The Elasticsearch data store

Elasticsearch is a distributed search and analytics engine, scalable data store, and vector database built on Apache Lucene.

This section describes the Elasticsearch data storage model, from indices as the foundational unit to mappings, templates, and higher-level abstractions that define data organization and access.

Learn about the core storage concepts in Elasticsearch.

• Index basics: Learn about index fundamentals, including index naming and aliases, document structure, metadata fields, and mappings.
• Data streams: Learn when to use data streams for timestamped and append-only time series data, like logs, events, or metrics. You work with one stream name while Elasticsearch manages multiple backing indices behind the scenes.
• Near real-time search: Understand how Elasticsearch makes newly indexed data searchable within seconds of indexing.

Control how Elasticsearch indexes, maps, and analyzes your data.

• Mapping: Define how documents and their fields are stored and indexed. Choose between dynamic mapping for automatic field detection and explicit mapping for full control over field types and indexing behavior.
• Text analysis: Configure how unstructured text is converted into a structured format optimized for full-text search, including tokenization, normalization, and custom analyzers.
• Templates: Define reusable index configurations including settings, mappings, and aliases that are automatically applied when new indices or data streams are created.
• Aliases: Create named references that point to one or more indices or data streams, enabling zero-downtime reindexing and simplified query targeting.

Work with your indices and data using the Kibana UI or the Elasticsearch REST API.

• Index management: Use Kibana's Index Management page to view and manage your indices, data streams, templates, component templates, and enrich policies.
• Manage data from the command line: Index, update, retrieve, search, and delete documents using curl and the Elasticsearch REST API.