Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Elasticsearch for SQL Users

Avatar for Elastic Co Elastic Co
October 26, 2016
Technology
0
160

Elasticsearch for SQL Users

As given at the All Things Open 2016 conference.

Avatar for Elastic Co

Elastic Co

October 26, 2016
Tweet

More Decks by Elastic Co

See All by Elastic Co
Les Vendredis noirs : même pas peur ! - Breizhcamp
Avatar for Elastic Co elastic
15
1k
Confoo Montreal: Ingest node: enriching documents within Elasticsearch
Avatar for Elastic Co elastic
16
960
Elastic{ON} 2018 - Sipping from the Firehose: Scalable Endpoint Data for Incident Response
Avatar for Elastic Co elastic
6
4.3k
Elastic{ON} 2018 - A Security Analytics Platform for Today
Avatar for Elastic Co elastic
3
11k
Elastic{ON} 2018 - The State of Geo in Elasticsearch
Avatar for Elastic Co elastic
7
12k
Elastic{ON} 2018 - Reliable by design - Applying formal methods to distributed systems
Avatar for Elastic Co elastic
5
4.8k
Elastic{ON} 2018 - Bigger, Faster, Stronger - Leveling Up Enterprise Logging
Avatar for Elastic Co elastic
1
5k
Elastic{ON} 2018: Latest in Logstash
Avatar for Elastic Co elastic
1
4.6k
Elastic{ON} 2018 - Lessons Learned from Workday's Search Application Journey from POC to Production
Avatar for Elastic Co elastic
2
2.5k

Other Decks in Technology

See All in Technology
20251102 WordCamp Kansai 2025
Avatar for Chiaki Okamoto chiilog
0
380
CLIPでマルチモーダル画像検索 →とても良い
Avatar for Motoi Washida wm3
2
720
アウトプットから始めるOSSコントリビューション 〜eslint-plugin-vueの場合〜 #vuefes
Avatar for 弁護士ドットコム bengo4com
3
1.9k
GTC 2025 : 가속되고 있는 미래
Avatar for Jeongkyu Shin inureyes
PRO
0
140
AI機能プロジェクト炎上の 3つのしくじりと学び
Avatar for nakawai nakawai
0
180
JAWS UG AI/ML #32 Amazon BedrockモデルのライフサイクルとEOL対応/How Amazon Bedrock Model Lifecycle Works
Avatar for quiver quiver
1
530
ストレージエンジニアの仕事と、近年の計算機について / 第58回 情報科学若手の会
Avatar for Preferred Networks pfn
PRO
4
940
AIを使ってテストを楽にする
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
380
組織全員で向き合うAI Readyなデータ利活用
Avatar for harry gappy50
5
2k
IBC 2025 動画技術関連レポート / IBC 2025 Report
Avatar for CyberAgent cyberagentdevelopers
PRO
2
240
サブドメインテイクオーバー事例紹介と対策について
Avatar for mikiT mikit
3
360
個人でデジタル庁の デザインシステムをVue.jsで 作っている話
Avatar for にしはら nishiharatsubasa
3
5.3k

Featured

See All Featured
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
25k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.5k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
174
15k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
191
56k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
8
330
Scaling GitHub
Avatar for Zach Holman holman
463
140k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k

Transcript

  1. 1 Shaunak Kashyap Developer at Elastic @shaunak Elasticsearch for SQL

    users

  2. The Elastic Stack 2 Store, Index & Analyze Ingest User

    Interface Plugins Hosted Service

  3. 3 Agenda Search queries Data modeling Architecture 1 2 3

  4. 2 4 Agenda Search queries Data modeling Architecture 1 3

  5. 5 Agenda Search queries Data modeling 1 2 3 Architecture

  6. 6 Search Queries https://www.flickr.com/photos/samhames/4422128094

  7. 7 CREATE TABLE IF NOT EXISTS emails ( sender VARCHAR(255)

    NOT NULL, recipients TEXT, cc TEXT, bcc TEXT, subject VARCHAR(1024), body MEDIUMTEXT, datetime DATETIME ); CREATE INDEX emails_sender ON emails(sender); CREATE FULLTEXT INDEX emails_subject ON emails(subject); CREATE FULLTEXT INDEX emails_body ON emails(body); curl -XPUT 'http://localhost:9200/enron' -d' { "mappings": { "email": { "properties": { "sender": { "type": "keyword" }, "recipients": { "type": "keyword" }, "cc": { "type": "keyword" }, "bcc": { "type": "keyword" }, "subject": { "type": "text", "analyzer": "english" }, "datetime": { "type": "date" } } } } Schemas

