Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Elasticsearch: Distributed Search Under the Hood

Alexander Reelsen
September 30, 2021
Technology
0
79

Elasticsearch: Distributed Search Under the Hood

We're searching across vast amounts of data every day. None of that data is stored in a single system - due to its sheer size and to prevent data loss on node outages. But how does a distributed search look like? How is data aggregated and calculated that is placed on dozens of nodes? How is coordination working in a good state of a cluster? What happens if things go sideways and how does recovery within a cluster work? Using Elasticsearch as an example this talk shows a fair of examples of distributed communication, computation, storage and statefulness in order to give you a glimpse what is done to keep data safe and available, no matter if running on bare-metal, on k8s or virtualized instances.

Alexander Reelsen

September 30, 2021
Tweet

More Decks by Alexander Reelsen

See All by Alexander Reelsen
The New Generation of Data Stores
spinscale
0
57
Working distributed - but how?
spinscale
0
100
Implementing a custom aws lambda runtime using Crystal
spinscale
0
490
Elasticsearch Ingest Processors
spinscale
0
96
Open Source as a Business
spinscale
1
100
Inside The Elastic Stack - Testing and Releasing a Well Known Open Source Stack
spinscale
1
440
Elasticsearch - Securing a search engine while maintaining usability
spinscale
4
830
Introduction into the Elastic Stack
spinscale
0
120
Introduction into the Elasticsearch Ingest Node
spinscale
1
400

Other Decks in Technology

See All in Technology
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
1
2.5k
Data Lake, Real-time Analytics, or Both? Exploring Presto and ClickHouse
ahana
0
130
レコメンドコンペ入門
t88
0
250
また(CDK界隈の)世界を縮めてしまった
bun913
0
590
Jotaiで作ったフォームをApollo_Clientで投げたらいい感じだった件.pdf
asazutaiga
1
230
チームで導入する Jetpack Compose あの素晴らしいLTをもう一度.ver
kako351
1
170
プロ野球をデータモデリングしてみたら沼だった件 / Baseball ERD Modeling to be obsessed
gothedistance
1
110
『登記所備付地図XMLデータ』に触れてみよう〜法務省が公開した大規模オープンデータとは一体何なのか〜 / What is moj map xml
sakaik
0
160
世界モデルによる4脚ロボットの歩行学習
robots
1
290
Pain-free APIs with Smithy4s
kubukoz
0
150
PHPの最高機能、配列を捨てよう!! / Throw away all PHP array now!!!
uzulla
8
5.2k
Lux AI Season 2が始まったので Season 1を振り返る。
kenmatsu4
1
140

Featured

See All Featured
Automating Front-end Workflow
addyosmani
1351
200k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
224
50k
GraphQLの誤解/rethinking-graphql
sonatard
39
8k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
480
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
121
29k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
Code Reviewing Like a Champion
maltzj
508
38k
4 Signs Your Business is Dying
shpigford
171
20k
A designer walks into a library…
pauljervisheath
199
16k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Building Flexible Design Systems
yeseniaperezcruz
314
35k

Transcript

  1. Distributed Search...
    ... Under the Hood
    Alexander Reelsen

    [email protected] | @spinscale

    View Slide

  2. Today's goal: Understanding...
    Complexities
    Tradeoffs
    Simplifications
    Error scenarios
    ... distributed systems

    View Slide

  3. Agenda
    Distributed systems - But why?
    Elasticsearch
    Data
    Search
    Analytics

    View Slide

  4. The need for distributed systems
    Exceeding single system limits (CPU, Memory,
    Storage)
    Load sharing
    Parallelization (shorter response times)
    Reliability (SPOF)
    Price

    View Slide

  5. Load sharing

    View Slide

  6. Load sharing
    Sychronization
    Coordination & Load balancing

    View Slide

  7. Reliability

    View Slide

  8. Parallelization

    View Slide

  9. Parallelization
    Reduce?
    Sort?

    View Slide

  10. Boundaries increase
    complexity
    Core
    Computer
    LAN
    WAN
    Internet

    View Slide

  11. Boundaries increase
    complexity
    Core
    Computer
    LAN
    WAN
    Internet

    View Slide

  12. Boundaries increase
    complexity
    Core
    Computer
    LAN
    WAN
    Internet

    View Slide

  13. Boundaries increase
    complexity
    🗣 Communication

    ✍ Coordination

    Error handling

    View Slide

  14. Fallacies of Distributed Computing
    The network is reliable
    Latency is zero
    Bandwidth is infinite
    The network is secure
    Topology doesn't change
    There is one administrator
    Transport cost is zero
    The network is homogeneous

    View Slide

  15. View Slide

  16. Consensus
    Achieving a common state among participants
    Byzantine Failures
    Trust
    Crash
    Quorum vs. strictness

    View Slide

  17. Consensus goals
    Cluster Membership
    Data writes
    Security (BTC)
    Finding a leader (Paxos, Raft)

    View Slide

  18. Elasticsearch introduction

    View Slide

  19. Elasticsearch
    Speed. Scale. Relevance.
    HTTP based JSON interface
    Scales to many nodes
    Fast responses
    Ranked results (BM25, recency, popularity)
    Resiliency
    Flexibility (index time vs. query time)
    Based on Apache Lucene

    View Slide

  20. Use Cases
    E-Commerce, E-Procurement, Patents, Dating
    Maps: Geo based search
    Observability: Logs, Metrics, APM, Uptime
    Enterprise Search: Site & App Search, Workplace Search
    Security: SIEM, Endpoint Security

