What is Index Elasticsearch?
By definition on ES , an Elasticsearch index is a collection of documents linked together. ES stores data as JSON documents. Each document corresponds to a set of keys (the key – the name of the fields or properties) with the value corresponding to them (strings, numbers, booleans, dates, optional values, …).
The index is identified by its name, which will be used to perform indexing, searching, updating or deleting documents in the index.
Some rules when identifying indexes:
- Only lowercase letters.
- Do not contain special characters, /, *,?, “, <,>, |,`, Space, comma (,), #
- Before 7.0, the index name could contain a colon (:),
- In 7.0+, not supported.
- Do not start with -, _, +
- Is not . or ..
- Not longer than 255 bytes. Note that bytes, so multi-byte characters will count toward the 255 limit faster.
Inverted index
ES uses a data structure called a reverse index (or Inverted index) and is designed to be able to perform full-text searches quickly.
An Inverted index contains a list of each unique word (unique work) that appears in any document, for which each word will be a list of documents from which this word appears (mapping). Inverted index is created from document and stored in Shard, then used for searching document.
During indexing, ES stores documents and builds a reverse index that allows document data to be searched in real time. Indexing starts with the index API, then it is possible to add or update a JSON document in a specific index.
You can find more details about Inverted index in ES at Inverted index , Understanding Inverted Index ES .
Create index with API
We interact with ES through REST APIs with HTTP methods like GET, POST, PUT, DELETE.
To add a new index to the cluster, use the API to create the index with the PUT method.
1 2 | PUT /{index_name} |
In addition, the following items can be specified in the Request body:
- Settings: configuration options for index.
For example,
1 2 3 4 5 6 7 8 9 10 | PUT /framgia { "settings" : { "index" : { "number_of_shards" : 3, # số lượng mặc định Shard "number_of_replicas" : 2 # số lượng mặc định Replica } } } |
more concise
1 2 3 4 5 6 7 8 | PUT /framgia { "settings" : { "number_of_shards" : 3, "number_of_replicas" : 2 } } |
- Mappings for fields in the index.
For example,
1 2 3 4 5 6 7 8 9 10 11 12 | PUT /framgia { "settings" : { "number_of_shards" : 3 }, "mappings" : { "properties" : { "name" : { "type" : "text" } } } } |
- Aliases aliases.
For example,
1 2 3 4 5 6 7 8 9 10 11 12 13 | PUT /framgia { "aliases" : { "digital" : {}, "sun" : { "filter" : { "term" : {"staff" : "thomct" } }, "routing" : "thomct" } } } |
More about ES REST APIs .
Some popular queries in Elasticsearch
Basic Match Query
- Search for a keyword in all fields.
1 2 | GET /_search?q={keyword} |
- Search in a school.
1 2 | GET /_search?q={field_name}:{keyword} |
- Leave the query in the body of the request.
1 2 3 4 5 6 7 8 9 10 | GET /_search { "query": { "multi_match" : { "query" : {keyword}, "fields" : ["_all"] } } } |
Match All Query
The simplest query, matching all documents, _score 1.0.
1 2 3 4 5 6 7 | GET /_search { "query": { "match_all": {} } } |
Match None Query
Inverse of match_all query, does not match any document.
1 2 3 4 5 6 7 | GET /_search { "query": { "match_none": {} } } |
Match Phrase Query
Require all terms in the query string to appear in the document, in the correct search order, and located close to each other.
The slop parameter is used to adjust the default distance between terms.
1 2 3 4 5 6 7 8 9 10 11 12 13 | GET /_search { "query": { "multi_match" : { "query": "23 cau giay", "fields": ["name", "address"], "type": "phrase", "slop": 3 } }, "_source": [ "name", "address", "author" ] } |
Multi-fields Query
Search for queries in multiple fields.
1 2 3 4 5 6 7 8 9 10 | GET /_search { "query": { "multi_match" : { "query" : {keyword}, "fields": [field1, field2, ....] } } } |
Boolean Query
The match document query is based on combining the boolean results of other queries. The bool query maps to Lucene BooleanQuery, using many clauses like must, should, must_not, filter. We can understand it simply,
- must ~ AND
- must_not ~ NOT
- should ~ OR
in relational database queries. For example,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | GET /_search { "query": { "bool": { "must": { "bool" : { "should": [ { "match": { field_name: {keyword1} }}, { "match": { field_name: {keyword2} }} ] } }, "must": { "match": { field_name: {keyword3} }}, "must_not": { "match": {field_name: {keyword4} }} ... } } } |
Boosting Query
Increase weight in specific schools. For example,
1 2 3 4 5 6 7 8 9 10 11 | GET /_search { "query": { "multi_match" : { "query" : {keyword}, "fields": [field1, field2^{weight}, ....] } }, "_source": [field1, field2, ....] } |
Fuzzy Query
Returns results similar to searching for term based on Levenshtein distance usage.
Levenshtein distance is the number of steps required to turn one term (string) into another. These changes may include:
- Change one character.
- Delete one character.
- Insert a character.
- Converts two adjacent characters.
To find similar terms, fuzzy creates a set of all possible variants or extensions of the term to be searched within a specified distance. The query then returns the exact match for each expansion.
We can configure the fuzziness parameter of the query.
- 0, 1, 2: the largest Levenshtein distance is approved.
- AUTO: automatically adjusts results based on the length of the term.
- 0..2: match is required, the maximum distance is 0.
- 3..5: the maximum distance is 1.
>5: the maximum distance is 2.
For example,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | GET /_search { "query": { "fuzzy": { "staff": { "value": "thomct", "fuzziness": "AUTO", "max_expansions": 50, "prefix_length": 0, "transpositions": true, "rewrite": "constant_score" } } } } |
Exists Query
Returns documents that contain an indexed value for a field. For example,
1 2 3 4 5 6 7 8 9 | GET /_search { "query": { "exists": { "field": "staff" } } } |
Query IDs
Use the document ID stored in the _id field.
1 2 3 4 5 6 7 8 9 | GET /_search { "query": { "ids" : { "values" : ["1", "6"] } } } |
Wildcard Query
In a pattern query, the wildcard operator is a placeholder that matches one or more characters.
- The
*wildcard operator matches 0 or more characters, including an empty. - Operator
?match any character.
It is possible to combine wildcard operators with other characters to create a wildcard pattern.
1 2 3 4 5 6 7 8 9 10 11 12 13 | GET /_search { "query": { "wildcard": { "staff": { "value": "th*m", "boost": 1.0, "rewrite": "constant_score" } } } } |
Regexp Query
Queries combine with regular expressions to form more complex patterns than wildcard queries.
Regex is a way to match patterns in data with placeholder characters, called operators.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | GET /_search { "query": { "regexp": { "staff": { "value": "t[a-z]*m.t", "flags" : "ALL", "max_determinized_states": 10000, "rewrite": "constant_score" } } } } |
For more information, see Query DSL .
These are some of my findings when studying Elasticsearch, it may have some shortcomings, I hope to receive many suggestions from readers. 
Thanks all 