Mapping & Analysis — Review & Checklist

[!NOTE] Mapping & Analysis — Review & Checklist provides a comprehensive overview of the core concepts, ensuring you have a solid foundation before diving deeper into the technical details.

1. Module Review

Use this review to validate that you can explain and apply the module concepts without guesswork.

Knowledge checks

  • Can you explain the internals behind each major concept in this module?
  • Can you identify which metrics prove your approach is working?
  • Can you describe at least two failure modes and how to recover?

Implementation checklist

  • Baselines documented (latency, throughput, storage, error rate)
  • Rollback strategy tested
  • Dashboards and alerts in place
  • Runbook reviewed with on-call engineers

2. Key Takeaways

  • Text vs. Keyword: Use text for full-text searches (involves tokenization and inverted index) and keyword for exact filtering, sorting, or aggregations.
  • Inverted Index: Maps terms to their corresponding documents, powering search capabilities for text fields.
  • Doc Values: A columnar storage structure mapping documents to their values, optimized for fast aggregations and sorting.
  • Analyzers: Composed of Character Filters, a Tokenizer, and Token Filters, transforming raw text into a stream of tokens optimized for search.
  • BKD Trees: Optimized Block K-Dimensional trees that handle numerical and geospatial data for fast, multi-dimensional range queries, surpassing the traditional inverted index.

3. Flashcards

What is the primary difference between text and keyword fields?

text fields are analyzed and tokenized for full-text search, while keyword fields are stored exactly as entered for filtering, sorting, and aggregations.

What are the three stages of the Analysis Pipeline?

  1. Character Filters (e.g., stripping HTML)
  2. Tokenizer (e.g., splitting by whitespace)
  3. Token Filters (e.g., lowercasing, stemming)

Why are BKD Trees better for numbers than an Inverted Index?

BKD trees group numbers into spatial blocks, allowing Elasticsearch to skip entire blocks that don’t match a range query (price > 50), rather than scanning term by term.

4. Cheat Sheet

Concept Purpose Underlying Structure Best For
text Field Full-text search Inverted Index “Find the word ‘fox’”
keyword Field Exact matching Doc Values “status=’active’”, Sorting, Aggs
Doc Values Columnar Data Disk (OS Page Cache) Fast sorting & aggregations
BKD Tree Multi-dimensional Ranges kd-tree variants Numeric data (long, double, geo)

5. Quick Revision

  • Schema Matters: Elasticsearch will guess your types if you don’t define them, often leading to bloated storage (text + keyword multifields).
  • Hardware Costs: Analysis happens during writes (indexing) and reads (queries), demanding significant CPU.
  • Disable Unused Data: Set index: false for fields you aggregate but never search to save up to 30% of disk space.

6. Next Steps

Continue to the next module from the Elasticsearch course index.

Review all terminology in the Elasticsearch Glossary.