TL;DR
- Scenario: ES zero foundation getting started, quickly complete index creation, document CRUD, search query
- Conclusion: ES getting started simple, minimum example can run through in 3-10 minutes
- Output: Complete CRUD operation examples, architecture concepts, error quick reference
ES Simple Usage
Create Index
PUT http://h121.wzk.icu:9200/wzk_blog01/?prettyReturn result:
{
"acknowledged": true,
"shards_acknowledged": true,
"index": "wzk_blog01"
}Insert Document
POST http://h121.wzk.icu:9200/wzk_blog01/_doc/1?pretty
{"id": "1", "title": "What is lucene"}Return result:
{
"_index": "wzk_blog01",
"_id": "1",
"_version": 1,
"result": "created",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 0,
"_primary_term": 1
}Query Document
GET http://h121.wzk.icu:9200/wzk_blog01/_doc/1?prettyReturn result:
{
"_index": "wzk_blog01",
"_id": "1",
"_version": 3,
"_seq_no": 2,
"_primary_term": 1,
"found": true,
"_source": {
"id": "1",
"title": "Apache Spark is a unified analytics engine for large-scale data processing"
}
}Update Document
POST http://h121.wzk.icu:9200/wzk_blog01/_doc/1?pretty
{"id": "1", "title": " What is elasticsearch"}Return result:
{
"_index": "wzk_blog01",
"_id": "1",
"_version": 4,
"result": "updated",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 3,
"_primary_term": 1
}Search Document
POST http://h121.wzk.icu:9200/wzk_blog01/_search?pretty
{"query": {"match": {"title": "What"}}}Return result:
{
"query": {
"match": {
"title": "What"
}
}
}Architecture and Concepts
Basic Introduction
Elasticsearch is a document-oriented distributed search and analysis engine, it can store and manage data as documents.
Comparison with Relational Database
| Elasticsearch | MySQL |
|---|---|
| Index | Database |
| Type (removed in 7.x) | Table |
| Document | Row record |
| Field | Column |
Core Concepts
| Concept | Description |
|---|---|
| Index | Collection of documents with similar characteristics |
| Type | Logical classification/partition of index (removed after 7.x) |
| Field | Table field |
| Mapping | Defines each field’s type (schema) |
| Document | Basic information unit that can be indexed (JSON) |
| Near Real-time NRT | Slight delay from indexing document to searchable (usually within 1 second) |
| Cluster | Multiple nodes compose, identified by cluster name |
| Node | One ES instance |
| Shard | Horizontal partitioning of index (primary shard + replica shard) |
| Replica | Copy of primary shard, improves recovery capability and performance |
Error Quick Reference
| Symptom | Root Cause | Fix |
|---|---|---|
| ?pertty invalid/error | Parameter spelling error | Change to ?pretty |
| Create index invalid | Used GET to access /index | Use PUT /{index}?pretty |
| Insert document 405/400 | Used GET to send JSON | Use POST/PUT /{index}/_doc/{id} and put JSON in request body |
| /{index}/_doc/_search/1 returns error | Endpoint wrong | Query by ID: GET /{index}/_doc/{id}; search: POST /{index}/_search |
| Search no results | Put query DSL in “return result” instead of request body | Put DSL in request body, POST /_search |
| HTTP/HTTPS mixed or CORS | http/https mixed under same domain | Unify protocol; if browser, configure CORS/reverse proxy |
| 401/403 Unauthorized | 8.x enables security by default | Enable built-in user/API Key, or authenticate via intranet/reverse proxy |
| index_not_found_exception | Index not created/name wrong | First PUT /{index} then write; check lowercase naming |
| version_conflict_engine_exception | Concurrent update | Use _update or optimistic locking with if_seq_no/if_primary_term |
| Cluster Red/shard allocation failed | Shard/disk issue | Free up disk, fix shards, adjust replica count |