Elasticsearch Core Concepts
Before writing a single query, you need to understand the building blocks of Elasticsearch. These five concepts form the mental model you will use every day.
The City Analogy
Imagine a city with neighborhoods, buildings, apartments, and residents. Elasticsearch organizes data exactly the same way:
City = Elasticsearch Cluster Neighborhood = Index Building = Shard (internal storage unit) Apartment = Document Resident Info = Field (inside a document)
Concept 1: Document
A document is a single unit of data — like one row in a spreadsheet, but stored as JSON.
{
"id": 1,
"name": "Alice",
"job": "Engineer",
"city": "Delhi"
}
Each document lives inside an index. Every document gets a unique ID, which Elasticsearch uses to find or update it later.
Concept 2: Index
An index is a collection of documents of the same type — similar to a table in a database. A company might have an index called employees that holds all employee documents, and another index called products that holds all product documents.
Index: employees
┌────────────────────────────────┐
│ Doc 1: { name: "Alice", ... } │
│ Doc 2: { name: "Bob", ... } │
│ Doc 3: { name: "Carol", ... } │
└────────────────────────────────┘
Concept 3: Field
A field is one key-value pair inside a document. In the employee example above, name, job, and city are all fields. You can search, filter, and sort on any field.
Concept 4: Mapping
Mapping tells Elasticsearch what data type each field holds — text, number, date, or boolean. Think of it as the column definitions in a spreadsheet.
| Field | Type | Meaning |
|---|---|---|
| name | text | Searchable string, broken into words |
| age | integer | Whole number, good for range filters |
| salary | float | Decimal number |
| hire_date | date | Supports date range queries |
| is_active | boolean | true or false |
Concept 5: Node and Cluster
A node is one running instance of Elasticsearch — one machine or server. A cluster is a group of nodes working together. They share data and respond to queries as a team.
+---------------------+ | CLUSTER | | +---------+ | | | Node A | <-- stores some data | +---------+ | | +---------+ | | | Node B | <-- stores some data | +---------+ | | +---------+ | | | Node C | <-- backup copies | +---------+ | +---------------------+
When Node A fails, Node B and Node C still answer queries. No data is lost.
How the Concepts Connect
CLUSTER
└── INDEX (employees)
├── DOCUMENT 1 { name: "Alice", age: 30 }
│ ├── Field: name = "Alice"
│ └── Field: age = 30
└── DOCUMENT 2 { name: "Bob", age: 25 }
├── Field: name = "Bob"
└── Field: age = 25
Inverted Index: The Secret to Speed
When you add a document, Elasticsearch does not just save it. It builds an inverted index — a lookup table that maps every word to the documents containing it.
Documents: Doc 1: "fast red car" Doc 2: "slow blue car" Doc 3: "fast blue boat" Inverted Index: "fast" --> Doc 1, Doc 3 "red" --> Doc 1 "car" --> Doc 1, Doc 2 "slow" --> Doc 2 "blue" --> Doc 2, Doc 3 "boat" --> Doc 3
When you search for "fast car," Elasticsearch looks up both words, finds the matching document IDs, and returns Doc 1 instantly — without scanning every document one by one.