Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Elasticsearch - Beyond full-text search

Alexander Reelsen
September 25, 2013
Technology
7
1.2k

Elasticsearch - Beyond full-text search

Every modern search application is not anymore about full-text search only, but rather incorporates aspects of analytics on top of your data. This talk gives a short introduction of how to use elasticsearch to do analytics tasks with and around your data.

Alexander Reelsen

September 25, 2013
Tweet

More Decks by Alexander Reelsen

See All by Alexander Reelsen
Search Evolution - Keeping up with the hype?
spinscale
0
180
Mirror mirror... what am I typing next?
spinscale
0
230
The New Generation of Data Stores
spinscale
0
160
Elasticsearch: Distributed Search Under the Hood
spinscale
0
110
Working distributed - but how?
spinscale
0
110
Implementing a custom aws lambda runtime using Crystal
spinscale
0
520
Elasticsearch Ingest Processors
spinscale
0
110
Open Source as a Business
spinscale
1
120
Inside The Elastic Stack - Testing and Releasing a Well Known Open Source Stack
spinscale
1
450

Other Decks in Technology

See All in Technology
LOWYAビジネスダッシュボード:DevとBizの共通認識が切り拓く未来
kazumax55
0
110
[PHPカンファレンス沖縄2023]【実践編】良いプロダクト作りのための組織育成 健全なコードは健全な組織、健全なチームから
ikezoemakoto
0
170
Aurora MySQL version 3でTempTable溢れの振り返り
mixi_engineers
PRO
6
1.6k
リスキリングの特効薬!「技術コミュニティ」のススメ
mamohacy
1
530
[2023년 9월 세미나] 실무자가 알려주는 데이터 분석가 취업 준비 완벽 가이드
datarian
0
580
LINE 平台與開發生態系介紹
line_developers_tw
PRO
0
230
「挑戦しなければ障害は生まれない」 社内ポストモーテム共有会について
sheep_san_white
0
360
組織・プロセス・技術 - フロントエンドの生産性向上への複眼的アプローチ / 20230921
bengo4com
3
240
PHPからはじめるコンピュータア ーキテクチャ / PHP Meets Silicon: A Fun Dive into Computer Structures
tomzoh
3
180
モチベーションサイクルという観点でQAをしよう
mixi_engineers
PRO
1
130
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
11
28k
The Evolution of GraphQL Code Generation
n1ru4l
0
250

Featured

See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
177
9.8k
Making the Leap to Tech Lead
cromwellryan
119
8.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
318
23k
The Pragmatic Product Professional
lauravandoore
23
4k
A Philosophy of Restraint
colly
195
15k
Typedesign – Prime Four
hannesfritz
35
1.7k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.1k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
870

Transcript

  1. Alexander Reelsen
    @spinscale
    [email protected]
    elasticsearch
    beyond full-text search
    #gotoaar #elasticsearch

    View Slide

  2. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    About me
    • Elasticsearch core developer
    Features, bug fixing, package maintenance,
    documentation, blog posts
    • Development support
    • Production support
    • Trainings
    • Conferences & talks
    • Interests: Java, JavaScript, web apps

    View Slide

  3. Beyond full-text search?

    View Slide

  4. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Unstructured search

    View Slide

  5. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Structured search

    View Slide

  6. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Enrichment

    View Slide

  7. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Sorting

    View Slide

  8. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Pagination

    View Slide

  9. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Aggregation

    View Slide

  10. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Suggestions

    View Slide

  11. Introduction

    View Slide

  12. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Elasticsearch in 10 seconds
    • Schema-free, REST & JSON based
    distributed document store
    • Open source: Apache License 2.0
    • Zero configuration
    • Used by github, mozilla, soundcloud, stack
    overflow, foursquare, fog creek,
    stumbleupon

    View Slide

  13. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Zero configuration
    $ wget https://download.elasticsearch.org/...
    $ tar -xf elasticsearch-0.90.5.tar.gz
    $ ./elasticsearch-0.90.5/bin/elasticsearch -f
    ... [INFO ][node][Ghost Maker] {0.90.5}[5645]: initializing ...

