13 minute read ·  by Rob Sears

Logstash and Bonsai and bots, oh my!

A quick tutorial on using Logstash with Bonsai Elasticsearch to detect automated login attempts on a random server. Sometimes we’re asked if we support Logstash. The relationships between Elasticsearch, Logstash and Kibana (often referred to as the ELK stack) can sometimes foster a confusing mental model, and a simple "yes" from our support staff probably isn’t enough to help users get up and running quickly. In this post, we’d like to unveil some of the mystery behind why the ELK stack is so popular.
Continue reading…
14 minute read ·  by Rob Sears

The ideal Elasticsearch index

A key reason for the popularity of Elasticsearch is the ease and simplicity of setting up a cluster. It's trivial to run the binary and create an index, and the learning curve required to get started with Elasticsearch is very approachable.
Continue reading…
2 minute read ·  by Nick Zadrozny

Scheduled Maintenance Upgrade to Elasticsearch 1.7

W e’ve had Elasticsearch 1.7 out and running in production for a few months now, and, as expected, it’s operating like a champ. This is a minor update that doesn’t change user functionality, so we don’t expect any impact. Next week we’ll begin the process of upgrading all remaining 1.5 clusters onto ES 1.7, from Tuesday through Thursday. We will be posting updates on twitter.
Continue reading…
4 minute read · 

Can I have multiple indices on a shard?

We sometimes hear from users concerned about their shard counts. They ask how they can instruct Elasticsearch to add multiple indices to a single shard. This is a surprisingly difficult question to answer in full because the terminology can confuse the issue quite a bit.
Continue reading…
5 minute read ·  by Rob Sears

Efficient sorting of geo distances in Elasticsearch

Elasticsearch is much more than just a search engine: it's also a powerful analytics tool. One of the awesome things that Elasticsearch provides out of the box is the ability to calculate the distance between geographic points, and order the results by proximity. A common use case for this is an application where a user wants to see search results that are near a given point.
Continue reading…
4 minute read ·  by Rob Sears

Elasticsearch and the IllegalArgumentException (docID must be >= 0)

We sometimes get support tickets from users asking about this error message. They report that some queries, like hotdog, work just fine while others, like hamburger, return an error like IllegalArgumentException[docID must be >= 0 and < maxDoc=... (got docID=2147483647)]. They're confused because it seems to happen randomly and without an underlying cause. They ask: if the index is broken, why do some queries work? If the index is operating normally, why do some queries fail?
Continue reading…