BestHub
search
Sign in
Big Data 5 min read

Master Elasticsearch: Core Features, Basic Operations, and Advanced Search Techniques

Elasticsearch, built on Lucene, is a distributed search and analytics engine offering full-text search, log and metric analysis, real-time data processing, and recommendation capabilities; the guide explains its core functions, basic index and document management, and advanced query and aggregation features with practical API examples.

DevOps Operations Practice
DevOps Operations Practice
DevOps Operations Practice
Master Elasticsearch: Core Features, Basic Operations, and Advanced Search Techniques

Elasticsearch (ES) is a distributed search and analytics engine built on Lucene, primarily used for full-text search (including fuzzy search and highlighting), log and metric analysis, real-time data analysis (aggregation, visualization), and autocomplete/recommendation systems.

Core Features

1. Full-text Search

Inverted Index : Quickly locate documents containing keywords.

Analyzer : Supports Chinese (IK analyzer), English and other languages.

Relevance Scoring (TF-IDF/BM25) : Rank results by match quality.

2. Distributed Architecture

Shard : Horizontal data partitioning to improve concurrency.

Replica : Ensures high availability and prevents data loss.

Cluster Discovery : Automatic node discovery and load balancing.

3. Data Analysis

Aggregation : Statistics, grouping, percentile calculations.

Pipeline Processing : Data transformation and re-aggregation.

4. Real-time Capabilities

Refresh Interval : Default 1-second index refresh, configurable.

Translog : Guarantees that written data is not lost.

Basic Operations

1. Index Management

Create Index

PUT /products
{
  "settings": {
    "number_of_shards": 3,
    "number_of_replicas": 1
  },
  "mappings": {
    "properties": {
      "name": { "type": "text" },
      "price": { "type": "double" },
      "stock": { "type": "integer" }
    }
  }
}

View Index

GET /products/_settings  # view settings
GET /products/_mapping   # view field mappings

Delete Index

DELETE /products

2. Document Operations

Insert/Update Document

POST /products/_doc/1
{
  "name": "Laptop",
  "price": 999.99,
  "stock": 100
}

Query Document

GET /products/_doc/1          # by ID
GET /products/_search          # all documents
GET /products/_search?q=name:Laptop  # simple search

Bulk Operations

POST /_bulk
{ "index": { "_index": "products", "_id": "2" } }
{ "name": "Phone", "price": 599.99, "stock": 200 }
{ "delete": { "_index": "products", "_id": "1" } }

Advanced Search Features

1. Query Syntax

Term Query (Exact Match)

GET /products/_search
{
  "query": {
    "term": { "name.keyword": "Laptop" }
  }
}

Match Query (Full-text)

GET /products/_search
{
  "query": {
    "match": { "name": "lap top" }  # tokenized match
  }
}

Range Query

GET /products/_search
{
  "query": {
    "range": { "price": { "gte": 500, "lte": 1000 } }
  }
}

2. Aggregation Analysis

Sum Stock

GET /products/_search
{
  "aggs": {
    "total_stock": { "sum": { "field": "stock" } }
  }
}

Price Ranges

GET /products/_search
{
  "aggs": {
    "price_ranges": {
      "range": {
        "field": "price",
        "ranges": [
          { "to": 500 },
          { "from": 500, "to": 1000 },
          { "from": 1000 }
        ]
      }
    }
  }
}
Search EngineDistributed ArchitectureElasticsearchAPIFull‑Text SearchAggregation
DevOps Operations Practice
Written by

DevOps Operations Practice

We share professional insights on cloud-native, DevOps & operations, Kubernetes, observability & monitoring, and Linux systems.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment