What Is Elasticsearch?
Elasticsearch is a free and open-source search and analytic engine used to collect, manage, and analyze data.
Elasticsearch is a comprehensive tool that uses Apache Lucene to process text, numerical, structured, and unstructured geospatial data. Elasticsearch uses a simple and very powerful REST API that allows users to configure and manage it. When coupled with other tools such as Kibana and Logstash, it is one of the most popular real-time and Data Analysis Engines.
Once data is collected from sources like system logs, metrics, application data, etc., it gets added to Elasticsearch and indexed, allowing you to perform complex data queries and create summaries and informative dashboards using visualization tools like Kibana.
What Is Elasticsearch Index?
Having ironed out what Elasticsearch is, let’s talk about one of the most important things about Elastic: an index.
In Elasticsearch, an index refers to a collection of closely related documents in the form of JSON data. The JSON data correlates the keys with corresponding values to their keys.
Here’s an example of a JSON document:
"@timestamp": "2099-11-15T13:12:00",
"message": "GET /search HTTP/1.1 200 1070000",
"user": {
"id": "json_doc"
}
}
Elasticsearch indexes are in the form of an inverted index, which Elasticsearch search using full-texts. An inverted index works by listing all the unique words in any Elasticsearch document and accurately matches the document in which the word transpires.
The Inverted indexing feature provided by Elasticsearch also allows for real-time search and can be updated using the Elasticsearch indexing API.
How To Create An Index Alias
Elasticsearch exposes its services and functionality using a very Powerful REST API. Using this API, we can create an alias for an Elasticsearch Index.
What is an Index alias?
An Elastisearch index alias is a secondary name or identifier we can use to reference one or more indices.
Once you create an index alias, you can reference the index or indices in Elasticsearch APIs.
An example of an appropriate index would be indices that store system logs for apache. If you regularly query apache logs, you can create an alias for apache_logs, and query and update that specific index.
To create an alias for a particular index, we use the PUT request followed by the index’s path and the alias to create.
In REST, we use a PUT method to request the passed entity or value to get stored at the request URL. Simply put, an HTTP PUT method allows you to update information about a resource or create a new entry if none exists.
For this tutorial, I am assuming you have Elasticsearch installed, and you have an API client or a tool to send HTTP requests such as cURL.
Let us start by creating a simple index with no alias or parameters.
For simplicity, we will use cURL as we assume you have only installed Elasticsearch without Kibana. However, if you have Kibana installed or encounter errors when using curl, consider using the Kibana Console because it’s better suited for Elasticsearch API requests.
This command creates a simple index using default settings and returns the following.
“acknowledged”: true,
“shards_acknowledged”: true,
"index": "my_index"
}
Now that we have an index in Elasticsearch, we can create an alias using the same PUT request as:
We start by specifying the method, in this case, a PUT followed by the URL of the index to which we want to add an alias. The next is the API we want to use, in this case, the Index Alias API (_alias) followed by the name of the alias we want to assign to the index.
Here’s the cURL command for that:
This command should respond with 200 OK status and “acknowledged”:
“acknowledged”: true
}
You may also come across a method to add an alias to an index as:
{
"actions" : [
{ "add" : { "index" : "my_index", "alias" : "my_alias_1" } }
]
}
Using Elasticsearch index alias API, you can add, update and remove index aliases as you see fit.
How to Get Index Alias Info
When you create sophisticated aliases such as those filtered to a specific user, you might want to get information about the index. You can view the information using the GET method as:
Here is the cURL command:
This command will display the information regarding the alias. Since we have not added any information, it will typically resemble.
"my_index": {
"aliases": {
"my_alias_1": {}
}
}
}
Ensure that the alias exist to avoid getting a 404 error as shown below:
The result will be an “alias does not exist or missing” as:
"error": "alias [does_not_exist] missing",
"status": 404
}
How to Delete An Index Alias
To remove an existing alias from an index, we use the method we’ve used to add an alias but with a DELETE request instead. For example:
The equivalent cURL command is:
Elasticsearch should respond with 200 OK and acknowledged: true
“acknowledged”: true
}
There are other ways to update and remove aliases from an index in Elasticsearch. However, for simplicity, we have stuck with a single request.
Conclusion
In this simple tutorial, we have looked at creating an Elasticsearch index and then an alias. We have also covered how to delete an alias.
It’s worth noting that this guide is not the most definitive in the world; its purpose was to serve as a starter guide for creating Elasticsearch, not a comprehensive guide.
If you wish to learn more about the Elastic Index API, consider the resources below.
We also recommend having a basic knowledge of working with Elasticsearch and API; it will be of great help when working with the ELK stack.
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-add-alias.html

