ElasticSearch
Shrasti gupta,[email protected]
Abstract— ElasticsSearch is an open-source, RESTful,
distributed search and analytics engine built on Apache
Lucene. Elasticsearch is best known for the expansive and
versatile RESTAPI experience it provides, including efficient
wrappers for full-text search, sorting and aggregation tasks,
making it a lot easier to implement such capabilities in
existing backends without the need for complex re-
engineering.
Keywords—ElasticSearch;Kibana;Logash;Beats;AmazonKinesis
Firehose
I. INTRODUCTION
Elasticsearch was released in 2010, it has quickly become
the most popular search engine, and is commonly used for
log analytics, full-text search, and operational intelligence
use cases.
When coupled with Kibana, a visualization tool, Elasticsearch
can be used to provide near-real time analytics using large
volumes of log data. Elasticsearch is also popular because of
its easy-to-use search APIs which allow you to easily add
powerful search capabilities to your applications.
II. BASIC CONCEPT
A. LOGICAL CONCEPTS
To better understand how Elasticsearch works, let’s cover
some basic concepts of how it organizes data and its backend
components.
B. DOCUMENTS
Documents are the basic unit of information that can be
indexed in Elasticsearch expressed in JSON, which is the global
internet data interchange format. You can think of a
document like a row in a relational database, representing a
given entity — the thing you’re searching for. In Elasticsearch,
a document can be more than just text, it can be any
structured data encoded in JSON. That data can be things like
numbers, strings, and dates. Each document has a unique ID
and a given data type, which describes what kind of entity the
document is. For example, a document can represent an
encyclopedia article or log entries from a web server.
C. INDICS
An index is a collection of documents that have similar
characteristics. An index is the highest level entity that you
can query against in Elasticsearch. You can think of the index
as being similar to a database in a relational database schema.
Any documents in an index are typically logically related. In
the context of an e-commerce website, for example, you can
have an index for Customers, one for Products, one for Orders,
and so on. An index is identified by a name that is used to
refer to the index while performing indexing, search, update,
and delete operations against the documents in it.
D. INVERTED INDEX
An index in Elasticsearch is actually what’s called an
inverted index, which is the mechanism by which all search
engines work. It is a data structure that stores a mapping from
content, such as words or numbers, to its locations in a
document or a set of documents. Basically, it is a hashmap-
like data structure that directs you from a word to a document.
An inverted index doesn’t store strings directly and instead
splits each document up to individual search terms (i.e. each
word) then maps each search term to the documents those
search terms occur within. For example, in the image below,
the term “best” occurs in document 2, so it is mapped to that
document. This serves as a quick look-up of where to find
search terms in a given document. By using distributed
inverted indices, Elasticsearch quickly finds the best matches
for full-text searches from even very large data sets.
E. BACKEND COMPONENTS
Cluster
An Elasticsearch cluster is a group of one or more node
instances that are connected together. The power of an
Elasticsearch cluster lies in the distribution of tasks,
searching, and indexing, across all the nodes in the cluster.
Node
A node is a single server that is a part of a cluster. A node
stores data and participates in the cluster’s indexing and
search capabilities. An Elasticsearch node can be configured
in different ways:
Master Node  
Controls the Elasticsearch cluster and is responsible for all
cluster-wide operations like creating/deleting an index and
adding/removing nodes.
Data Node  
Stores data and executes data-related operations such as
search and aggregation.
Client Node  
Forwards cluster requests to the master node and data-
related requests to data nodes . collect. It also transforms and prepares data regardless of
III. HOW DOES IT WORK
 You can send new data, called documents, to
Elasticsearch using the API or ingestion tools such as
Logstash and Amazon Kinesis Firehose.
 Elasticsearch automatically stores the original document
and adds a searchable reference to the document in the
cluster’s index.
 You can then search and retrieve the document using the
Elasticsearch API which is very easy-to-use.
 You can also use Kibana, an open-source analytics and
visualization tool, to search, analyze, and dashboard your
data.
IV. THE ELASTIC STACK
Elasticsearch is the central component of the Elastic Stack,
a set of open-source tools for data ingestion, enrichment,
storage, analysis, and visualization. It is commonly referred to
as the “ELK” stack after its components Elasticsearch,
Logstash, and Kibana and now also includes Beats. Although a
search engine at its core, users started using Elasticsearch for
log data and wanted a way to easily ingest and visualize that
data . BE CURIOUS. ASK YOUR DATA QUESTIONS OF ALL KINDS.
