Blog Detail

Covid-19 Tracker Ask Question

preview image Programming
by Anurag Srivastava, Sep 12, 2020, 3:58:55 PM | 9 minutes |

Elastic Stack Interview Questions

1) What is Elastic Stack?
Elastic Stack is a great tool to centralize logs from multiple sources, identify correlations, and perform the deep-data analysis. Elasticsearch is a search-and-analytics engine based on Apache Lucene that allows users to search and analyze large amounts of data in near real-time. Logstash can ingest and forward logs from anywhere to anywhere. Kibana is a dash-boarding tool with a user interface that allows us to query, visualize, and explore Elasticsearch data easily.
For more details please refer to the blog "Log analysis with Elastic stack".

2) What is Elasticsearch?
Elasticsearch is a full-text search engine that can be used as a NoSQL database and can be used as an analytics engine. It is easy to scale, schema-less, near real-time, and provides a restful interface for different operations. It is schema-less and uses an inverted index for data storage. Elasticsearch is created in Java and built on top of Lucene.
For more details please refer to the blog "Introduction to Elasticsearch".

3) What is Kibana?
Kibana is a dashboarding tool that works very closely with the Elasticsearch. Kibana can be used for different use cases, such as system monitoring and application monitoring. In a traditional monitoring system, you can monitor system performance, application logs, and so on. But with Kibana and Elastic Stack, we can do a lot of things, please refer to the below points:

  • We can create alerts for certain threshold values so that we can get alerts without doing a continuous monitoring
  • We can configure different Beats to monitor system metrics, database metrics, and log metrics, etc.
  • We can configure the APM to monitor the application metrics and any application related issues.
  • We can Configure the JDBC plugin of Logstash to pull RDBMS, CSV, or NoSQL data into Elasticsearch to make it available in Kibana for creating visualizations on different KPIs
  • We can use different third-party plugins that help us to get data from different sources. For example, we can use the Twitter plugin to get the Twitter feeds
  • We can apply machine learning on our data set to find any data anomaly or future trends by analyzing the current dataset
For more details please refer to the blog "Introduction to Kibana".

4) How to create the index pattern in Kibana?
The Elasticsearch data is not available automatically in Kibana and if we want to use the Elasticsearch index data then we need to create the index pattern in Kibana for the Elasticsearch index. Please refer to the following blog to understand how we can create the index pattern in Kibana.

5) What is Logstash?
Logstash is a data collection pipeline of Elastic Stack which is a utility to fetch data from different sources and send it to multiple sources. We can transform the data before sending it to the output. We can explain Logstash in the following points:

  • Data collection pipeline tool.
  • Gathers data from different sources.
  • A tool to collect, process, and forward events and log messages.
  • Data collection, enrichment, and transformation pipeline.
  • Configurable input and output plugins

6) What is Elastic Beat?
Beats are lightweight data shippers using which we can send data to Elasticsearch from remote servers. They can be used for special purposes like network data access, file data access, etc. There are many Elastic Beats like Filebeat, Metricbeat, Packetbeat, Heartbeat, etc.

7) What is Elastic APM?
Application Performance Monitoring (APM) is built on top of the Elastic Stack to monitor the application performance. APM is useful for the real-time monitoring of application and software services. It is quite simple to configure, as we only need to set up the APM agent for the application that we are using. As of now, the Elastic Stack supports APM agents for Java, .NET, Python's Django and Flask frameworks, RUM-JS, Node.js, Go, Ruby on Rails, Rack, and more. Once we configure the APM agent, it will start collecting various application-related information, such as HTTP requests, the response time for various requests, and database queries, and send this information to the APM Server. It also collects unhandled exceptions and errors; this is quite important information and using this, we can stabilize the application further.

8) List down different language clients that are supported in Elasticsearch.
Elasticsearch can be used in different applications as it has different language clients through which we can integrate it in any application. Some of the clients are as follows:
  • Java
  • PHP
  • Perl
  • Python
  • .NET
  • Ruby
  • JavaScript
  • Groovy

9) What is a cluster in Elasticsearch?
A cluster is a collection of one or more nodes (servers) that together holds your entire data and provides federated indexing and search capabilities across all nodes. A cluster is identified by a unique name which by default is "elasticsearch".

10) What is a node in Elasticsearch?
A node is a single server that is part of your cluster, stores your data, and participates in the cluster’s indexing and search capabilities. Just like a cluster, a node is identified by a name which by default is a random Universally Unique IDentifier (UUID) that is assigned to the node at startup. In a single cluster, you can have as many nodes as you want.

11) What is shard in Elasticsearch?
An index can potentially store a large amount of data that can exceed the hardware limits of a single node. To solve this problem, Elasticsearch provides the ability to subdivide your index into multiple pieces called shards. When you create an index, you can simply define the number of shards that you want. Each shard is in itself a fully-functional and independent "index" that can be hosted on any node in the cluster.

