Elasticsearch basic concepts
Let's look at some of the basic concepts of Elasticsearch, which explain how it stores the indexed data.
Index
Index in Elasticsearch is a collection of documents that share some common characteristics.
Each index contains multiple types, which in turn contains multiple documents, and each document contains multiple fields. An index consists of multiple JSON documents in Elasticsearch. There can be any number of indices in a cluster in Elasticsearch.
In ELK, when Logstash JSON documents are sent to Elasticsearch, they are sent as the default index pattern "logstash-%{+YYYY.MM.dd}". It partitions indices by day so that it can easily be searched and deleted if required. This pattern can be changed in the Logstash output plugin configuration.
The URL to search and query the indices looks like this:
http://localhost:9200/[index]/[type]/[operation]
Document
A document in Elasticsearch is a JSON document stored in an index. Each document has a type and corresponding...
