Elasticsearch Interview Questions

If you're looking for Elasticsearch Interview Questions for Experienced or Freshers, you are at the right place. There are a lot of opportunities from many reputed companies in the world. According to research, Elasticsearch has a market share of about 0.24%.

So, You still have the opportunity to move ahead in your career in Elasticsearch Engineering. Mindmajix offers Advanced Elasticsearch Interview Questions that help you in cracking your interview & acquire your dream career as Elasticsearch Engineer.

Below mentioned are the most frequently asked Elasticsearch interview questions. Let's have a look into them

• For Freshers
• For Experienced

Frequently Asked Elasticsearch Interview Questions

• What is ElasticSearch?

• What are the important features of Elasticsearch?

• What is a cluster?

• What are the advantages of Elasticsearch?

• What is a document in ElasticSearch?

• What is the ELK stack?

• What is indexing in ElasticSearch?

Elasticsearch Interview Questions and Answers for Freshers

1. What is Elasticsearch?

Ans: Elasticsearch is an open-source distributed search and analysis engine built on Apache Lucene. With time, it has become a popular search engine that is commonly used for security intelligence, business analytics, operational intelligence, log analytics, and full-text search, and more.

If you want to enrich your career and become a professional in Elasticsearch, then enroll in "Elasticsearch Online Training" - This course will help you to achieve excellence in this domain.

2. What are the important features of Elasticsearch?

Ans: Here are important features of Elasticsearch:

• Full-Text Search
• An open-source search server is written using Java
• Used to index all type of heterogeneous data
• Near Real-Time (NRT) search
• Has REST API web interface with JSON output
• Sharded, replicated searchable, JSON document store.
• Multi-language & Geolocation support
• Schema-free, REST & JSON based distributed document store

3. What is a cluster?

Ans: A cluster is a group of nodes with the same cluster. name attribute which together holds data and provides joined indexing and search capabilities.

4. What is the ELK stack?

Ans: In Elasticsearch, ELK Stack is a collection of three open-source products — Elasticsearch, Logstash, and Kibana. 

• E stands for ElasticSearch: used for storing logs.
• L means LogStash:  used for both shipping, processing, and storing logs.
• K stands for Kibana:  a visualization tool.

5. What are the advantages of Elasticsearch?

Ans: Some of the biggest advantages of Elasticsearch are as follows -

• Creates and stores schema-less data
• Manipulates data record by using Multi-document APIs
• Filtering and querying data for insights
• Based on Apache Lucene and provides RESTful API
• Helps you to scale vertically and horizontally

6. Explain ELK stack architecture?

Ans: ELK stack allows users to fetch data from heterogeneous data sources and analyze, visualize it in real-time. ELK architecture consists of the following things - 

• Logs: First of all, the user identifies what server logs need to be analyzed
• Logstash: Collect logs and events data. It also parses and transforms data.
• ElasticSearch: The transformed data is then stored, searched, and indexed.
• Kibana: Kibana uses Elasticsearch database to Explore, Visualize, and Share

7. What are the primary operations performed in a Document?

Ans: Here, are important operation performed on documents:

• Indexing a document
• Fetching documents
• Updating documents
• Deleting documents

8. How can you delete an index in Elasticsearch?

Ans: To delete an index in Elasticsearch, use the below command. 

DELETE/index name

For eg. DELETE/website

9. What is a method to add a mapping in an Index?

Ans: Elasticsearch lets you to create the mapping as per the data given by the user in the request body. Its bulk feature can be used to add more than one JSON object in the index.

For example, POST website /_bulk.

Related Article: Nested Type Mapping In Elasticsearch

10. What are the various ways of searching in Elasticsearch?

Ans: We have different ways of searching in Elasticsearch:

• Multi-index, Multitype search: A user can search APIs that can be applied across several indices through a multi-index support system.
• URI (uniform resource identifier) search: A user can execute a search request using a URI by providing the requested parameters.
• Request body search: A search request needs to be executed by a search DSL. 

11. Where is Elastic search stored?

Ans: Elastic search results are stored in a distributed document in different directories. Also, a user can retrieve complex data structures that are serialized as JSON documents.

12. What are some of the configuration management tool supported by Elasticsearch?

Ans: Some important configuration management tool supported by Elasticsearch is as follows:

• Puppet: puppet-elastic search
• Chef: cookbook-elastic search
• Ansible: ansible-elastic search

13. What is Apache Lucene?

Ans: Apache Lucene is an open-source information retrieval software library written in Java language.

14. What is NRT in Elasticsearch?

Ans: NRT  stands for Near Real-Time Search. It is a near real-time search platform ie. there will be a slight latency (approx. one second) from indexing a document until it becomes searchable.