12) What is Elasticsearch REST API?
Elasticsearch provides extensive REST APIs to integrate, query, and manage the data. We can do many things using Elasticsearch REST APIs like:
  • Check our cluster, node, and index health, status, and statistics, etc.
  • Administer our cluster, node, and index data and metadata.
  • Perform CRUD (Create, Read, Update, and Delete) and search operations against our indexes.
  • Execute advanced search operations such as paging, sorting, filtering, scripting, aggregations, etc.

13) How can we create an index in Elasticsearch?

If we want to create an index. For example, create an index named blogs

PUT /blogs?pretty

In the above expression, we have provided pretty which displays the output in a pretty format.

14) How can we delete an index in Elasticsearch?

To delete the index, we can execute the following command:

DELETE /blogs?pretty

15) How can we create a document in Elasticsearch?
We can create a document in the index.
PUT /blogs/_doc/1?pretty
  "topic": "introduction to Elasticsearch"

16) How can we update a document in Elasticsearch?
We can replace the document by executing the same create document API:
PUT /blogs/_doc/1?pretty
  "topic": "introduction to Kibana"

17) How to delete a document in Elasticsearch?

We can delete a document from the index:

DELETE /blogs/_doc/1?pretty

In the above expression, we are deleting the document with id = 1

18) How can we search for any data in Elasticsearch?
We have basically two types of search APIs in Elasticsearch: 'request URI based' and 'request body-based'.  In REST request URI we use to pass the search criteria in the URL itself like:

GET /blogs/technical/_search?q=topic:kibana

In the REST request body, we use to construct the search block and write the search query inside the query block of Elasticsearch like:

GET /blogs/technical/_search
  "query": {
    "term": {

So the URI based search is quite a basic search where we just want to search a keyword whereas in the request body we can construct the complex queries. So we have the query language to work with request body based searches.

19) Does Elasticsearch support the schema?
By nature Elasticseach is schema-less and we can create any document without explicitly creating the schema. But Elasticsearch supports the schema definition and it is good to create the schema before indexing the documents. Elasticsearch automatically guesses the data type for the indexed document but the guess can always not be right so it is good to define the schema. 

20) What is Aggregation in Elasticsearch?
Aggregations provide us the option to group and extract statistics from our data. aggregations give the insight of our data and can be used for a wide range of problems like we can use Elasticsearch aggregations for creating a recommendation engine through which we can implement the recommendation system on any website.

Following is the syntax of aggregations:

"aggregationss|aggs" {
   "<name of aggregations>" : {
    "<type of aggregations>" : {
        <body of aggregations>

This is the simplest representation of Elasticsearch aggregations. Now let us see what is the meaning of each line of the example.

- The first line denotes the aggregation keyword where we can use "aggregations" or "aggs".
- In the second line, we need to specify a name for the aggregation.
- In the third line, we need to specify the type of aggregation like terms, etc.
- Then we need to specify the actual aggregation body.
For more detail please refer to the blog: Introduction to in Elasticsearch Aggregation

21) What is Metrics Aggregation?
Metrics aggregation is those aggregation where we apply different types of metrics on fields of Elasticsearch documents like min, max, avg, top, and stats, etc.
For more detail please refer to the blog: Metrics Aggregation in Elasticsearch

22) What is Bucket Aggregation?
Bucket aggregation is like a group by the result of the RDBMS query where we group the result with a certain field. In the case of Elasticsearch, we use to bucket data on the basis of certain criteria. In metrics aggregations, we can calculate metrics on a field while in the bucket we don't perform calculations but just create buckets with the documents which can be clubbed on the basis of certain criteria. In bucket aggregations, we can create sub aggregations.
For more detail please refer to the blog: Bucket Aggregation in Elasticsearch

Comments (0)

Leave a comment

Related Blogs

Create Sequence Diagrams using PlantUML

Jun 27, 2021, 12:50:31 PM | Anurag Srivastava

Improving your productivity on Linux Terminal

Nov 29, 2020, 5:16:40 PM | Anurag Srivastava

Introduction to Kibana

Aug 1, 2020, 6:19:45 PM | Anurag Srivastava

Create a Chess board in PHP

Mar 9, 2020, 8:45:41 AM | Rocky Paul

Handling Excel file using Python (Part 2)

Dec 31, 2019, 1:33:53 PM | Anurag Srivastava

Handling Excel file using Python (Part 1)

Dec 30, 2019, 11:20:08 AM | Anurag Srivastava

Top Blogs

Wildcard and Boolean Search in Elasticsearch

Aug 10, 2018, 7:14:40 PM | Anurag Srivastava

Elasticsearch REST APIs

Jul 31, 2018, 6:16:42 PM | Anurag Srivastava