Top 10 Elasticsearch interview questions and answers for 2023

This is one of the basic Elasticsearch interview questions that you can kick off your interview process with. Elasticsearch performs the following basic functions: indexing, searching, fetching, updating, and deleting documents.

As the name implies, an Elasticsearch cluster is a collection of one or more nodes that are working together as one. Since the cluster is distributive and decentralized in nature, scaling up your needs with a higher availability rate and improved productivity even in cases of minor setbacks becomes seamless.

On the other hand, a node is an Elasticsearch server that starts executing the moment you run an instance of Elasticsearch. By default, they can handle HTTP and transport traffic. Each node is assigned with one or more roles that explain its responsibility and functionality in the cluster. For instance, data nodes store the data, and master nodes manage the cluster activities and cluster state.

As mentioned in the above answer, each node is assigned with one or more roles where all nodes know about each other in the cluster. As a result, they can forward client requests to the appropriate node as needed. You can assign the nodes their roles by setting up node.roles in Elasticsearch.yml. However, if you don’t set nodes.roles, by default, nodes are assigned the following roles –

• master
• data
• data_content
• data_hot
• data_warm
• data_cold
• data_frozen
• ingest
• ml
• remote_cluster_client
• transform

When setting nodes.roles, make sure to crosscheck that nodes are assigned with roles that your cluster needs. For instance, master and data roles are a must for every cluster.

Shards - To improve the fetching result during data search, you can divide indexed data into smaller chunks, called shards. As the number of documents increases, processing becomes slower, and consequently, responding to a request gets delayed. To avoid this delay, you can use shards.

Replicas - Each shard is divided into two copies for high availability and fault tolerance purposes. These copies are known as replicas.

Index - An index is similar to a database in a relational database. It utilizes the concept of replicas and shards to distribute data around the cluster.

• Command to create a new index – PUT /test_index?pretty
• Command to delete index -DELETE /test_index?pretty
• Command to list all index names and their basic information – GET _cat/indices?v
• Command to query an index – GET test_index/_search
• Command to query multiple indices – GET test_index1, test_index2/ _search

• Important configuration management tools supported by Elasticsearch are –
• Puppet – puppet-Elasticsearch
• Chef – cookbook-Elasticsearch
• Ansible – ansible-elastic search

The analyzer is built of tokenizers and filters that can be used to transform data internally for it to be indexed. Elasticsearch offers a wide range of built-in Analyzers that can be utilized in any index without requiring further configuration –

• Standard Analyzer – It is used to divide the text into terms on word boundaries (as defined by the Unicode Text Segmentation Algorithm)
• Simple Analyzer – It divides texts into terms, each instance, whenever it identifies a character that is not a letter. Furthermore, it also lowercases all terms.
• Whitespace Analyzer – It divides texts into terms, each instance, whenever it identifies any whitespace character. Unlike Simple Analyzer, it does not lower cases terms.
• Stop Analyzer – It is similar to Simple Analyzer, with the only difference being that it also supports the removal of stop words.
• Keyword Analyzer – It is basically a ‘’noop’’ Analyzer that welcomes whatever text it is given and yields the same text as a single term.
• Pattern Analyzer – It splits the text into terms with the help of regular expression and supports lower-casing and stop words.
• Language Analyzer- Elasticsearch supports various language-specific Analyzers such as English or French.
• Fingerprint Analyzer- this specialist Analyzer can create a fingertip that can be utilized to detect duplicates.

You can ask this Elasticsearch interview question for experienced to assess the candidate’s technical skill. As the name suggests, cluster health returns a simple status on the cluster’s health. The status usually is – green, yellow, or red. Red indicates that a specific shard is not available in the cluster, yellow implies that a primary shard is available, but replicas are not, and lastly, green means all shards are available.

Command to check cluster health – GET / _cat/health?v

Painless is a secure and default scripting language explicitly designed for Elasticsearch. It offers the following benefits –

• Safety – Painless ensures high-level security for your cluster. It maintains a fine-grained allowlist. Anything that does not fall under the allow list throws a compilation error.
• Performance – Since it compiles directly into JVM bytecode, it can utilize all possible optimization offered by JVM. Additionally, it avoids any features that need additional and slower checks at runtime.
• Simplicity – Painless extends Java syntax to improve readability and remove boilerplate. It implements simple syntax that anyone with some basic coding experience can get the hang of.

If you want to store a field without indexing it, you can use the ‘enabled’ attribute. It causes Elasticsearch to skip the parsing of the field’s contents altogether. The ‘index’ attribute oversees the indexing of field values and is useful for searching purposes. On the other hand, the ‘store’ attribute means field values are stored and will return the values when requested.