Book Image

Elasticsearch 7.0 Cookbook - Fourth Edition

By : Alberto Paro
Book Image

Elasticsearch 7.0 Cookbook - Fourth Edition

By: Alberto Paro

Overview of this book

Elasticsearch is a Lucene-based distributed search server that allows users to index and search unstructured content with petabytes of data. With this book, you'll be guided through comprehensive recipes on what's new in Elasticsearch 7, and see how to create and run complex queries and analytics. Packed with recipes on performing index mapping, aggregation, and scripting using Elasticsearch, this fourth edition of Elasticsearch Cookbook will get you acquainted with numerous solutions and quick techniques for performing both every day and uncommon tasks such as deploying Elasticsearch nodes, integrating other tools to Elasticsearch, and creating different visualizations. You will install Kibana to monitor a cluster and also extend it using a variety of plugins. Finally, you will integrate your Java, Scala, Python, and big data applications such as Apache Spark and Pig with Elasticsearch, and create efficient data applications powered by enhanced functionalities and custom plugins. By the end of this book, you will have gained in-depth knowledge of implementing Elasticsearch architecture, and you'll be able to manage, search, and store data efficiently and effectively using Elasticsearch.

Related Content you might be interested in

Current Title:

Small book image
Elasticsearch 7.0 Cookbook - Fourth Edition
Alberto Paro
Apr, 2019 | 724 pages
Small book image
Mastering Elasticsearch 5.x
Bharvi Dixit
Feb, 2017 | 428 pages
Small book image
Learning Elasticsearch
Abhishek Andhavarapu
Jun, 2017 | 404 pages
Small book image
Advanced Elasticsearch 7.0
Wai Tak Wong
Aug, 2019 | 560 pages
Table of Contents (23 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Elasticsearch 7.0 Cookbook Fourth Edition
About Packt
About Packt
Why subscribe?
Packt.com
Contributors
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Getting Started
Getting Started
Technical requirements
Downloading and installing Elasticsearch
Setting up networking
Setting up a node
Setting up Linux systems
Setting up different node types
Setting up a coordinator node
Setting up an ingestion node
Installing plugins in Elasticsearch
Removing a plugin
Changing logging settings
Setting up a node via Docker
Deploying on Elasticsearch Cloud Enterprise
2
Managing Mapping
Managing Mapping
Using explicit mapping creation
Mapping base types
Mapping arrays
Mapping an object
Mapping a document
Using dynamic templates in document mapping
Managing nested objects
Managing a child document with a join field
Adding a field with multiple mappings
Mapping a GeoPoint field
Mapping a GeoShape field
Mapping an IP field
Mapping an alias field
Mapping a Percolator field
Mapping feature and feature vector fields
Adding metadata to a mapping
Specifying different analyzers
Mapping a completion field
3
Basic Operations
Basic Operations
Creating an index
Deleting an index
Opening or closing an index
Putting a mapping in an index
Getting a mapping
Reindexing an index
Refreshing an index
Flushing an index
ForceMerge an index
Shrinking an index
Checking if an index exists
Managing index settings
Using index aliases
Rolling over an index
Indexing a document
Getting a document
Deleting a document
Updating a document
Speeding up atomic operations (bulk operations)
Speeding up GET operations (multi GET)
4
Exploring Search Capabilities
Exploring Search Capabilities
Technical requirements
Executing a search
Sorting results
Highlighting results
Executing a scrolling query
Using the search_after functionality
Returning inner hits in results
Suggesting a correct query
Counting matched results
Explaining a query
Query profiling
Deleting by query
Updating by query
Matching all the documents
Using a Boolean query
Using the search template
5
Text and Numeric Queries
Text and Numeric Queries
Using a term query
Using a terms query
Using a prefix query
Using a wildcard query
Using a regexp query
Using span queries
Using a match query
Using a query string query
Using a simple query string query
Using the range query
The common terms query
Using an IDs query
Using the function score query
Using the exists query
6
Relationship and Geo Queries
Relationship and Geo Queries
Using the has_child query
Using the has_parent query
Using nested queries
Using the geo_bounding_box query
Using the geo_polygon query
Using the geo_distance query
7
Aggregations
Aggregations
Executing an aggregation
Executing stats aggregations
Executing terms aggregation
Executing significant terms aggregation
Executing range aggregations
Executing histogram aggregations
Executing date histogram aggregations
Executing filter aggregations
Executing filters aggregations
Executing global aggregations
Executing geo distance aggregations
Executing children aggregations
Executing nested aggregations
Executing top hit aggregations
Executing a matrix stats aggregation
Executing geo bounds aggregations
Executing geo centroid aggregations
Executing pipeline aggregations
8
Scripting in Elasticsearch
Scripting in Elasticsearch
Painless scripting
Installing additional script plugins
Managing scripts
Sorting data using scripts
Computing return fields with scripting
Filtering a search using scripting
Using scripting in aggregations
Updating a document using scripts
Reindexing with a script
9
Managing Clusters
Managing Clusters
Controlling the cluster health using an API
Controlling the cluster state using an API
Getting cluster node information using an API
Getting node statistics via the API
Using the task management API
Using the hot threads API
Managing the shard allocation
Monitoring segments with the segment API
Cleaning the cache
10
Backups and Restoring Data
Backups and Restoring Data
Managing repositories
Executing a snapshot
Restoring a snapshot
Setting up an NFS share for backups
Reindexing from a remote cluster
11
User Interfaces
User Interfaces
Installing and using Cerebro
Installing and using Elasticsearch HQ
Installing Kibana
Managing Kibana discovery
Visualizing data with Kibana
Using Kibana Dev tools
12
Using the Ingest Module
Using the Ingest Module
Pipeline definition
Inserting an ingest pipeline
Getting an ingest pipeline
Deleting an ingest pipeline
Simulating an ingest pipeline
Built-in processors
Grok processor
Using the ingest attachment plugin
Using the ingest GeoIP plugin
13
Java Integration
Java Integration
Creating a standard Java HTTP client
Creating an HTTP Elasticsearch client
Creating a high-level REST client
Managing indices
Managing mappings
Managing documents
Managing bulk actions
Building a query
Executing a standard search
Executing a search with aggregations
Executing a scroll search
Integrating with DeepLearning4j
14
Scala Integration
Scala Integration
Creating a client in Scala
Managing indices
Managing mappings
Managing documents
Executing a standard search
Executing a search with aggregations
Integrating with DeepLearning.scala
15
Python Integration
Python Integration
Creating a client
Managing indices
Managing mappings include the mapping
Managing documents
Executing a standard search
Executing a search with aggregations
Integrating with NumPy and scikit-learn
16
Plugin Development
Plugin Development
Creating a plugin
Creating an analyzer plugin
Creating a REST plugin
Creating a cluster action
Creating an ingest plugin
17
Big Data Integration
Big Data Integration
Installing Apache Spark
Indexing data using Apache Spark
Indexing data with meta using Apache Spark
Reading data with Apache Spark
Reading data using Spark SQL
Indexing data with Apache Pig
Using Elasticsearch with Alpakka
Using Elasticsearch with MongoDB
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review - let other readers know what you think