    View Slide

  14. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Index & search data
    curl  -­‐X  PUT  localhost:9200/products/product/1  -­‐d  '
    {
       "created_at"  :  "2013/09/05  15:45:10",
       "name"  :  "Macbook  Air",
       "price"  :  {
           "net"  :  1699,
           "tax"  :  322.81,
       }
    }'
    curl  -­‐X  GET  'localhost:9200/products/product/_search?q=macbook'

    View Slide

  15. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Distributed
    • Replication: Data duplication
    Read scalability
    Removing SPOF
    • Sharding: Data partitioning
    Split logical data over several machines
    Write scalability
    Control data flows

    View Slide

  16. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Distributed
    node 1
    orders
    products
    1
    4
    1 2
    2
    2
    curl  -­‐X  PUT  localhost:9200/orders  -­‐d  '{
       "settings.index.number_of_shards"  :  4
       "settings.index.number_of_replicas"  :  1
    }'
    curl  -­‐X  PUT  localhost:9200/products  -­‐d  '{
       "settings.index.number_of_shards"  :  2
       "settings.index.number_of_replicas"  :  0
    }'

    View Slide

  17. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Distributed
    node 1
    orders
    products
    2
    1
    4
    1
    node 2
    orders
    products
    2
    2
    3
    3 4
    1

    View Slide

  18. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Distributed
    node 1
    orders
    products
    2
    1
    4
    1
    node 2
    orders
    products
    2
    2
    node 3
    orders
    products
    3 4
    1
    3

    View Slide

  19. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Ecosystem
    • Plugins
    • Clients for many languages
    Ruby, Python, PHP, Perl
    Javascript, Scala, Clojure
    • Kibana & Logstash
    • Hadoop integration

    View Slide

  20. From data
    to information

    View Slide

  21. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    What is data?
    • Whatever provides value for your business
    • Domain data
    Internal: Orders, products
    External: Social media streams, email
    • Application data
    Log files
    Metrics

    View Slide

  22. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?

    View Slide

  23. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Order as JSON
    curl  -­‐X  PUT  localhost:9200/orders/order/1  -­‐d  '
    {
       "created_at"  :  "2013/09/05  15:45:10",
       "items"  :  [
           ...
       ]
       "total"  :  245.37
    }'

    View Slide

  24. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?
    curl -X GET http://localhost:9200/orders/order/_count
    Count

    View Slide

  25. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?
    curl  -­‐X  GET  http://localhost:9200/orders/order/_count  -­‐d  '{
       "range":  {
           "created_at":  {
               "gte":  "2013/09/01",
               "lt":    "2013/10/01"
           }
       }
    }'
    filter

    View Slide

  26. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?
    filter
    count/day

    View Slide

  27. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?
    curl  -­‐X  GET  http://localhost:9200/orders/order/_search  -­‐d  '{
       "facets":  {
           "created":  {
               "date_histogram"  :  {
                   "field"  :  "created_at",
                   "interval"  :  "1d"
               },
               "facet_filter"  :  {
                   "range":  {
                       "created_at":  {
                           "gte":  "2013/09/01",
                           "lt"  :  "2013/10/01"
                       }
                   }
               }
           }
       }
    }'
    count/day
    filter

    View Slide

  28. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?
    filter
    scripting
    stats

    View Slide

  29. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?
    curl  -­‐X  GET  http://localhost:9200/orders/order/_search  -­‐d  '{
       "facets":  {
           "avg_revenue":  {
               "facet_filter"  :  {
                   "range":  {
                       "created_at":  {
                           "gte":  "2013/09/01",
                           "lt"  :  "2013/10/01"
                       }
                   }
               },
               "statistical"  :  {
                   "script"  :  "doc[\u0027total\u0027].value  *  0.1  +  2"
               }
           }
       }
    }'
    filter
    scripting
    stats

    View Slide

  30. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Asking questions to your data
    • How many orders were created?
    • How many orders were created in the last
    month?
    • How many orders were created every day in
    the last month?
    • What is the average revenue per shopping
    cart?
    • What is the average shopping cart size per
    order (EUR or #items)? Per hour?
    filter
    scripting
    stats
    per

    View Slide

  31. From data
    to visualization

    View Slide

  32. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    From numbers to simplicity
    • JSON is not a management compatible
    notation
    • Writing your own visulization app for all the
    different data is tedious
    • Enter Kibana!

    View Slide

  33. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Kibana

    View Slide

  34. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Kibana

    View Slide

  35. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Kibana

    View Slide

  36. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Kibana

    View Slide

  37. From data
    to notification

    View Slide

  38. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Houston, we have a problem!
    • The average response time of your payment
    API just increased over 2 seconds over the
    last 15 minutes
    • A credit card fraud detection kicks in
    • Visits are exploding after the television
    commercial
    • The “win-a-car” voucher has reached its
    usage limit
    • Memory usage exceeds physical memory

    View Slide

  39. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Meet the metrics library!
    • Measure inside your
    application
    • Gauges, Timers, Counters,
    Meters, Histograms
    • Healthchecks
    • Report to elasticsearch

    View Slide

  40. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Meet the metrics library!
    MetricRegistry  metrics  =  new  MetricRegistry();
    Meter  requestsMeter  =  metrics.meter("incoming-­‐http-­‐requests");
    //  in  your  app  code
    requestsMeter.mark(1);
    Timer responses = metrics.timer("responses"));
    Timer.Context context = responses.time();
    try {
    // etc;
    return "OK";
    } finally {
    context.stop();
    }

