Elasticsearch Use Cases and Architecture in Leading Chinese Companies

Elasticsearch is widely adopted by many Chinese companies such as Ctrip, Didi, Toutiao, Ele.me, 360 Security, Xiaomi, and Vivo for both search and near‑real‑time big‑data analytics, including log analysis, metric monitoring, and information security.

1. JD Daojia Order Center Elasticsearch Evolution – The order center stores order data in MySQL but uses Elasticsearch to offload heavy read traffic. The cluster now holds over 1 billion documents and processes about 5 billion queries per day. A real‑time backup architecture with VIP load balancing, gateway client nodes, and data nodes (one primary shard with two replicas) improves stability and throughput.

The shard count is tuned to balance single‑ID lookups and paginated aggregation queries, achieving optimal performance after extensive testing.

2. Ctrip Elasticsearch Case Studies

2.1 Hotel order search – Real‑time indexing of sharded databases and a dedicated web service improve query convenience while maintaining performance.

2.2 Flight ticket cluster operations – Data flows from Kafka to Elasticsearch via ETL, with cold data stored in HDFS and hot data in databases and caches.

2.3 Large‑scale cluster management – The biggest log cluster runs 120 data nodes on 70 physical servers, indexing 600 billion records daily (25 TB new index files, 50 TB with replicas), handling peak write rates of millions of records per second, and storing roughly 1 PB of data across 3 441 indices and 17 000 shards.

3. Qunar Order Center Solution – With daily hotel orders reaching 300 k and aggregated orders up to 1 M, the traditional hot‑table sharding approach could not scale beyond 100 M rows. By abstracting order models, storing detailed data in MySQL and searchable fields in Elasticsearch, Qunar achieves fast multi‑criteria queries.

Each Elasticsearch index is configured with 8 shards, holding up to 140 million documents (≈64 GB), while the cluster provides 240 GB of disk per node.

4. 58 Group Information Security Department – The Elastic Stack is deployed for security monitoring, including data ingestion, storage selection, performance tuning of master and data nodes, and Kibana visualizations for operational staff.

5. Didi Multi‑Cluster Elasticsearch Practice – Since 2016 Didi has built a platform with over 3 500 instances and more than 5 PB of data, achieving peak write throughput of 20 million TPS. Data is streamed from Kafka to Elasticsearch via a Sink service, while a Gateway service provides HTTP/REST, TCP, and SQL interfaces, handling access control, rate limiting, and multi‑cluster disaster recovery.

6. Practical Order Search Solution – The architecture combines Elasticsearch for structured and real‑time searchable fields with a service‑oriented layer that abstracts both the Elasticsearch cluster and the underlying databases, providing a unified API for front‑end, back‑end, and reporting applications.

For more details, readers are encouraged to like, bookmark, and share the article.