Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Elasticsearch for Data Engineers

6ac96bcb854145bb47eac6fa80b50d44?s=47 Duy Do
September 16, 2016
Technology
6
1.6k

Elasticsearch for Data Engineers

This is Elasticsearch crash course for Data Engineers at Sentifi AG

6ac96bcb854145bb47eac6fa80b50d44?s=128

Duy Do

September 16, 2016
Tweet

More Decks by Duy Do

See All by Duy Do
6ac96bcb854145bb47eac6fa80b50d44?s=48 duydo
8
1.1k
6ac96bcb854145bb47eac6fa80b50d44?s=48 duydo
2
180

Other Decks in Technology

See All in Technology
Ff7f1f76468f46a1c5c84b9238a4b162?s=48 miyake
0
190
7975b9fd58c8945ae1c6b38747de7f28?s=48 line_developers_tw2
0
130
9b2600a82821673d9d0f03cc6f7bc56e?s=48 kloudleinc
0
110
Ad449f3f4e595ade283a30c4f66010be?s=48 seto_hi
3
1.1k
8d5ec86449745c31872afc6efdaf2f0a?s=48 freedom_tk
1
200
164fd510e92a1912155b869b2c333c1e?s=48 tutuz
5
3k
9fdb6e5b532d7fa8687faebc4e70a865?s=48 ryysud
0
130
3e8f61263f14a620f21d5f3f89c4b846?s=48 gamella
1
5.6k
Fccbd625997f63e7b251d9725cb905a5?s=48 futo23
1
1.7k
462feb0fe0493c40d55650da664e8773?s=48 clustervr
PRO
0
180
3b02ffcc638b9cde6cb1bb458a926b15?s=48 yukiarrr
1
330
A84b3c763c9c543069b7c02551e2720e?s=48 yuyamada
0
430

Featured

See All Featured
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
158
6.5k
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
59
6.5k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
495
110k
32de0bd2ba869609d26fd052a4622778?s=48 cromwellryan
104
6.3k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
154
11k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
347
20k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
28
1.1k
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
56
9.4k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
96
14k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
56
5.5k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
71
3.6k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
10
730

Transcript

  1. Elasticsearch Crash Course for Data Engineers Duy Do (@duydo)

  2. About • A Father, A Husband, A Software Engineer •

    Founder of Vietnamese Elasticsearch Community • Author of Vietnamese Elasticsearch Analysis Plugin • Technical Consultant at Sentifi AG • Co-Founder at Krom • Follow me @duydo

  3. Elasticsearch is Everywhere

  4. None

  5. What is Elasticsearch?

  6. Elasticsearch is a distributed search and analytics engine, designed for

    horizontal scalability with easy management.

  7. Basic Terms • Cluster is a collection of nodes. •

    Node is a single server, part of a cluster. • Index is a collection of shards ~ database. • Shard is a collection of documents. • Type is a category/partition of an index ~ table in database. • Document is a Json object ~ record in database.

  8. Distributed & Scalable

  9. Shards & Replicas

  10. One node, One shard Node 1 employees P0 PUT /employees

    { “settings”: { “number_of_shards”: 1, “number_of_replicas”: 0 } }

  11. Two nodes, One shard Node 1 employees P0 PUT /employees

    { “settings”: { “number_of_shards”: 1, “number_of_replicas”: 0 } } Node 2

  12. One node, Two shards Node 1 employees P0 PUT /employees

    { “settings”: { “number_of_shards”: 2, “number_of_replicas”: 0 } } P1

  13. Two Nodes, Two Shards Node 1 employees P0 PUT /employees

    { “settings”: { “number_of_shards”: 2, “number_of_replicas”: 0 } } Node 2 employees P1 P1

  14. Two nodes, Two shards, One replica of each shard Node

    1 employees P0 PUT /employees { “settings”: { “number_of_shards”: 2, “number_of_replicas”: 1 } } R1 Node 2 employees P1 R0

  15. Index Management

  16. Create Index PUT /employees { “settings”: {...}, “mappings”: { “type_one”:

    {...}, “type_two”: {...} }, “aliases”: { “alias_one”: {...}, “alias_two”: {...} } }

  17. Index Settings PUT /employees/_settings { “number_of_replicas”: 1 }

  18. Index Mappings PUT /employees/_mappings { “employee”: { “properties”: { “name”:

    {“type”: “string”}, “gender”: {“type”: “string”, “index”: “not_analyzed”}, “email”: {“type”: “string”, “index”: “not_analyzed”}, “dob”: {“type”: “date”}, “country”: {“type”: “string”, “index”: “not_analyzed”}, “salary”: {“type”: “double”}, } } }

  19. Delete Index DELETE /employees

  20. Put Data In, Get Data Out

  21. Index a Document with ID PUT /employees/employee/1 { “name”: “Duy

    Do”, “email”: “duy.do@sentifi.com”, “dob”: “1984-06-20”, “country”: “VN” “gender”: “male”, “salary”: 100.0 }

  22. Index a Document without ID POST /employees/employee/ { “name”: “Duy

    Do”, “email”: “duy.do@sentifi.com”, “dob”: “1984-06-20”, “country”: “VN” “gender”: “male”, “salary”: 100.0 }

