Add to Chrome
Add to Edge
Add to Firefox
Add to Opera
Add to Brave
Add to SafariWhat is the best alternative to Visual Studio Code with Log Syntax Highlighting?
Top Pro
Top Con
Top Pro
Top Pro
Top Con
Top Pro
Top Pro
Top Pro
Top Pro
Top Pro
Top Pro
Top Pro
Top Pro
Elasticsearch gained its popularity amongst developers by being enjoyable to use. A simple feature comparison against it's competition doesn't convey the significant advantages of just how easy it is to work with. This is due to multiple design choices such as the use of JSON for the API and queries. See More
As a relatively new project, the documentation for ElasticSearch still leaves much to be desired. Documentation assumes that the user at least has familiarity with similar document stores, and is largely oriented toward those already familiar with other search solutions, such as Solr. Errors, while often quite simple to resolve, can be difficult to troubleshoot, as they are often insufficiently descriptive and missing from documentation. New users should be sure to check the tutorials section on elasticsearch.org for supplementary information lacking from the guide, such as more detailed installation instructions. See More
Search can be executed either using a simple, Lucene-based query string or using an extensive JSON-based search query DSL. By structuring the query as a JSON object you can be very explicit and can dictate exactly what ElasticSeach will return. A very basic example of a JSON query is: curl -XGET 'http://localhost:9200/blog/_search?pretty=true' -d '
{
"query" : {
"range" : {
"postDate" : { "from" : "2011-12-10", "to" : "2011-12-12" }
}
}
}' See More
Another area where ElasticSearch shines is its aggregations features. Similarly to facets (now deprecated), aggregations allow calculating and summarizing data of a query as it happens. Aggregations brings the ability to be nested and is broadly categorized as metrics aggregations and bucket aggregations. "aggregations" : {
"<aggregation_name>" : {
"<aggregation_type>" : {
<aggregation_body>
},
["aggregations" : { [<sub_aggregation>]* } ]
}
[,"<aggregation_name_2>" : { ... } ]*
} See More
The Sematex blog explains a problem with the way Elasticsearch handles its clusters, called the 'Split Brain Situation': Imagine a situation, where you cluster is divided into half, so half of your nodes don’t see the other half, for example because of the network failure. In such cases Elasticsearch will try to elect a new master in the cluster part that doesn’t have one and this will lead to creation of two independent clusters running at the same time. This can be limited with a small degree of configuration, but it can still happen. Users have already run into this problem in production and ElasticSearch host Bonsai also have had issues with this problem as recently as March 2012. See More
The one area where Elasticsearch shines is distributed search. It was built from the ground up to be suitable for high-scale 'cloud' applications. There are many features Elasticsearch has as a result of being designed to be distributed that aren't currently available in Solr, such as: Shards and replicas can to moved to any node in the cluster on demand. With a simple API call you can increase and decrease the number of replicas without the need of shutting down nodes or creating new nodes. Manipulate shard placement with the cluster reroute API on a live cluster. Search across multiple indexes. Change the schema without restarting the server. Automatic shard rebalancing Elasticsearch also has a module called Gateway, that in the case of the whole cluster crashing or being taken down will enable you to easily restore the latest state of the cluster when it gets back up. Services such as Bonsai further simplify scaling Elasticsearch by hosting and scaling the search servers for you, making it nearly as easy to get started as CloudSearch or Searchify. Elasticsearch was also specifically designed to run well and be relatively easy to setup on EC2. See More
Elasticsearch has a REST API for management and configuration. The following are the main features of this API: Index Management: Create, delete, close and open indices by running a simple HTTP command. Increase and decrease the number of replicas without the need of shutting down nodes or creating new nodes. Manipulate shard placement with the cluster reroute API. Move shards between nodes, we can cancel shard allocation process and we can also force shard allocation – everything on a live cluster. Check index and types existence Configuration: Majority of configuration files can be modified dynamically. Update Mappings Define, retrieve and manage warning queries Shut down the entire cluster or a specific node Clear caches on the index level This is all done over JSON, making it a lot more structured then the methods used in Solr. See More
Elasticsearch makes it easy to get started by not requiring you to define a schema before sending documents to be indexed. Elasticsearch will automatically guess field types for you, which although will not be as accurate as creating the mappings manually, is usually pretty accurate. Elasticsearch also lets you manually define the mappings (index structure) before creating the index. One cool feature is if you miss a field or add a new field without defining the mapping, Elasticsearch will try to guess the Type for you. See More
ElasticSearch natively handles a nested document structure. ElasticSearch will index nested documents as a separate indexes and are stored in such a way that allow quick join operations to access them. Nested documents require a nested query to access so that don't clutter results from standard queries. See More
Alerts can be created based on tags or by setting criteria via the intuitive and powerful search capabilities of LogEntries. To not flood notifications it's possible to specify limitations for alerts, such as how many times an hour an event has to happen for it to trigger a notification. Notifications can be sent by email, mobile messaging or via webhooks (webhooks are sent server in real-time, so there's no need for polling for changes). See More
In Live Tail mode events and searches update in real-time. Live Tail mode can be used in Aggregate View, that allows selecting a combination of logfiles to be viewed together, and with any log groups created. These events are supplemented with tags to allows getting an overview of current events quickly at a glance. See More
LogEntries allows each logfile to have a separate dashboard of various graphs & widgets put together for visualizing data. A dashboard is put together by dragging & dropping graphs and widgets into place. Graphs and widgets include charts, tables, gauges, event counts among other forms of data visualization. See More
LogEntries has human readable, intuitive and powerful search with support for logical expressions, comparison expressions, regular expressions and ability to search based on field, group based on approximations over time, use functions such as count, sum, average and unique as well as save searches. See More