    View Slide

  21. Master

    View Slide

  22. Master node
    Pings other nodes
    Decides data placement
    Removes nodes from the cluster
    Not needed for reading/writing
    Updates the cluster state and distributes to all nodes
    Re-election on failure

    View Slide

  23. Node startup

    View Slide

  24. Elects itself

    View Slide

  25. Node join

    View Slide

  26. Node join

    View Slide

  27. Master node is not reachable

    View Slide

  28. Reelection within remaining nodes

    View Slide

  29. Cluster State
    Nodes
    Data (Shards on nodes)
    Mapping (DDL)
    Updated based on events (node join/leave, index creation, mapping update)
    Sent as diff due to size

    View Slide

  30. Data distribution
    Shard: Unit of work, self contained inverted index
    Index: A logical grouping of shards
    Primary shard: Partitioning of data in an index (write scalability)
    Replica shard: Copy of a primary shard (read scalability)

    View Slide

  31. Primary shards

    View Slide

  32. Primary shards per index

    View Slide

  33. Redistribution

    View Slide

  34. Redistribution

    View Slide

  35. Replicas

    View Slide

  36. View Slide

  37. Distributed search
    Two phase approach
    Query all shards, collect top-k hits
    Sort all search results on coordinating node
    Create real top-k result from all results
    Fetch data for all real results (top-k instead of shard_count * top-k )

    View Slide

  38. View Slide

  39. View Slide

  40. View Slide

  41. View Slide

  42. View Slide

  43. View Slide

  44. Adaptive Replica Selection
    Which shards are the best to select?
    Each node contains information of
    Response time of prior requests
    Previous search durations
    Search threadpool size
    Less loaded nodes will retrieve more queries
    More info: Blog post, C3 paper

    View Slide

  45. Searching faster by searching less
    Optimization applies to all shards in the query phase
    Skip non competitive hits for top-k retrieval
    Trading in accuracy of hit counts for speed
    More info: Blog post

    View Slide

  46. Example: elasticsearch OR kibana OR logstash
    At some point there is a minimal score required to be in the top-k

    documents
    If one of the search terms has a lower score than that minimal score it

    can be skipped
    Query could be changed to elasticsearch OR kibana for finding matches,

    thus skipping all documents containing only logstash
    Result: Major speed up

    View Slide

  47. Lucene Nightly Benchmarks

    View Slide

  48. Many more optimizations
    Skip lists (search delta encoded postings list)
    Two phase iterations (approximation & verification)
    Integer compression
    Data structures like BKD tree for numbers, FSTs for completion
    Index sorting

    View Slide

  49. Aggregations
    Aggregations run on top of a result set of a query
    Slice, dice und combine data to get insights
    Show me the total sales value by quarter for each sales person
    The average response time per URL endpoint per day
    The number of products within each category
    The biggest order of each month in the last year

    View Slide

  50. Distributed Aggregations
    Some calculations require your data to be central for a certain use-case
    Unique values in my dataset - how does this work across shards without

    sending the whole data set to a single node?
    Solution: Be less accurate, sometimes be probabilistic!

    View Slide

  51. terms Aggregation
    Count all the categories from returned products

    View Slide

  52. terms Aggregation

    View Slide

  53. Counts

    View Slide

  54. Counts

    View Slide

  55. Counts
    Count more than top-n buckets: size * 1.5 + 10
    Does not eliminate the problem, reduces it only
    Provide doc_count_error_upper_bound
    Possible solution: Add more roundtrips?

    View Slide

  56. Probabilistic Data Structures
    Membership check: Bloom, Cuckoo filters
    Frequencies in an event stream: Count-min sketch
    Cardinality: LogLog algorithms
    Quantiles: HDR, T-Digest

    View Slide

  57. How many distinct elements are across my whole dataset?
    cardinality Aggregation

    View Slide

  58. cardinality
    Result: 40-65?!

    View Slide

  59. cardinality Aggregation
    Solution: HyperLogLog++
    mergeable data structure
    Approximate
    Trades memory for accuracy
    Fixed memory usage based on configured precision_threshold

    View Slide

  60. percentiles Aggregation
    Naive implementation (sorted array) is not mergeable across shards and

    scales with the number of documents in a shard
    T-Digest utilizes a clustering approach, that reduces memory usage by falling

    back into approximation at a certain size

    View Slide

  61. Summary
    Tradeoffs
    Behaviour
    Algorithms
    Data Structures
    Every distributed system is
    different

    View Slide

  62. Summary - ease distributed systems usage
    For developers
    Elasticsearch Clients check for nodes in the background
    For operations
    ECK, terraform provider, ecctl

    View Slide

  63. More...
    SQL: Distributed transactions
    SQL: Distributed joins
    Collaborative Editing
    CRDTs
    Failure detection (Phi/Adaptive accrual failure detector)
    Data partitioning (ring based)
    Recovery after errors (read repair)
    Secondary indexes
    Leader/Follower approaches

    View Slide

  64. More...
    Cluster Membership: Gossip (Scuttlebutt, SWIM)
    Spanner (CockroachDB)
    Calvin (Fauna)
    Java: ScaleCube, swim-java
    Java: Ratis, JRaft
    Java: Atomix
    Go: Serf

    View Slide

  65. Consistency models, from jepsen.io

    View Slide

  66. Academia

    View Slide

  67. Books, books, books

    View Slide

  68. Books, books, books

    View Slide

  69. Thanks for listening!

    View Slide