  23. Retrieve a Document GET /employees/employee/1

  24. Update a Document POST /employees/employee/1/_update { “doc”:{ “salary”: 500.0 }

    }

  25. Delete a Document DELETE /employees/employee/1

  26. Searching

  27. Structured Search Date, Times, Numbers, Text • Finding Exact Values

    • Finding Multiple Exact Values • Ranges • Working with Null Values • Combining Filters

  28. Finding Exact Values GET /employees/employee/_search { “query”: { “term”: {

    “country”: “VN” } } } SQL: SELECT * FROM employee WHERE country = ‘VN’;

  29. Finding Multiple Exact Values GET /employees/employee/_search { “query”: { “terms”:

    { “country”: [“VN”, “US”] } } } SQL: SELECT * FROM employee WHERE country = ‘VN’ OR country = ‘US’;

  30. Ranges GET /employees/employee/_search { “query”: { “range”: { “dob”: {“gt”:

    “1984-01-01”, “lt”: “2000-01-01”} } } } SQL: SELECT * FROM employee WHERE dob BETWEENS ‘1984-01-01’ AND ‘2000-01-01’;

  31. Working with Null values GET /employees/employee/_search { “query”: { “filtered”:

    { “filter”: { “exists”: {“field”: “email”} } } } } SELECT * FROM employee WHERE email IS NOT NULL;

  32. Working with Null Values GET /employees/employee/_search { “query”: { “filtered”:

    { “filter”: { “missing”: {“field”: “email”} } } } } SELECT * FROM employee WHERE email IS NULL;

  33. Combining Filters GET /employees/employee/_search { “query”: { “filtered”: { “filter”:

    { “bool”: { “must”:[{“exists”: {“field”: “email”}}], “must_not”:[{“term”: {“gender”: “female”}}], “should”:[{“terms”: {“country”: [“VN”, “US”]}}] } } } } }

  34. Combining Filters SQL: SELECT * FROM employee WHERE email IS

    NOT NULL AND gender != ‘female’ AND (country = ‘VN’ OR country = ‘US’);

  35. More Queries • Prefix • Wildcard • Regex • Fuzzy

    • Type • Ids • ...

  36. Full-Text Search Relevance, Analysis • Match Query • Combining Queries

    • Boosting Query Clauses

  37. Match Query - Single Word GET /employees/employee/_search { “query”: {

    “match”: { “name”: { “query”: “Duy” } } } }

  38. Match Query - Multi Words GET /employees/employee/_search { “query”: {

    “match”: { “name”: { “query”: “Duy Do”, “operator”: “and” } } } }

  39. Combining Queries GET /employees/employee/_search { “query”: { “bool”: { “must”:[{“match”:

    {“name”: “Do”}}], “must_not”:[{“term”: {“gender”: “female”}}], “should”:[{“terms”: {“country”: [“VN”, “US”]}}] } } }

  40. Boosting Query Clauses GET /employees/employee/_search { “query”: { “bool”: {

    “must”:[{“term”: {“gender”: “female”}}], # default boost 1 “should”:[ {“term”: {“country”: {“query”:“VN”, “boost”:3}}} # the most important {“term”: {“country”: {“query”:“US”, “boost”:2}}} # important than #1 but not as important as #2 ], } } }

  41. More Queries • Multi Match • Common Terms • Query

    Strings • ...

  42. Analytics

  43. Aggregations Analyze & Summarize • How many needles in the

    haystack? • What is the average length of the needles? • What is the median length of the needles, broken down by manufacturer? • How many needles are added to the haystacks each month? • What are the most popular needle manufacturers? • ...

  44. Buckets & Metrics SELECT COUNT(country) # a metric FROM employee

    GROUP BY country # a bucket GET /employees/employee/_search { “aggs”: { “by_country”: { “terms”: {“field”: “country”} } } }

  45. Bucket is a collection of documents that meet certain criteria.

  46. Metric is simple mathematical operations such as: min, max, mean,

    sum and avg.

  47. Combination Buckets & Metrics • Partitions employees by country (bucket)

    • Then partitions each country bucket by gender (bucket) • Finally calculate the average salary for each gender bucket (metric)

  48. Combination Query GET /employees/employee/_search { “aggs”: { “by_country”: { “terms”:

    {“field”: “country”}, “aggs”: { “by_gender”: { “terms”: {“field”: “gender”}, “aggs”: { “avg_salary”: {“avg”: “field”: “salary”} } } } } } }

  49. More Aggregations • Histogram • Date Histogram • Date Range

    • Filter/Filters • Missing • Geo Distance • Nested • ...

  50. Best Practices

  51. Indexing • Use bulk indexing APIs. • Tune your bulk

    size 5-10MB. • Partitions your time series data by time period (monthly, weekly, daily). • Use aliases for your indices. • Turn off refresh, replicas while indexing. Turn on once it’s done • Multiple shards for parallel indexing. • Multiple replicas for parallel reading.

  52. Mapping • Disable _all field • Keep _source field, do

    not store any field. • Use not_analyzed if possible

  53. Query • Use filters instead of queries if possible. •

    Consider orders and scope of your filters. • Do not use string query. • Do not load too many results with single query, use scroll API instead.

  54. Tools

  55. Kibana for Discovery, Visualization

  56. Sense for Query

  57. Marvel for Monitoring