Index basics

An index is the fundamental unit of storage in Elasticsearch: a collection of documents identified by a unique name or an alias. This name is used to target the index in search requests and other operations.

This page explains the core parts of an index (documents, metadata fields, and mappings) and highlights common design decisions for working with indices.

Tip

A closely related concept is a data stream, which is optimized for append-only timestamped data and backed by hidden, auto-generated indices.

Index components

Understanding these components helps you design indices that are easier to query, scale, and manage.

Documents

Elasticsearch serializes and stores data in the form of JSON documents. A document is a set of fields, which are key-value pairs that contain your data. Each document has a unique ID, which you can create or have Elasticsearch auto-generate.

A simple Elasticsearch document might look like this:

		{
  "_index": "my-first-elasticsearch-index",
  "_id": "DyFpo5EBxE8fzbb95DOa",
  "_version": 1,
  "_seq_no": 0,
  "_primary_term": 1,
  "found": true,
  "_source": {
    "email": "john@smith.com",
    "first_name": "John",
    "last_name": "Smith",
    "info": {
      "bio": "Eco-warrior and defender of the weak",
      "age": 25,
      "interests": [
        "dolphins",
        "whales"
      ]
    },
    "join_date": "2024/05/01"
  }
}
		
	

Metadata fields

An indexed document includes both source data and metadata. Metadata fields are system-managed fields that describe the document and how Elasticsearch stores it. In Elasticsearch, metadata fields are prefixed with an underscore. For example:

_index: The name of the index where the document is stored.
_id: The document's ID. IDs must be unique per index.

Mappings and data types

Each index has a mapping that defines field types and indexing behavior. Mappings determine how fields are stored, queried, and aggregated.

Common index design decisions

When working with indices, you typically make decisions that focus on:

Naming and aliases: Use clear index naming patterns and aliases to simplify query targets and support index changes with minimal disruption.
Mapping strategy: Use dynamic mapping for speed when exploring data, and explicit mappings for production use cases where field control and query behavior matter.
Index or data stream: Use a regular index when you need frequent updates or deletes. Use a data stream for append-only timestamped data such as logs, events, and metrics.

Next steps

After learning index fundamentals, choose the management path that fits your workflow:

Perform operations on indices: Run common index operations from the Manage index menu.
Index management: Navigate the full Index Management experience in Kibana.
Manage data from the command line: Manage indices and documents with the Elasticsearch REST API.