Setting up an ingestion node

The main goals of Elasticsearch are indexing, searching, and analytics, but it's often required to modify or enhance the documents before storing them in Elasticsearch.

The following are the most common scenarios in this case: 

  • Preprocessing the log string to extract meaningful data
  • Enriching the content of textual fields with Natural Language Processing (NLP) tools
  • Enriching the content using machine learning (ML) computed fields
  • Adding data modification or transformation during ingestion, such as the following:
    • Converting IP in geolocalization
    • Adding datetime fields at ingestion time
    • Building custom fields (via scripting) at ingestion time

Getting ready

You need a working Elasticsearch installation, as described in the Downloading and installing Elasticsearch recipe, as well as a simple text editor to change configuration files.

How to do it…

To set up an ingest node, you need to edit the config/elasticsearch.yml file and set up the ingest property to trueas follows:

node.ingest: true
Every time you change your elasticsearch.yml file, a node restart is required.

How it works…

The default configuration for Elasticsearch is to set the node as an ingest node (refer to Chapter 12, Using the Ingest module, for more information on the ingestion pipeline).

As the coordinator node, using the ingest node is a way to provide functionalities to Elasticsearch without suffering cluster safety.

If you want to prevent a node from being used for ingestion, you need to disable it with node.ingest: false. It's a best practice to disable this in the master and data nodes to prevent ingestion error issues and to protect the cluster. The coordinator node is the best candidate to be an ingest one.

If you are using NLP, attachment extraction (via, attachment ingest plugin), or logs ingestion, the best practice is to have a pool of coordinator nodes (no master, no data) with ingestion active.

The attachment and NLP plugins in the previous version of Elasticsearch were available in the standard data node or master node. These give a lot of problems to Elasticsearch due to the following reasons:

  • High CPU usage for NLP algorithms that saturates all CPU on the data node, giving bad indexing and searching performances
  • Instability due to the bad format of attachment and/or Apache Tika bugs (the library used for managing document extraction)
  • NLP or ML algorithms require a lot of CPU or stress the Java garbage collector, decreasing the performance of the node

The best practice is to have a pool of coordinator nodes with ingestion enabled to provide the best safety for the cluster and ingestion pipeline.

There's more…

Having known about the four kinds of Elasticsearch nodes, you can easily understand that a waterproof architecture designed to work with Elasticsearch should be similar to this one:

Previous Section
End of Section 9
Next Section