Book Image

Elasticsearch 8.x Cookbook - Fifth Edition

By : Alberto Paro
Book Image

Elasticsearch 8.x Cookbook - Fifth Edition

By: Alberto Paro

Overview of this book

Elasticsearch is a Lucene-based distributed search engine at the heart of the Elastic Stack that allows you to index and search unstructured content with petabytes of data. With this updated fifth edition, you'll cover comprehensive recipes relating to what's new in Elasticsearch 8.x and see how to create and run complex queries and analytics. The recipes will guide you through performing index mapping, aggregation, working with queries, and scripting using Elasticsearch. You'll focus on numerous solutions and quick techniques for performing both common and uncommon tasks such as deploying Elasticsearch nodes, using the ingest module, working with X-Pack, and creating different visualizations. As you advance, you'll learn how to manage various clusters, restore data, and install Kibana to monitor a cluster and extend it using a variety of plugins. Furthermore, you'll understand how to integrate your Java, Scala, Python, and big data applications such as Apache Spark and Pig with Elasticsearch and create efficient data applications powered by enhanced functionalities and custom plugins. By the end of this Elasticsearch cookbook, you'll have gained in-depth knowledge of implementing the Elasticsearch architecture and be able to manage, search, and store data efficiently and effectively using Elasticsearch.
Table of Contents (20 chapters)

Using the Range Fields type

Sometimes, we have values that represent a continuous range of values between an upper and lower bound. Some of the common scenarios of this are as follows:

  • Price range (that is, from $4 to $10)
  • Date interval (that is, from 8 A.M. to 8 P.M., December 2020, Summer 2021, Q3 2020, and so on)

In this case, for most queries, pointing to a value in the middle of them is not easy in Elasticsearch; for example, the worst case is to convert continuous values into discrete ones by extracting all the values using a prefixed interval. This kind of situation will largely increase the size of the index and reduce performance (queries).

Range mappings were created to provide continuous value support in Elasticsearch. For this reason, when it is not possible to store the exact value, but we have a range, we need to use range types.

Getting ready

You will need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe of Chapter 1Getting Started.

To execute the commands in this recipe, you can use any HTTP client, such as curl (https://curl.haxx.se/), Postman (https://www.getpostman.com/), or similar. I suggest using the Kibana console, which provides code completion and better character escaping for Elasticsearch.

How to do it...

We want to use range types to implement stock mark values that are defined by low and high price values and the timeframe of the transaction. To achieve this, follow these steps:

  1. To populate our stock, we need to create an index with range fields. Let's use the following mapping:
    PUT test-range
    { "mappings": {
        "properties": {
          "price": { "type": "float_range" },
          "timeframe": { "type": "date_range" }
    } } } 
  2. Now, we can store some documents, as shown here:
    PUT test-range/_bulk
    {"index":{"_index":"test-range","_id":"1"}}
    {"price":{"gte":1.5,"lt":3.2},"timeframe":{"gte":"2022-01-01T12:00:00","lt":"2022-01-01T12:00:01"}}
    {"index":{"_index":"test-range","_id":"2"}}
    {"price":{"gte":1.7,"lt":3.7},"timeframe":{"gte":"2022-01-01T12:00:01","lt":"2022-01-01T12:00:02"}}
    {"index":{"_index":"test-range","_id":"3"}}
    {"price":{"gte":1.3,"lt":3.3},"timeframe":{"gte":"2022-01-01T12:00:02","lt":"2022-01-01T12:00:03"}}
  3. Now, we can execute a query for filtering on price and timeframe values to check the correct indexing of the data:
    GET test-range/_search
    { "query": {
        "bool": {
          "filter": [ 
             { "term": { "price": { "value": 2.4 } } },
              { "term": { "timeframe": { "value": "2022-01-01T12:00:02" } } }
    ] } } }

The result will be something similar to the following:

{
  …truncated…
    "hits" : [
      { "_index" : "test-range", "_id" : "3", "_score" : 0.0,
        "_source" : {
          "price" : { "gte" : 1.3, "lt" : 3.3 },
          "timeframe" : {
            "gte" : "2022-01-01T12:00:02",
            "lt" : "2022-01-01T12:00:03"
    …truncated…
}

How it works…

Not all the base types that support ranges can be used in ranges. The possible range types that are supported by Elasticsearch are as follows:

  • integer_range: This is used to store signed 32-bit integer values.
  • float_range: This is used to store signed 32-bit floating-point values.
  • long_range: This is used to store signed 64-bit integer values.
  • double_range: This is used to store signed 64-bit floating-point values.
  • date_range: This is used to store date values as 64-bit integers.
  • ip_range: This is used to store IPv4 and IPv6 values.

These range types are very useful for all cases where the values are not exact.

When you're storing a document in Elasticsearch, the field can be composed using the following parameters:

  • gt or gte for the lower bound of the range
  • lt or lte for the upper bound of the range

    Note

    Range types can be used for querying values, but they have limited support for aggregation: they only support histogram and cardinality aggregations.

See also

  • The Using the range query recipe in Chapter 5, Text and Numeric Queries, for range queries
  • The Executing histogram aggregations recipe in Chapter 7, Aggregation