What Is Elasticsearch? Core Concepts and Fundamentals

Elasticsearch is an open‑source, scalable, highly available distributed full‑text search engine designed specifically for search workloads.

It operates in near real‑time: after data is indexed, the system builds inverted indexes and synchronizes replicas, typically making new data searchable within a second.

Each Elasticsearch server is a node, and one or more nodes form a cluster, which is the basic unit for providing indexing and search services.

Documents are the fundamental data units, analogous to rows in a relational database; types (removed after version 6.0) were logical groupings similar to tables, while indexes are collections of documents with similar characteristics, comparable to databases.

To handle large data volumes, Elasticsearch splits data into shards; each shard stores a portion of the data, and the system automatically manages shard distribution and aggregation. The default number of primary shards is five and cannot be changed after index creation.

Replicas provide high availability and increase query throughput; each primary shard has a replica shard that can be queried and is stored on a different node. The number of replicas can be adjusted, but replicas are ineffective in single‑node clusters.