Catalog / Elasticsearch Cheat Sheet
Elasticsearch Cheat Sheet
A comprehensive cheat sheet for Elasticsearch, covering essential concepts, query syntax, API endpoints, and common operations.
Core Concepts & API Basics
Key Concepts
Index |
A collection of documents with similar characteristics. Think of it as a database. |
Document |
A JSON document containing fields and their values. It’s the basic unit of information. |
Field |
A key-value pair within a document. The key is the field name and the value is the data. |
Mapping |
Defines how a document and its fields are stored and indexed. Like a schema. |
Shard |
Indexes are divided into shards. Each shard is a fully-functional and independent “index” that can be hosted on any node in an Elasticsearch cluster. |
Replica |
A copy of a shard. Replicas provide redundancy and increase search capacity. |
Basic API Endpoints
|
|
|
|
|
|
|
Common HTTP Methods
GET |
Retrieve information. |
POST |
Create a new resource or perform an action (e.g., search). |
PUT |
Create or update a resource at a specific ID. Replaces the entire document. |
DELETE |
Delete a resource. |
Query DSL (Domain Specific Language)
Basic Query Structure
The Query DSL is based on JSON. The basic structure is:
|
Match Query
|
Analyzes the query and constructs a boolean query. Good for full-text search.
|
|
Matches exact phrases. The terms must be in the specified order.
|
|
Matches all documents. Useful for retrieving all documents in an index.
|
Term Query
|
Finds documents that contain the exact term specified. Not analyzed.
|
|
Finds documents that contain one or more of the exact terms specified.
|
Boolean Query
|
A query that matches documents matching boolean combinations of other queries. Uses
|
|
The clause (query) must appear in matching documents and will contribute to the score. |
|
The clause (query) should appear in the matching document. If the |
|
The clause (query) must not appear in the matching documents. Is executed in filter context meaning that scoring is ignored and the clause is considered for caching. |
|
The clause (query) must appear in matching documents. However unlike |
Aggregations
Aggregation Basics
Aggregations allow you to compute statistics and analytics over your data. They are similar to SQL
|
You can nest aggregations. |
Bucket Aggregations
|
Creates buckets based on unique terms in a field.
|
|
Creates buckets based on date intervals.
|
|
Creates buckets based on numeric or date ranges.
|
Metric Aggregations
|
Calculates the average of a numeric field.
|
|
Calculates the sum of a numeric field.
|
|
Calculates the minimum value of a numeric field.
|
|
Calculates the maximum value of a numeric field.
|
|
Calculates the approximate number of unique values in a field. Useful for counting distinct users.
|
Mappings & Settings
Mapping Types
|
Used for full-text search. Analyzed into individual terms. |
|
Used for exact-value matching, filtering, and sorting. Not analyzed. |
|
Stores dates. Can be formatted. |
|
Numeric types. |
|
Stores boolean values (true/false). |
|
Used for nested JSON objects. |
|
Used for arrays of JSON objects. Allows querying each object in the array independently. |
Explicit Mapping
You can define the mapping explicitly when creating an index.
|
If no mapping is defined, Elasticsearch will attempt to infer the mapping dynamically (Dynamic Mapping). |
Index Settings
|
The number of primary shards an index should have. Defaults to 1 in newer versions. Can only be set at index creation. |
|
The number of replica shards each primary shard should have. Defaults to 1. Can be changed dynamically after index creation.
|
|
Configures analyzers, tokenizers, token filters, and character filters for text analysis. Allows for customizing how text is indexed and searched. |