Elasticsearch
Elasticsearch is the core of every Elastic deployment. It is simultaneously a distributed search engine, a scalable data store, and a vector database. It provides near real-time search and analytics across structured, unstructured, time series, vector, and geospatial data.
Key Capabilities
- Multi-type data storage — handles text, numbers, timestamps, vectors, and geo data
- Near real-time search — data becomes searchable almost immediately after indexing
- Multiple query languages — Query DSL, aggregations, and filters
- AI-powered features — built-in NLP models for inference and LLM integration
- API-first — nearly everything configurable via REST APIs (indices, queries, security, cluster settings)
Distributed Architecture
Runs as a cluster of one or more nodes (servers). Data added to an index is split into shards distributed across nodes, ensuring high availability and scalability.
| Term | Definition |
|---|---|
| Index | Fundamental unit of storage — like a database table |
| Shard | A piece of an index distributed across nodes |
| Node | A single server in the cluster |
| Cluster | The full collection of nodes working together |
| Replica | A copy of a shard for redundancy |
On Elastic Cloud Serverless, the Search AI Lake architecture automates node, shard, and replica management entirely.
Access Methods
- REST APIs — full programmatic control
- Official clients — Java, Python, Go, Ruby, and more
- kibana — Console tool for interactive API access
See Also
- elastic-stack — the broader platform
- kibana — the UI that queries and visualizes Elasticsearch data
- elastic-agent — primary way to ship data into Elasticsearch