    View Slide

  41. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Metrics elasticsearch reporter
    • Reports from your application into
    elasticsearch
    • Uses HTTP, no elasticsearch dependency
    • Realtime notification via percolation
    Sent an email, a pager alert or a MQ message

    View Slide

  42. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Percolation
    • Normal: Index documents, run queries
    • Percolator: Register queries, run against
    documents
    • Use-case: Price agent, contextual ads,
    classification before indexing (geo, tag,
    categorization), metrics

    View Slide

  43. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Percolation support
    ElasticsearchReporter  reporter  =  
           ElasticsearchReporter.forRegistry(registry)
                   .percolateNotifier(new  PagerNotifier())
                   .percolateMetrics(".*")
                   .build();
    reporter.start(60,  TimeUnit.SECONDS);
    public  class  PagerNotifier  implements  Notifier  {
       @Override
       public  void  notify(JsonMetric  metric,  String  id)  {
           //  send  pager  duty  here
       }
    }

    View Slide

  44. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Cockpit - Sample App

    View Slide

  45. From data
    to insight

    View Slide

  46. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Know it all!
    • Long term data required (index everything!)
    • Visualization is a great start
    • Deep insight into your data required
    Know your data
    Know your data format
    Concrete questions with lots of dimensions

    View Slide

  47. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Aggegrations
    • aka: composable facets
    • Take the output of a facet operation
    • Use it as an input of another facet operation
    • Remember: What is the average shopping
    cart value per order per hour?

    View Slide

  48. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Aggegrations
    curl  -­‐X  GET  'http://localhost:9200/orders/order/_search'  -­‐d  '{
    "aggs"  :  {
           "avg_shopping_cart_per_hour"  :  {
               "filter"  :  {
                   "range":  {
                       "created_at":  {
                           "gte":  "2013/09/01",
                           "lt"  :  "2013/10/01"
                       }
                   }
               },
               "date_histogram"  :  {
                   "field"  :  "created_at",
                   "interval"  :  "1h"
               },
               "aggregations"  :  {
                   "avg"  :  {  "avg"  :  {  "field"  :  "total"  }  }
               }
    }  }  }'

    View Slide

  49. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Aggegrations
    curl  -­‐X  GET  'http://localhost:9200/orders/order/_search'  -­‐d  '{
    "aggs"  :  {
           "avg_shopping_cart_per_hour"  :  {
               "filter"  :  {
                   "range":  {
                       "created_at":  {
                           "gte":  "2013/09/01",
                           "lt"  :  "2013/10/01"
                       }
                   }
               },
               "histogram"  :  {
                   "script"  :  "doc[\u0027created_at\u0027].date.hourOfDay",
               },
               "aggregations"  :  {
                   "avg"  :  {  "avg"  :  {  "field"  :  "total"  }  }
               }
    }  }  }'

    View Slide

  50. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Ask complex questions
    • Product pageviews
    Sum of page views per price range including price
    statistics (min/max/avg/sum/count)
    • Geo location
    Physical store: Home of buyers per weekday
    combined with money spent
    • Protip: Reduce memory consumption using
    probalistic data structures, losing precision

    View Slide

  51. roundup

    View Slide

  52. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Roundup
    Insight
    Visualization Notification

    View Slide

  53. Thanks for listening!
    Alexander Reelsen
    @spinscale
    [email protected]
    We’re hiring
    http://www.elasticsearch.com/about/jobs
    #gotoaar #elasticsearch

    View Slide

  54. roadmap

    View Slide

  55. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Roadmap
    • Elasticsearch 1.0
    Distributed percolator (already in master)
    Aggregations
    Snapshot/Restore

    View Slide

  56. links

    View Slide

  57. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Links
    • Elasticsearch
    http://www.elasticsearch.org
    • Logstash
    http://logstash.net
    • Kibana
    http://three.kibana.org
    • elasticsearch-metrics-reporter
    https://github.com/elasticsearch/metrics-elasticsearch-
    reporter-java

    View Slide

  58. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Links
    • Clients
    http://www.elasticsearch.org/blog/unleash-the-clients-
    ruby-python-php-perl/
    • Metrics
    http://metrics.codahale.com/
    • Aggregations
    https://github.com/elasticsearch/elasticsearch/issues/
    3300
    • Elasticsearch Hadoop integration
    https://github.com/elasticsearch/elasticsearch-hadoop

    View Slide

  59. Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited
    Links
    • Talk on probalistic data structures
    http://www.infoq.com/presentations/scalability-data-
    mining
    • Icons
    http://www.doublejdesign.co.uk/
    http://www.iconarchive.com/

    View Slide