What are aliases in elasticsearch for?

Aliases are basically created to group a set of indices and make them accessible regarless the name they have. Is a pointer to a set of indices. You can also apply a query/condition to all of these indices. It is very useful when performing queries or creating dashboards over the same group of indices all the time. In addition, if in the future you change the name of the indices that are part of an alias, the end users will not notice that change since it is for transparent for them and you will only update the pointer.


aliases are like soft links or shortcuts to actual indexes

the advantage is to be able to have an alias pointing to index1a while building or re-indexing on index2b and the moment of swapping them is atomic thanks to the alias, to which all code should point

Renaming an alias is a simple remove then add operation within the same API. This operation is atomic, no need to worry about a short period of time where the alias does not point to an index:

[EDIT] as pointed out @wholevinski aliases have other functionalities like:

Multiple indices can be specified for an action ...

all the info is in the page you have linked

[EDIT2] more on why the need/benefit of the atomicity

the key being "zero downtime" https://en.wikipedia.org/wiki/Zero_unscheduled_downtime or https://en.wikipedia.org/wiki/High_availability

https://www.elastic.co/guide/en/elasticsearch/guide/current/index-aliases.html

We will talk more about the other uses for aliases later in the book. For now we will explain how to use them to switch from an old index to a new index with zero downtime.


@arhak covered the topic pretty well. One use case that (at least) made me understand the value of indices was the need to remove out-of-date documents and more specifically when using time-based-indices.

For example, you need to keep the logs of an application for at least one year. You decide to use time-based-indices, meaning you save into indices with the following format: 2018-02-logs, 2018-03-logs etc.. In order to be able to search in every index you create the following alias:

POST /_aliases
{
 "actions": [{ 
     "add": {
          "alias": "current-logs", "indices": [ "2018-02-logs","2018-03-logs" ]
        }  
  }]
}

And query like:

GET /current-logs/_search

Another advantage is that you can delete the out-of-date values very easily:

POST /_aliases
{
  "actions": [

      { "remove": { "alias": "current-logs",  "index": "logs_2018-01" }}
  ]
}

and DELETE /logs_2018-01

Tags:

Elasticsearch

Recent Posts