4. Bulk Indexing Best Practices
5. Mapping Optimization
Useful Elasticsearch APIs
Cluster Health
Node Stats
Index Stats
Cat APIs (Human-Readable)
Index Management
Common Issues and Solutions
Issue 1: Unassigned Shards
Issue 2: Slow Queries
Issue 3: Out of Memory
Issue 4: Disk Space
Conclusion
Last updated