Elasticsearch Search

Elasticsearch Search

Last Update: March 2020

Before you start reading this page, try the new Elasticsearch Check-Up - Get actionable recommendations that can improve your cluster search and indexing speed (no installation required).

Search in Elasticsearch

What it is

Search refers to the searching of documents in an index or multiple indices. The simple search is just a GET request to _search endpoint. The search query can either be provided in query string or through  a request body.

Examples

When looking for any documents in this index, if search parameters are not provided, every document is a hit and by default 10 hits will be returned.

GET my_documents/_search

A JSON object is returned in response to a search query. A 200 response code will mean the request completed successfully.

{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"hits" : {
"total" : 2,
"max_score" : 1.0,
"hits" : [
...
]
}
}
Notes
  • Distributed search is challenging and every shard of the index needs to be searched for hits, and then those hits are combined into a single sorted list as a final result.
  • There are two phases of search: the query phase and the fetch phase.
  • In the query phase, the query is executed on each shard locally and top hits are returned to the coordinating node. The coordinating node merges the results and creates a global sorted list. 
  • In the fetch phase, the coordinating node brings the actual documents for those hit IDs and returns them to the requesting client.
  • A coordinating node needs enough memory and CPU in order to handle the fetch phase.

About Opster

Opster is redefining Elasticsearch management - pro-actively troubleshooting, optimizing performance, operating on clusters and assisting with all things needed to successfully run ES in production


Click below to learn how to fix common problems related to these concepts
« Back to Index