Book Image

Elasticsearch 8.x Cookbook - Fifth Edition

By : Alberto Paro
Book Image

Elasticsearch 8.x Cookbook - Fifth Edition

By: Alberto Paro

Overview of this book

Elasticsearch is a Lucene-based distributed search engine at the heart of the Elastic Stack that allows you to index and search unstructured content with petabytes of data. With this updated fifth edition, you'll cover comprehensive recipes relating to what's new in Elasticsearch 8.x and see how to create and run complex queries and analytics. The recipes will guide you through performing index mapping, aggregation, working with queries, and scripting using Elasticsearch. You'll focus on numerous solutions and quick techniques for performing both common and uncommon tasks such as deploying Elasticsearch nodes, using the ingest module, working with X-Pack, and creating different visualizations. As you advance, you'll learn how to manage various clusters, restore data, and install Kibana to monitor a cluster and extend it using a variety of plugins. Furthermore, you'll understand how to integrate your Java, Scala, Python, and big data applications such as Apache Spark and Pig with Elasticsearch and create efficient data applications powered by enhanced functionalities and custom plugins. By the end of this Elasticsearch cookbook, you'll have gained in-depth knowledge of implementing the Elasticsearch architecture and be able to manage, search, and store data efficiently and effectively using Elasticsearch.
Table of Contents (20 chapters)

Chapter 2: Managing Mappings

Mapping is a primary concept in Elasticsearch that defines how the search engine should process a document and its fields to be effectively used in search and aggregations.

Search engines perform the following two main operations:

  • Indexing: This action is used to receive a document, process it, and store it in an index.
  • Searching: This action is used to retrieve the data from the index based on a query.

These two operations are strictly connected; an error in the indexing step leads to unwanted or missing search results.

Elasticsearch, by default, has explicit mapping at the index level. When indexing, if a mapping is not provided, a default one is created and guesses the structure from the JSON data fields that the document is composed of. This new mapping is then automatically propagated to all the cluster nodes: it will begin part of the cluster's state.

The default type mapping has sensible default values, but when you want to change their behavior or customize several other aspects of indexing (object to special fields, storing, ignoring, completion, and so on), you need to provide a new mapping definition.

In this chapter, we'll look at all the possible mapping field types that document mappings are composed of.

In this chapter, we will cover the following recipes:

  • Using explicit mapping creation
  • Mapping base types
  • Mapping arrays
  • Mapping an object
  • Mapping a document
  • Using dynamic templates in document mapping
  • Managing nested objects
  • Managing a child document with a join field
  • Adding a field with multiple mappings
  • Mapping a GeoPoint field
  • Mapping a GeoShape field
  • Mapping an IP field
  • Mapping an Alias field
  • Mapping a Percolator field
  • Mapping the Rank Feature and Feature Vector fields
  • Mapping the Search as you type field
  • Using the Range Field type
  • Using the Flattened field type
  • Using the Point and Shape field types
  • Using the Dense Vector field type
  • Using the Histogram field type
  • Adding metadata to a mapping
  • Specifying different analyzers
  • Using index components and templates