1 Overview


This chapter covers

  • Setting the scene for modern search engines
  • Introducing Elasticsearch
  • Understanding Elasticsearch’s core areas, use cases, and prominent features
  • The Elastic Stack: Beats, Logstash, Elasticsearch, and Kibana

The explosion of data in recent years has led to a new normal in terms of the standards expected of search and analytics functionality. As organizations amass data, the ability to find the “needle in the haystack” is a paramount necessity. In addition to search, being able to zoom out and aggregate data using analytical functionality has become a mandatory requirement for organizations. The last decade has seen exponential adoption of modern search and analytics engines. One such modern search engine is Elasticsearch.

Elasticsearch is a powerful and popular open source distributed search and analytics engine. It is built on top of the Apache Lucene library and can perform near-real-time search and analytics on structured and unstructured data. It is designed to handle large amounts of data efficiently.

Elasticsearch has come a long way in enabling organizations to utilize its powerful features in the search and analytics space. In addition to search and analytics use cases, it is used for application and infrastructure log analytics, enterprise security and threat detection, application performance and monitoring, distributed datastores, and more.

1.1 What makes a good search engine?

1.2 Search is the new normal

1.2.1 Structured vs. unstructured (full-text) data

1.2.2 Search supported by a database

1.2.3 Databases vs. search engines

1.3 Modern search engines

1.3.1 Functionality

1.3.2 Popular search engines

1.4 Elasticsearch overview

1.4.1 Core areas