What is Elasticsearch?

Elasticsearch is a distributed, full-text, open-source search engine. It provides multi-tenant capabilities in analyzing aggregate data types from sources like Logstash or Kibana. This application stores and indexes information, which can then be queried for specific data. It returns useful details about a particular program, log analysis, application performance data, or other information.

Installation Order

To install the Elastic Stack, deploy these applications in the following order.

1. Elasticsearch (install instructions)
2. Kibana (install)
3. Logstash (install)
4. Beats (install instructions)
5. APM Server (install instructions)
6. Elasticsearch Hadoop (install instructions)

Installation

In order to install Elasticsearch, see our kb article for more in depth instructions. Here are the basic installation steps.

1. Download and unpack the Elasticsearch official distribution.
2. Next, run bin/elasticsearch on Linux or macOS. Run bin\elasticsearch.bat on Windows.
3. Then, curl -X GET http://localhost:9200/.
4. Start more servers

What is Indexing?

Indexing is simply the process of adding data into Elasticsearch. Elasticsearch stores and retrieves this data in Apache Lucene indexes. We will not be discussing Lucene specifically in this article because we need to delve deeper into that application to truly understand the role Elasticsearch plays. This article is for primarily for new users to employ basic GET and PUT requests in Lucene.

Requests

Put

We send PUT requests when we know, or want to specify an ID of the data type. We can use POST if we want Elasticsearch to generate an ID for that item on its own. An Example of a simple POST command would look like this.

curl -XPOST 'localhost:9200/logs/test_app' -H 'Content-Type: application/json' -d'
{
"timestamp": "2020-08-20 09:10:11",
"message": "Test user is logged in",
"user_id": 2,
"admin": false
}
'

And the output looks like this:

{"_index":"logs","_type":"test_app","_id":"e8rHCnQBSXUbYazxinrq","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":1,"_primary_term":1}

Output

We can see in the output provided above that id was generated by Elasticsearch., We can also note the “version” and “created” fields as well. This implies that the _test_app_file was created using our POST command which did not exist before. Let’s review how we can index something using a PUT request.

curl -X PUT 'localhost:9200/app/users/4' -H 'Content-Type: application/json' -d '
{
  "id": 2,
  "username": "Dean",
  "last_login": "2020-08-20 09:10:11"
}
'

Using this command, we get this output.

{"_index":"app","_type":"users","_id":"4","_version":2,"result":"updated","_shards":{"total":2,"successful":1,"failed":0},"_seq_no":1,"_primary_term":1}

With this entry, we indexed the user Dean under /app/users/ directory.

All the data that was entered is sent as a JSON object. If we ask how this works without any data structure, the answer is succinct. Elasticsearch usually works as a NoSQL database, thus structure is not needed. Next, we will check how we can perform queries using Elasticsearch.

#tutorials #apt transport https #configuration #elasticsearch #java #java development kit #jvm #kibana #logstash #rest api #search #search engines #ubuntu #ubuntu 18.04 #ufw #yaml