15. List out different commands available in Elasticsearch cat API?

Ans: Command using with cat API are:

• Cat aliases, cat field data, cat allocation, cat count
• Cat health,  pending tasks, cat plugins, cat indices, cat master, cat recovery
• cat repositories, cat templates, cat snapshots

16. What do you mean by ingest node?

Ans: Ingest node is used to pre-process the documents before the actual document indexing is done. It intercepts bulk and index requests and applies transformations to pass the documents back to the bulk API and index.

17. What is Single document APIs in Elasticsearch? 

Ans:

• Get API
• Index API
• Delete API
• Update API

18. What do you mean by fuzzy query Elasticsearch?

Ans: The fuzzy query returns the document that contains terms similar to the search terms. To find similar terms, a fuzzy query creates a set of possible variations of search terms within a specified edit distance. When a user searches for some terms using a fuzzy query, the system returns the most resembling terms for each expansion. 

19. What is dynamic mapping in Elasticsearch?

Ans: The process of automatic detection and addition of new fields is called dynamic mapping. Also, a user can customize the dynamic mapping rules to suit the requirement. 

20. What is the explore API in Elasticsearch?

Ans: The explore API helps in extracting and summarizing information about the documents and terms in the elastic search index. You can understand the behavior of this API by using the Graph UI to explore connections. 

Related Article: Learn Elasticsearch Update API

21. What software is required to install Elasticsearch?

Ans: The latest JDK or Java version 1.8.0 is a prerequisite to install Elasticsearch.

22. What is the step-by-step procedure to start an Elasticsearch server?

Ans: Follow the given steps to start an elasticsearch server 

• First of all open, the command prompt from the windows start menu
• Change the directory to the bin folder of the elasticsearch folder which was created after its installation
• Type/Elasticsearch.bat and press  enter to start the Elasticsearch server

By following these steps, Elasticsearch will start in CMD in the background. Further, open the browser and type http://localhost:9200, and press enter. This will show you the elasticsearch cluster name and meta value related to the database.

23. Can you name five companies that have an elastic search as their search engine and database for their application? 

Ans:

• Uber
• Stack Overflow
• DigitalOcean
• Udemy
• Wikipedia
• Netflix

24. Can you explain SHARDS in Elasticsearch?

Ans: When the number of documents increases, processing power goes down, and as a result responding to client requests gets delayed. In situations, indexed data is divided into small chunks called Shards, in order to improve the fetching of results during data search.

25. What is the syntax or code to add a Mapping in an Index?

Ans: You can add a mapping in an index using the below syntax:

Syntax:

 POST /_<index_name>/_type/_id

Elasticsearch Interview Questions for Experienced

26. What is the syntax/code to retrieve a document by ID in Elasticsearch?

Ans: GET API fetches the specified JSON document from an index.

Syntax: 

GET <index_name>/_doc/<_id>

27. What are the various types of queries that Elasticsearch supports?

Ans: Queries are categorized into two types: Full Text/Match Queries and Term-based Queries.

Text Queries include basic match, match phrase, common terms, query-string, multi-match, match phrase prefix, simple query string.

Term Queries include term exists, type, wildcard, regexp term set, range, prefix, ids, and fuzzy.

28. What is the difference between Term-based queries and Full-text queries?

Ans: Full-text queries analyze the query string before executing it whereas term-level queries operate on the exact terms stored in the inverted index without analyzing. 

The full-text queries are commonly used to run queries on full-text fields like the body of an email whereas term level queries are used for structured data like numbers, dates, and enums, rather than full-text fields. 

29. What is aggregation in Elasticsearch?

Ans: Aggregations help in collecting data through queries used in the search. Different types of aggregations are Sum and stats, Metrics, Average, Minimum, Maximum based on different purposes.

Related Article: Learn About Elasticsearch Post Filter Aggregation

30. What is the difference between Master node and Master eligible no4de?

Ans: Master node functionality includes the creation of index/indices, monitor an account of nodes forming a cluster, deletion of index/indices. Whereas, Master eligible nodes are those nodes that get elected to become Master Node.

31. List out X-Pack commands?

Ans: X-Pack commands are listed below:

• Certgen
• Migrate
• setup-passwords
• syskeygen
• users

32. How Migration API can be used as an Elasticsearch?

Ans: Migration API is applied after the Elasticsearch version is upgraded with a newer version. With migration API, X-Pack indices get updated into a newer version of the Elasticsearch cluster.

33. Where and how Kibana will be useful in Elasticsearch?

Ans: Kibana is part of the ELK Stack – log analysis solution. It is an open-source visualization tool used to analyze data available in graph formats such as pie bar, coordinate map, line, etc.

