- Open source search server is written using Java
- The ELK Stack is a collection of three open-source products
- E stands for ElasticSearch: used for storing logs
- L stands for LogStash : used for both shipping as well as processing and storing logs
- K stands for Kibana: is a visualization tool (a web interface) which is hosted through Nginx or Apache
- It is popular log management platform used worldwide for log analysis.
- ELK Stack is designed to allow users to take to data from any source, in any format, and to search, analyze, and visualize that data in real time.
- ELK provides centralized logging that be useful when attempting to identify problems with servers or applications.
- It allows you to search all your logs in a single place. It also helps to find issues that occur in multiple servers by connecting their logs during a specific time frame.
- Used to index any kind of heterogeneous data
- Has REST API web-interface with JSON output
- Full-Text Search
- Near Real Time (NRT) search
- Sharded, replicated searchable, JSON document store
- Schema-free, REST & JSON based distributed document store
- Multi-language & Geo location support
- Store schema-less data and also creates a schema for your data
- Manipulate your data record by record with the help of Multi-document APIs
- Perform filtering and querying your data for insights
- Based on Apache Lucene and provides RESTful API
- Provides horizontal scalability, reliability, and multitenant capability for real time use of indexing to make it faster search
- Helps you to scale vertically and horizontally
Cluster - A cluster is a collection of nodes which together holds data and provides joined indexing and search capabilities.
Node - A node is an elasticsearch Instance. It is created when an elasticsearch instance begins.
Index
- An index is a collection of documents which has similar characteristics.
- e.g., customer data, product catalog.
- It is very useful while performing indexing, search, update, and delete operations.
- It allows you to define as many indexes in one single cluster.
Document
- It is the basic unit of information which can be indexed.
- It is expressed in JSON (key: value) pair. '{"user": "nullcon"}'.
- Every single Document is associated with a type and a unique id.
Shard
- Every index can be split into several shards to be able to distribute data.
- The shard is the atomic part of an index, which can be distributed over the cluster if you want to add more nodes.
No comments:
Post a Comment