A. KIBANA
Kibana is a data visualization and management tool for
Elasticsearch that provides real-time histograms, line graphs,
pie charts, and maps. It lets you visualize your Elasticsearch
data and navigate the Elastic Stack. You can select the way
you give shape to your data by starting with one question to
find out where the interactive visualization will lead you. For
example, since Kibana is often used for log analysis, it allows
you to answer questions about where your web hits are
coming from, your distribution URLs, and so on. If you ’re not
building your own application on top of Elasticsearch, Kibana
is a great way to search and visualize your index with a
powerful and flexible UI. However, a major drawback is that
every visualization can only work against a single index/index
pattern. So if you have indices with strictly different data,
you’ll have to create separate visualizations for each. For
more advanced use cases, Knowi is a good option. It allows
you to join your Elasticsearch data across multiple indexes
and blend it with other SQL/NoSQL/REST-API data sources,
then create visualizations from it in a business-user friendly
UI.
B. LOGASTH
Logstash is used to aggregate and process data and send it
to Elasticsearch. It is an open-source, server-side data
processing pipeline that ingests data from a multitude of
sources simultaneously, transforms it, and then sends it to
format by identifying named fields to build structure, and
transform them to converge on a common format. For
example, since data is often scattered across different systems
in various formats, Logstash allows you to tie different systems
together like web servers, databases, Amazon services, etc.
and publish data to wherever it needs to go in a continuous
streaming fashion .
C. BEATS
Beats is a collection of lightweight, single-purpose data
shipping agents used to send data from hundreds or thousands
of machines and systems to Logstash or Elasticsearch. Beats
are great for gathering data as they can sit on your servers,
with your containers, or deploy as functions then centralize
data in Elasticsearch. For example, Filebeat can sit on your
server, monitor log files as they come in, parses them, and
import into Elasticsearch in near-real-timesentence.
VI . BENEFITS
Query and Analyze
a. QUERY
 Perform and combine many types of searches —
structured, unstructured, geo, metric — any way you
want.
 All data types are welcome.
b. ANALYZE
STEP BACK AND UNDERSTAND THE BIGGER PICTURE.
 It’s one thing to find the 10 best documents to match
your query. But how do you make sense of, say, a
billion log lines?
Elasticsearch aggregations let you zoom out to
explore trends and patterns in your data.
Speed and Scalability
c. SPEED
ELASTICSEARCH IS FAST. REALLY, REALLY FAST.
 When you get answers instantly, your relationship
with your data changes. You can afford to iterate and
cover more ground.
  And since everything is indexed, you're never left  Quora
with index envy. You can leverage and access all of  Reverb
your data at ludicrously awesome speeds.
 SeatGeek
d. SCALABILITY  Slurm Workload Manager
RUN IT ON YOUR LAPTOP. OR HUNDREDS OF SERVERS WITH PETABYTES  SoundCloud
OF DATA.  Stack Exchange
 Go from prototype to production seamlessly; you talk  StumbleUpon
to Elasticsearch running on a single node the same  Team Foundation Server
way you would in a 300-node cluster.  Vimeo
 It scales horizontally to handle kajillions of events  Wikimedia Foundation
per second, while automatically managing how
indices and queries are distributed across the cluster
for oh-so smooth operations.

VII. USES
ACKNOWLEDGMENT
The preferred spelling of the word “acknowledgment” in
 Amazon Web Services America is without an “e” after the “g.” Avoid the stilted
 Adobe Systems expression “one of us (R. B. G.) thanks ...”. Instead, try “R. B.
G. thanks...”. Put sponsor acknowledgments in the
 Center for Open Science unnumbered footnote on the first page.
 CERN
 Facebook
 Foursquare REFERENCES
 GitHub
 Lichess
[1] https://www.knowi.com/blog/what-is-elastic-search/
 Mozilla [2] https://prezi.com/p/i3radghwlytn/elasticsearch-ppt/
 Netflix [3] https://towardsdatascience.com/elasticsearch-for-data-science-just-
got-way-easier-95912d724636.
 Oracle Corporation
[4] https://www.elastic.co/start?ultron=MS-EL-B-Trials-AMER-NA-
 Pixabay BMM&Device=c&thor=
%2Belasticsearch&msclkid=efe1ef65517a1b875f88b0118a2d5a77.
 Quizlet