Elasticsearch is a distributed search and analytics engine.
Core Concepts¶
- Index — a collection of documents (like a table)
- Document — a JSON object (like a row)
- Mapping — schema (field types)
- Shard — horizontal partitioning of an index
CRUD¶
Index document¶
PUT /products/_doc/1 { “name”: “Laptop”, “price”: 1000 }
Search¶
GET /products/_search { “query”: { “match”: { “name”: “laptop” } } }
Delete¶
DELETE /products/_doc/1
Query DSL¶
GET /products/_search {
“query”: {
“bool”: {
“must”: [{ “match”: { “name”: “laptop” } }],
“filter”: [{ “range”: { “price”: { “lte”: 2000 } } }]
}
}
}
Aggregations¶
GET /orders/_search {
“size”: 0,
“aggs”: {
“by_status”: { “terms”: { “field”: “status” } },
“avg_total”: { “avg”: { “field”: “total” } }
}
}
Use Cases¶
- Full-text search (e-commerce, documents)
- Log aggregation (ELK stack)
- Metrics and analytics
- Auto-complete and suggestions
- Geospatial search
ELK Stack¶
Elasticsearch (storage + search) + Logstash (ingestion) + Kibana (visualization). Alternative: Elasticsearch + Vector + Grafana.
Tip¶
Elasticsearch is powerful but resource-hungry. For simple use cases, consider PostgreSQL full-text search.
elasticsearchsearchdata