We need a generic index where our properties are changing with every object. We need a fulltext search capability with a distributed system.
Could we index different objects in one generic index in elasticsearch?
Yes, elasticsearch allows to index different documents on the same index using a single dynamic mapping or, if you have only few different types of documents, you can have multiple mappings on the same index.
Related
We're using ElasticSearch and we have two different indexes with different data. Recently, we wanted to make a query that needs data from both indexes. ES allows to search through multiple indexes: /index1,index2/_search. The problem is that both indexes have properties with the same name and there could be collisions because ES doesn't know on which index to search.
How can we tell ES to look up a property from concrete index?
For example: index1.myProperty and index2.otherProperty
I have an existing index named as "MyIndex", which I am using to store a kind of data in ElasticSearch. That same index has millions of records. I am using ElasticSearch 1.5 version.
Now I have a new requirement for which I want to add two more fields in the same document which I am storing in "MyIndex" Index. Now I want to use both new schema and old schema documents in future.
What Can I do?
Can I inset new document in the same Index?
Are we need some changes in ElasticSearch mapping?
If we don't change anything, Is it affect on existing search capability?
Please help me to conclude this issue with your opinions.
Thanks in advance.
You can add new fields to existing index by updating mapping, but in many cases it would be just ok to index documents with new fields directly, and let ES infer types (although not always recommended) - but this will depend on what type of data you're indexing, and do you need special analyzers for strings or not.
In the context of ELK (Elasticsearch, Logstash, Kibana), I learnt that Logstash has FILTER to make use of grok to divide log messages into different fields. According to my understanding, it only helps to make the unstructured log data into more structured data. But I do no have any idea about how Elasticsearch can make use of the fields (done by grok) to improve the querying performance? Is it possible to build indices on base of the fields like in traditional relational database?
From Elasticsearch: The Definitive Guide
Inverted index
Relational databases add an index, such as a B-tree index, to specific columns in
order to improve the speed of data retrieval. Elasticsearch and Lucene use a
structure called an inverted index for exactly the same purpose.
By default, every field in a document is indexed (has an inverted
index) and thus is searchable. A field without an inverted index is
not searchable. We discuss inverted indexes in more detail in Inverted Index.
So you not need to do anything special. Elasticsearch already indexes all the fields by default.
I am trying to implement an analyzer (uppercase) and index some documents after that in elasticsearch. My question is, am i following the correct procedure?
Implement your analyzer (containing index and type name), which would create the index if it doesnt exist
Then index the documents with the same index and type name as above during which stream of text would pass through the analyzer and then would be saved in index.
Is this the correct way to go about it?
I indexed some documents with and without using analyzers, checked the contents of index before/after using Facets, and they were no different.
The content is not supposed to be different. How it's indexed is. You should recognize the difference because queries would have different results, like some documents are found which weren't without the analyzers, and viceversa.
Try for instance a March Query.
The _score may and should also change
I'm wondering how exactly do index aliases work behind the scenes in Elasticsearch?
Does an alias have a separate copy of the data for each index it is linked to? Or is it only aware of the index names, and the not the data within each index?
If this is the case, are aggregations much slower when performed on an alias with many linked indices?
From the Index Aliases Elasticsearch reference:
APIs in elasticsearch accept an index name when working against a specific index, and several indices when applicable. The index aliases API allow to alias an index with a name, with all APIs automatically converting the alias name to the actual index name. An alias can also be mapped to more than one index, and when specifying it, the alias will automatically expand to the aliases indices. An alias can also be associated with a filter that will automatically be applied when searching, and routing values.
So based on this it is only aware of the index names and not the data within each index. An aggregation could be slower when performed against an alias that spans multiple indexes. Because as far as I know in order to perform the aggregation action, Elasticsearch must collect the dataset to perform the aggregation function(s) against.