34. List out the use cases related to ELK log analytics?

Ans: ELK log analytics use cases are listed below:

• Compliance
• Fraud detection
• Market Intelligence
• Risk management
• Security analysis
• E-commerce Search solution

35. How Elastic Stack Reporting is used?

Ans: Reporting API is used to retrieve data in image PNG format, PDF format as well as spreadsheet CSV format that can be shared or saved as per requirement.

36. How Beats can be used with Elasticsearch?

Ans: Beats is an open-source tool used to transfer data to Elasticsearch where data is processed before being viewed using Kibana. Data such as audit data, log files, window event logs, cloud data, and network traffic are transported. 

37. What is the functionality of cat API in Elasticsearch?

Ans: Cat API commands provide an overview of the Elasticsearch cluster including data related to aliases, allocation, indices, node attributes, etc. These cat commands use query string as a parameter that returns queried data from the JSON document.

38. What is the importance of installing X-Pack for Elasticsearch?

Ans: X-Pack is an extension that gets installed with Elasticsearch. Some of the functionalities of X-Pack are security (Roles and User security, Role-based access, Privileges/Permissions), monitoring, alerting, reporting, and more.

39. What is an index in ElasticSearch? 

Ans: An index is similar to a table in relational databases. The difference is that relational databases would store actual values, which is optional in ElasticSearch. An index can store actual and/or analyzed values in an index.

40. What is a document in ElasticSearch? 

Ans: A document is similar to a row in relational databases. The difference is that each document in an index can have a different structure (fields), but should have the same data type for common fields.Each field can occur multiple times in a document with different data types. Fields can contain other documents too.

41. Does ElasticSearch have a schema?

Ans: Yes, ElasticSeach can have mappings that can be used to enforce a schema on documents.

42. What is a document type in ElasticSearch?

Ans: A document type can be seen as the document schema / dynamic mapping definition, which has the mapping of all the fields in the document along with its data types.

43. What is indexing in ElasticSearch?

Ans: The process of storing data in an index is called indexing in ElasticSearch. Data in ElasticSearch can be divided into write-once and read-many segments. Whenever an update is attempted, a new version of the document is written to the index.

44. What is a node in ElasticSearch?

Ans: Each instance of ElasticSearch is called a node. Multiple nodes can work in harmony to form an ElasticSearch Cluster.

45. What is a shard in ElasticSearch?

Ans: Due to resource limitations like RAM, CPU, etc, for scale-out, applications need to employ multiple instances of ElasticSearch on separate machines. Data in an index can be divided into multiple partitions, each handled by a separate node (instance) of ElasticSearch. Each such partition is called a shard. By default, an ElasticSearch index has 5 shards.

46. What is a replica in ElasticSearch?

Ans: Each shard in ElasticSearch has 2 copies of the shard. These copies are called replicas. They serve the purpose of high availability and fault tolerance.

47. What is an Analyzer in ElasticSearch?

Ans: While indexing data in ElasticSearch, data is transformed internally by the Analyzer defined for the index, and then indexed. An analyzer is built of tokenizer and filters. Following types of Analyzers are available in ElasticSearch 1.10.

1. Standard Analyzer
2. Simple Analyzer
3. WhiteSpace Analyzer
4. Stop Analyzer
5. Keyword Analyzer
6. Pattern Analyzer
7. Language Analyzer
8. Snowball Analyzer
9. Custom Analyzer

48. What is a Tokenizer in ElasticSearch?

Ans: A Tokenizer breakdown fields values of a document into a stream, and inverted indexes are created and updated using these values, and these stream of values are stored in the document.

49. What is a Filter in ElasticSearch?

Ans: A Filter is all about implementing some conditions in the query to reduce the matching result set. When we use a query in Elasticsearch, the query computes a relevance score for matching the documents. But in some situations, we don’t need relevance scores when the document falls in the range of two provided timestamps. 

So, for this yes/no criteria, we use Filters. We use Filters for matching particular criteria, and they are cacheable to allow faster execution. The Token filters receive a flow of tokens from a tokenizer, and they can change, add, and delete the tokens.

50. What is the query language of ElasticSearch?

Ans: Elasticsearch provides a query DSL(Domain Specific Language) on the basis of JSON for defining the queries. Query DSL contains two kinds of clauses:

1. Leaf Query Clauses: Leaf Query Clauses search for a specific value in a specific field, like the term, range, or match queries.
2. Compound Query Clauses: Compound Query Clauses enclose other compound or leaf queries, and we use them for logically combining queries.