深入理解ElasticSearch关键词

• Relevance

  Full-text queries find all documents that match the query string and return them sorted by relevance - how good a match they are for your search terms.

  By default, Elasticsearch sorts matching search results by relevance score, which measures how well each document mathces a query.

• Query DSL

  《理解DSL||AST||query clauses||X-Pack||JDBC||ODBC》

  You can access all kinds of search capabilities using Elasticsearch’s omprehensive JSON-style query language (Query DSL).

  Elasticsearch provides a full Query DSL (Domain Specific Language) based on JSON to define queries.

  Think of the Query DSL as an AST (Abstract Syntax Tree) of queries, consisting of two types of clauses:

  • Leaf query clauses
  • Compouned query clauses

• SQL access

  Elasticsearch SQL aims to provide a powerful yet lightweight SQL interface to Elasticsearch.

  Elasticsearch SQL is an X-Pack component that allows SQL-like queries to be executed in realtime against Elasticsearch.

• Shards

  There are two types of shards: primaries and replicas.

  Each document in an index belongs to one primary shard.

  A replica shard is a copy of a primary shard.

• CCR(Cross-Cluster replication)

  CCR provides a way to automaticlly synchronize indices from primary cluster to a secondary remote cluster that can serve as a hot backup.

• Resiliency

  The cluster status will remain yellow if you are only running a single instance of Elasticsearch.

  A single node cluster is fully functional, but data cannot be relicated to another node to provide resiliency.

  Replica shards must be avaiable for the cluster status to be green.

  If the cluster status is red, some data is unavaiable.

• Bulk API

  If you have a lot of documents to index, you can submit them in batches with the bulk API.

  Performs multiple indexing or delete operations in a single API call. It reduces overhead and can greatly increase indexing speed.

• EUI(Elastic UI framework)

  The Elastic UI framework is a design library in use at Elastic to build internal products that need to share our aesthetics.

• SIEM

  Security Information and Event Management(SIEM) is a subsection within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM).

  They provide real-time analysis of security alerts generated by applications and network hardware.

• SIM(Security Information Management)

  Security Information Management (SIM) is an information security industry term for the collection of data such as log files into a central repository

• Information Security

  Information security (shortened to infosec) is the practice of protecting information by mitigating information risks.

• SEM(Security Event Management)

  Security Event Management and related SIM, SIEM, are computer secrity disciplines that use data inspection tools to centralize the storage and interpretation of logs or events generated by other software running on a network.

• ECS(Elastic Common Schema)

  The Elastic Common Schema is an open source specification, developed with support from the Elastic user community.

  The goal of ECS is to enable and encourage users of Elasticsearch to normalize their event data, so that they can better analyze, visualize, and correlate the data represented in their events.

• Beats

  Beats are open source data shippers that you install as agents on your servers to send operational data to Elasticsearch.

  Beats can send data directly to Elasticsearch or via Logstash, where you can further process and enhance the data, before visualizing it in Kibana.

• Observability

  At Elastic, we view observability as an attribute of any system that you build and want to monitor.

• Bootstrap Password

  The bootstrap password is a transient password that enables you to run the tools that set all the built-in user passwords.

• Built-in users || superuser

  The Elastic Stack security features provide built-in user credentials to help you get up and running.

  These users have a fixed set of priviledges and cannot be authenticated until their passwords have been set.

  Built-in users are stored in a special .security index, which is managed by Elasticsearch.

  The elastic user(a built-in superuser) can be used to set all of the built-in user passwords.

• Realm

  Realms define the administrative boundary within which the authentication server has authority to authrnticate users and services.

• Built-in roles

  The Elastic Stack security features apply a default role to all users, including anonymouse users.

  A user with the superuser role can also manage users and roles and impersonate any other user in the system.

• RBAC(Role-Based Access Control)

  《理解LDAP||Active Directory||PKI||RBAC||SAML||Kerberos》

  The security features provide a role-based access control (RBAC) mechanism, which enables you to authorize users by assigning privileges to roles and assigning roles to users or groups.

• real-time pipelining capabilities