What Is Elasticsearch?

What Is Elasticsearch?

Elasticsearch is a search and analytics engine that was originally based upon the Lucene library. This search engine is notable for its features which allow it to suggest intelligent results based on previously used search data and its ability to return close match search results for queries that have typos. Elasticsearch also has a RESTful distributed architecture which allows the engine to perform powerful querying in real-time.

Prior to the start of 2021, Elasticsearch was open-source but since version 7.11 was released, Elasticsearch and the other components of the ELK Stack (namely Logstash & Kibana) have been released under SSPL (Server Side Public License). The SSPL does not comply with the official definition of open-source software and as a result, has not been approved by the Open Source Initiative (OSI).

How Does Elasticsearch Work?

Elasticsearch works by using a “shared nothing” architecture that is structured from multiple separated nodes which do not share resources. Due to this independent and self-sufficient architecture, Elasticsearch is able to benefit from being low latency as well as highly available (HA).

By offering low latency, Elasticsearch is able to return results to the user with minimal delay. The major benefit of Elasticsearch being highly available is that the system is able to operate continuously as the application is run across separate zones. This means that if one of the zones or nodes goes offline, you will still be able to use Elasticsearch from another zone or node uninterrupted.

The data structure used by Elasticsearch is one that uses an inverted index. Inverted indexes by design allow for full-text searching to be conducted efficiently across any given database. This is a vital feature that forms a key part of a search engine's powerful feature set.

As raw data is ingested and stored in Elasticsearch (which can be sent using a resource such as the Beats family of shippers) users can then use Elasticsearch to perform queries against this data which can be aggregated and transformed into powerful Kibana dashboards.

What Is Elasticsearch Used For?

Elasticsearch is often used to return inventory search results for a variety of eCommerce sites (including Shopify, Instacart and Amazon) due to its ability to show relevant results intelligently to users who also wish to filter by review ratings, price, or other key user-defined metrics.

Elasticsearch also forms the backbone of the ELK Stack, a popular technology stack that is able to perform log analysis, SIEM as a Service and data visualisation. Notable companies that use Elasticsearch in this way include the likes of Adobe, NetApp, Audi & Procter & Gamble as well as YourEDI & Uizard.

You can read our Elasticsearch use cases article next to see other reasons why you might consider using Elasticsearch within your organisation.

Is Elasticsearch Free?

Yes, initially. The free version of Elasticsearch can be downloaded from this link if you wish to host, scale and run the application for minimal use cases. Elasticsearch would not qualify as Free Open Source Software (FOSS) due to the search engine not being both free and open-source as their current SSPL licensing does not allow for everyone to freely copy, study and modify the software in any way, completely openly.

Even though Elasticsearch is free to download, it is worth knowing that combining this tool as part of a wider technology stack (such as the ELK Stack) for security, compliance and data analysis use cases can quickly become quite unaffordable due to the additional hardware and maintenance required. This has been noted by a variety of industry-trusted resources including Dell, DotCMS and OpsMatters in their publications about lowering the total cost of ownership (TCO) for Elasticsearch.

How Do Elasticsearch & Kibana Work Together?

Kibana works alongside Elasticsearch by allowing users to create visualisations from any data ingested into the search engine to build out wider reports and detailed visualisation dashboards. Once data is stored in Elasticsearch, this can easily be used as a source within Kibana to generate pie charts, heat maps and line graphs as well as scatter plots for users to better harness data visually.

You can discover more about Kibana in our detailed guide covering what is Kibana?

What Is AWS Elasticsearch?

AWS Elasticsearch, now referred to as OpenSearch, was an open-source service based upon a fork of Elastic’s original Elasticsearch search engine. The Amazon OpenSearch Service offers the latest versions of OpenSearch as a hosted service to users that wish to use the solution as a proprietary service.

To find out more about AWS’s legacy in connection to Elasticsearch and the open-source community you should explore our article detailing the differences between AWS Opensearch vs Elasticsearch. Our guide provides an in-depth look at the array of different terminology and names used for various tools (which all share much of the same functionality) based on the original components that make up ELK.

What Is A Shard In Elasticsearch?

As Elasticsearch uses indexes to store your data, it is worth knowing that these indexes are split into different segments, known as shards. Elasticsearch is able to manage and balance shards and move them between nodes where required.

In this article all about the leading Elasticsearch interview questions, we go into more detail on the topic of how to automatically rebalance your Elasticsearch shards.

Can I Still Use Older Open Source Versions Of Elasticsearch?

As many experienced users of Elasticsearch may still prefer to use the open-source version of this software there is still significant demand for older versions to be available and ready for deployment.

If you prefer to use legacy versions of Elasticsearch alongside the rest of the ELK Stack then you should consider using a managed service that hosts this solution as a ready-to-launch platform built for data analysis and management.

By using a solution that offers the legacy open-source backed versions of Elasticsearch you can readily launch a stack suitable for any analysis use case without the need for configuring, maintaining and managing multiple Elasticsearch instances in order to be fully scalable.

If you enjoyed this article on ELK then why not read an in-depth guide to the Kibana query language or what is telemetry data?