  8. 8 Loading the data

  9. 9 [LIVE DEMO] • Search for text in a single

    field • Search for text in multiple fields • Search for a phrase https://github.com/ycombinator/es-enron

  10. 10 Other Search Features Stemming Synonyms Did you mean? •

    Jump, jumped, jumping • Queen, monarch • Monetery => Monetary

  11. 11 Data Modeling https://www.flickr.com/photos/samhames/4422128094 https://www.flickr.com/photos/ericparker/7854157310

  12. 12 To analyze (text) or not to analyze (keyword)? PUT

    cities/city/1 { "city": "Raleigh", "population": 431746 } PUT cities/city/2 { "city": "New Albany", "population": 8829 } PUT cities/city/3 { "city": "New York", "population": 8406000 } POST cities/_search { "query": { "match": { "city": "New Albany" } } } QUERY + = ?

  13. PUT cities/city/1 { "city": "Raleigh", "population": 431746 } 13 To

    analyze (text) or not to analyze (keyword)? PUT cities/city/2 { "city": "New Albany", "population": 8829 } PUT cities/city/3 { "city": "New York", "population": 8406000 } Term Document IDs albany 2 new 2,3 raleigh 1 york 3

  14. 14 To analyze (text) or not to analyze (keyword)? PUT

    cities { "mappings": { "city": { "properties": { "city": { "type": "keyword" } } } } } MAPPING Term Document IDs New Albany 2 New York 3 Raleigh 1

  15. PUT blog/post/1 { "author_id": 1, "title": "...", "body": "..." }

    PUT blog/post/2 { "author_id": 1, "title": "...", "body": "..." } PUT blog/post/3 { "author_id": 1, "title": "...", "body": "..." } 15 Relationships: Application-side joins PUT blog/author/1 { "name": "John Doe", "bio": "..." } POST blog/author/_search { "query": { "match": { "name": "John" } } } QUERY 1 POST blog/post/_search { "query": { "match": { "author_id": <each id from query 1 result> } } } QUERY 2

  16. PUT blog/post/1 { "author_name": "John Doe", "title": "...", "body": "..."

    } PUT blog/post/2 { "author_name": "John Doe", "title": "...", "body": "..." } 16 Relationships: Data denormalization POST blog/post/_search { "query": { "match": { "author_name": "John" } } } QUERY PUT blog/post/3 { "author_name": "John Doe", "title": "...", "body": "..." }

  17. 17 Relationships: Nested objects PUT blog/author/1 { "name": "John Doe",

    "bio": "...", "blog_posts": [ { "title": "...", "body": "..." }, { "title": "...", "body": "..." }, { "title": "...", "body": "..." } ] } POST blog/author/_search { "query": { "match": { "name": "John" } } } QUERY

  18. 18 Relationships: Parent-child documents PUT blog/author/1 { "name": "John Doe",

    "bio": "..." } POST blog/post/_search { "query": { "has_parent": { "type": "author", "query": { "match": { "name": "John" } } } QUERY PUT blog { "mappings": { "author": {}, "post": { "_parent": { "type": "author" } } } } PUT blog/post/1?parent=1 { "title": "...", "body": "..." } PUT blog/post/2?parent=1 { "title": "...", "body": "..." } PUT blog/post/3?parent=1 { "title": "...", "body": "..." }

  19. 19 Architecture https://www.flickr.com/photos/samhames/4422128094 https://www.flickr.com/photos/haribote/4871284379/

  20. 20 RDBMS Triggers database by Creative Stall from the Noun

    Project 1 2

  21. 21 Async replication to Elasticsearch 1 2 3 ESSynchronizer flow

    by Yamini Ahluwalia from the Noun Project

  22. 22 Async replication to Elasticsearch with Logstash 1 2 3

  23. 23 Forked writes from application 1 2

  24. 24 Forked writes from application (more robust) 1 2 queue

    by Huu Nguyen from the Noun Project ESSynchronizer 3 4

  25. 25 Forked writes from application (more robust with Logstash) 1

    2 3 4

  26. 26 Questions? @shaunak https://www.flickr.com/photos/nicknormal/2245559230/