Elasticsearch is a distributed search and analytics engine, scalable data store and vector database optimized for speed and relevance on production-scale workloads. Elasticsearch is the foundation of Elastic’s open Stack platform. Search in near real-time over massive datasets, perform vector searches, integrate with generative AI applications, and much more.
Use cases enabled by Elasticsearch include:
-
Full-text search
-
Logs
-
Metrics
-
Application performance monitoring (APM)
-
Security logs
... and more!
To learn more about Elasticsearch’s features and capabilities, see our product page.
To access information on machine learning innovations and the latest Lucene contributions from Elastic, more information can be found in Search Labs.
The simplest way to set up Elasticsearch is to create a managed deployment with Elasticsearch Service on Elastic Cloud.
If you prefer to install and manage Elasticsearch yourself, you can download the latest version from elastic.co/downloads/elasticsearch.
Warning
|
DO NOT USE THESE INSTRUCTIONS FOR PRODUCTION DEPLOYMENTS. This setup is intended for local development and testing only. |
The following commands help you very quickly spin up a single-node Elasticsearch cluster, together with Kibana in Docker. Use this setup for local development or testing.
If you don’t have Docker installed, download and install Docker Desktop for your operating system.
Configure the following environment variables.
export ELASTIC_PASSWORD="<ES_PASSWORD>" # password for "elastic" username
export KIBANA_PASSWORD="<KIB_PASSWORD>" # Used internally by Kibana, must be at least 6 characters long
To run both Elasticsearch and Kibana, you’ll need to create a Docker network:
docker network create elastic-net
Start the Elasticsearch container with the following command:
docker run -p 127.0.0.1:9200:9200 -d --name elasticsearch --network elastic-net \
-e ELASTIC_PASSWORD=$ELASTIC_PASSWORD \
-e "discovery.type=single-node" \
-e "xpack.security.http.ssl.enabled=false" \
-e "xpack.license.self_generated.type=trial" \
docker.elastic.co/elasticsearch/elasticsearch:{version}
To run Kibana, you must first set the kibana_system
password in the Elasticsearch container.
# configure the Kibana password in the ES container
curl -u elastic:$ELASTIC_PASSWORD \
-X POST \
https://localhost:9200/_security/user/kibana_system/_password \
-d '{"password":"'"$KIBANA_PASSWORD"'"}' \
-H 'Content-Type: application/json'
Start the Kibana container with the following command:
docker run -p 127.0.0.1:5601:5601 -d --name kibana --network elastic-net \
-e ELASTICSEARCH_URL=https://elasticsearch:9200 \
-e ELASTICSEARCH_HOSTS=https://elasticsearch:9200 \
-e ELASTICSEARCH_USERNAME=kibana_system \
-e ELASTICSEARCH_PASSWORD=$KIBANA_PASSWORD \
-e "xpack.security.enabled=false" \
-e "xpack.license.self_generated.type=trial" \
docker.elastic.co/kibana/kibana:{version}
Trial license
The service is started with a trial license. The trial license enables all features of Elasticsearch for a trial period of 30 days. After the trial period expires, the license is downgraded to a basic license, which is free forever. If you prefer to skip the trial and use the basic license, set the value of the xpack.license.self_generated.type
variable to basic instead. For a detailed feature comparison between the different licenses, refer to our subscriptions page.
You send data and other requests to Elasticsearch through REST APIs. You can interact with Elasticsearch using any client that sends HTTP requests, such as the Elasticsearch language clients and curl.
Here’s an example curl command to create a new Elasticsearch index, using basic auth:
curl -u elastic:$ELASTIC_PASSWORD \
-X PUT \
https://localhost:9200/my-new-index \
-H 'Content-Type: application/json'
To connect to your local dev Elasticsearch cluster with a language client, you can use basic authentication with the elastic
username and the password you set in the environment variable.
You’ll use the following connection details:
-
Elasticsearch endpoint:
https://localhost:9200
-
Username:
elastic
-
Password:
$ELASTIC_PASSWORD
(Value you set in the environment variable)
For example, to connect with the Python elasticsearch
client:
import os
from elasticsearch import Elasticsearch
username = 'elastic'
password = os.getenv('ELASTIC_PASSWORD') # Value you set in the environment variable
client = Elasticsearch(
"https://localhost:9200",
basic_auth=(username, password)
)
print(client.info())
Kibana’s developer console provides an easy way to experiment and test requests. To access the console, open Kibana, then go to Management > Dev Tools.
Add data
You index data into Elasticsearch by sending JSON objects (documents) through the REST APIs. Whether you have structured or unstructured text, numerical data, or geospatial data, Elasticsearch efficiently stores and indexes it in a way that supports fast searches.
For timestamped data such as logs and metrics, you typically add documents to a data stream made up of multiple auto-generated backing indices.
To add a single document to an index, submit an HTTP post request that targets the index.
POST /customer/_doc/1 { "firstname": "Jennifer", "lastname": "Walters" }
This request automatically creates the customer
index if it doesn’t exist,
adds a new document that has an ID of 1, and
stores and indexes the firstname
and lastname
fields.
The new document is available immediately from any node in the cluster. You can retrieve it with a GET request that specifies its document ID:
GET /customer/_doc/1
To add multiple documents in one request, use the _bulk
API.
Bulk data must be newline-delimited JSON (NDJSON).
Each line must end in a newline character (\n
), including the last line.
PUT customer/_bulk { "create": { } } { "firstname": "Monica","lastname":"Rambeau"} { "create": { } } { "firstname": "Carol","lastname":"Danvers"} { "create": { } } { "firstname": "Wanda","lastname":"Maximoff"} { "create": { } } { "firstname": "Jennifer","lastname":"Takeda"}
Search
Indexed documents are available for search in near real-time.
The following search matches all customers with a first name of Jennifer
in the customer
index.
GET customer/_search { "query" : { "match" : { "firstname": "Jennifer" } } }
Explore
You can use Discover in Kibana to interactively search and filter your data. From there, you can start creating visualizations and building and sharing dashboards.
To get started, create a data view that connects to one or more Elasticsearch indices, data streams, or index aliases.
-
Go to Management > Stack Management > Kibana > Data Views.
-
Select Create data view.
-
Enter a name for the data view and a pattern that matches one or more indices, such as customer.
-
Select Save data view to Kibana.
To start exploring, go to Analytics > Discover.
To upgrade from an earlier version of Elasticsearch, see the Elasticsearch upgrade documentation.
Elasticsearch uses Gradle for its build system.
To build a distribution for your local OS and print its output location upon completion, run:
./gradlew localDistro
To build a distribution for another platform, run the related command:
./gradlew :distribution:archives:linux-tar:assemble ./gradlew :distribution:archives:darwin-tar:assemble ./gradlew :distribution:archives:windows-zip:assemble
To build distributions for all supported platforms, run:
./gradlew assemble
Distributions are output to distribution/archives
.
To run the test suite, see TESTING.
For the complete Elasticsearch documentation visit elastic.co.
For information about our documentation processes, see the docs README.
The elasticsearch-labs
repo contains executable Python notebooks, sample apps, and resources to test out Elasticsearch for vector search, hybrid search and generative AI use cases.
For contribution guidelines, see CONTRIBUTING.
-
To report a bug or request a feature, create a GitHub Issue. Please ensure someone else hasn’t created an issue for the same topic.
-
Need help using Elasticsearch? Reach out on the Elastic Forum or Slack. A fellow community member or Elastic engineer will be happy to help you out.