Book Image

Elasticsearch 8.x Cookbook - Fifth Edition

By : Alberto Paro
Book Image

Elasticsearch 8.x Cookbook - Fifth Edition

By: Alberto Paro

Overview of this book

Elasticsearch is a Lucene-based distributed search engine at the heart of the Elastic Stack that allows you to index and search unstructured content with petabytes of data. With this updated fifth edition, you'll cover comprehensive recipes relating to what's new in Elasticsearch 8.x and see how to create and run complex queries and analytics. The recipes will guide you through performing index mapping, aggregation, working with queries, and scripting using Elasticsearch. You'll focus on numerous solutions and quick techniques for performing both common and uncommon tasks such as deploying Elasticsearch nodes, using the ingest module, working with X-Pack, and creating different visualizations. As you advance, you'll learn how to manage various clusters, restore data, and install Kibana to monitor a cluster and extend it using a variety of plugins. Furthermore, you'll understand how to integrate your Java, Scala, Python, and big data applications such as Apache Spark and Pig with Elasticsearch and create efficient data applications powered by enhanced functionalities and custom plugins. By the end of this Elasticsearch cookbook, you'll have gained in-depth knowledge of implementing the Elasticsearch architecture and be able to manage, search, and store data efficiently and effectively using Elasticsearch.
Table of Contents (20 chapters)

Mapping the Search as you type field

One of the most common scenarios is to provide the Search as you type functionality, which is typical of the Google search engine.

This capability is common in many use cases:

  • Completing titles in media websites
  • Completing product names in e-commerce websites
  • Completing document names or authors in document management systems
  • Suggesting best-associated terms to search on based on the actual knowledge base (collection of documents)

This type provides facilities to achieve this functionality.

Getting ready

You will need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe of Chapter 1Getting Started.

To execute the commands in this recipe, you can use any HTTP client, such as curl (, Postman (, or similar. I suggest using the Kibana console, which provides code completion for Elasticsearch.

How to do it…

We want to use the search_as_you_type type to implement a completer (a widget that completes names/values) for titles for our media film streaming platform. To achieve this, follow these steps:

  1. To be able to prove "search as you type" on a title field, we will use the following mapping:
    PUT test-sayt
    { "mappings": {
        "properties": {
          "title": { "type": "search_as_you_type"  }
    } } } 
  2. Now, we can store some documents, as shown here:
    PUT test-sayt/_doc/1
    { "title": "Ice Age" }
    PUT test-sayt/_doc/2
    { "title": "The Polar Express" }
    PUT test-sayt/_doc/3
    { "title": "The Godfather" }
  3. Now, we can execute a match query on the title value to return our records:
    GET test-sayt/_search
      "query": {
        "multi_match": {
          "query": "the p", "type": "bool_prefix",
          "fields": [ "title", "title._2gram", "title._3gram" ]
    } } }

The result will be something similar to the following:

    "hits" : [
        "_index" : "test-sayt", "_id" : "2", "_score" : 2.4208174,
        "_source" : { "title" : "The Polar Express" }

As you can see, more relevant results (that contain more code related to the search) score better!

How it works…

Due to the high demand for the Search as you type feature, this special mapping type was created.

This special mapping type is a helper that simplifies the process of creating a field with multiple subfields that can map the indexing requirements and provide an efficient Search as you type capability.

For example, for my title field, the following field and subfields are created:

  • title: This contains the text to be used. It's processed as a standard text field and accepts the standard text parameters, as we saw regarding the text field in the Mapping base types recipe of this chapter.
  • title._2gram: This contains the text with the applied shingle token filter ( with a size of 2. This aggregates two contiguous terms.
  • title._3gram: This is the same as title._2gram but uses a size of 3 to aggregate three contiguous terms.
  • title._index_prefix: This wraps the maximum size gram (_3gram, in our case) with an Edge N-Gram Token Filter ( to be able to provide initial completion.

The "search_as_you_type" field can be customized using the max_shingle_size parameter (the default is 3). This parameter allows you to define the maximum size of the gram to be created.

The number of ngram subfields is given by the max_shingle_size -1 value, but usually, the best values are 3 or 4. In the case of large values, it only increases the size of the index, but it doesn't generally provide query quality benefits.

See also

Please refer to the Using a match query recipe in Chapter 5, Text and Numeric Queries, to learn more about match queries.