Elasticsearch

The distributed full-text search and analytics engine.

Service #search#analytics#logging#elk#full-text

Elasticsearch is a distributed, RESTful search and analytics engine built on Apache Lucene. It powers search bars, log aggregation (ELK stack), product catalogs, security analytics, and observability tooling at companies of every size. Pier deploys a single-node configuration suitable for development, testing, and small-to-medium production workloads.

Deploy with Pier

1 Open the Pier dashboard and click Add service.
2 Pick Elasticsearch from the template list.
3 Choose the version, set a service name, and Pier provisions the container, storage, and ports automatically.
4 Attach a domain if you want HTTPS. Traefik auto-provisions the Let's Encrypt certificate.

What is Elasticsearch?

Elasticsearch is the most-deployed full-text search and analytics engine in the world. It started in 2010 as a distributed wrapper around Apache Lucene and has grown into the foundation of the modern logging/observability stack (the “E” in ELK + EFK), security analytics (SIEM), and search-driven applications across every industry.

Its trick: store JSON documents in shards, build inverted indexes for keyword search, build dense-vector indexes for semantic search, and expose everything via a JSON REST API. Aggregations turn it into a real-time analytics engine. Auto-completion, fuzzy matching, multi-language analyzers, and synonyms make it the search-bar engine for many e-commerce sites and SaaS products.

How Pier deploys it

Pier uses the official docker.elastic.co/elasticsearch/elasticsearch image (current version latest is 8.x or 9.x depending on release date). Default port is 9200/tcp internally. The data volume mounts at /usr/share/elasticsearch/data.

A strong elastic user password is auto-generated. Security (HTTPS + basic auth) is enabled by default in Elasticsearch 8+; you can disable for internal dev use via xpack.security.enabled=false env override.

For visualization, deploy the elasticsearch-kibana template which bundles Elasticsearch + Kibana with the right env wiring. For production clusters with 3+ nodes, you’ll need to manually orchestrate — Pier’s single-container template targets dev and small prod.

When NOT to use Elasticsearch

For log-heavy observability at scale — ClickHouse stores logs 10× cheaper. For pure product-catalog search — Meilisearch or Typesense are lighter and easier to operate. For tiny deployments — Postgres full-text search with tsvector and a GIN index is often enough. Elasticsearch shines when you need search + analytics + aggregations + vector search in one engine.

Key features

Full-text search on steroids

Inverted indexes, BM25 ranking, fuzzy matching, autocompletion (edge n-grams), synonyms, multi-language analyzers. Query in JSON DSL or Lucene syntax.

Distributed by design

Shards (horizontal partitioning) and replicas (redundancy) built into the data model. Scales linearly across nodes; clusters of 100+ nodes are routine.

Aggregations & analytics

GROUP BY, percentiles, histograms, geo-spatial aggregations, pipeline aggregations — Elasticsearch doubles as a real-time analytics engine over JSON documents.

ES|QL query language

ES|QL (8.11+) adds a piped, SQL-like syntax for ad-hoc exploration. Lower barrier than Query DSL for newcomers.

Vector search

Native dense vector field and HNSW indexing since 8.0. RAG and semantic search workloads — alongside classic BM25 in a single hybrid query.

Ecosystem

Kibana for visualization, Logstash for ingest pipelines, Beats for lightweight shippers, official clients for Java/JS/Python/Go/Ruby/PHP/.NET/Rust.

Use cases

Application & log search

The "E" in ELK. Beats / Fluent Bit / Vector ship logs from your apps; Elasticsearch indexes; Kibana visualizes. Default observability stack at thousands of orgs.

Product catalog search

Faceted navigation, typo tolerance, synonyms, weighted boosts, recommendations. The search bar in your e-commerce site.

Security analytics (SIEM)

Elastic Security uses Elasticsearch as the SIEM backbone. Detection rules, behavioral analytics, threat hunting.

Vector + lexical hybrid search

Combine BM25 keyword matching with dense vector similarity. Best-of-both for RAG over enterprise documents.

Real-time business metrics

Aggregations over JSON-shaped event data give sub-second analytics — sales by region, sessions by device, etc.

Code examples

Index a document bash

curl -X POST "elasticsearch:9200/products/_doc" -H 'Content-Type: application/json' -d '{
  "name": "iPhone 17 Pro",
  "category": "phones",
  "price": 1299,
  "in_stock": true,
  "tags": ["apple", "5g", "flagship"]
}'

Full-text + filter search bash

curl -X POST "elasticsearch:9200/products/_search" -H 'Content-Type: application/json' -d '{
  "query": {
    "bool": {
      "must":   [{ "match": { "name": "iphone" } }],
      "filter": [{ "term":  { "in_stock": true } }, { "range": { "price": { "lte": 1500 } } }]
    }
  },
  "aggs": {
    "categories": { "terms": { "field": "category" } }
  }
}'

ES|QL ad-hoc query sql

FROM logs-*
| WHERE @timestamp > NOW() - 24 HOURS
| STATS count = COUNT(*) BY service.name
| SORT count DESC
| LIMIT 20

Dense vector search (kNN) bash

curl -X POST "elasticsearch:9200/products/_search" -d '{
  "knn": {
    "field": "embedding",
    "query_vector": [0.1, 0.2, ...],
    "k": 10,
    "num_candidates": 100
  }
}'

How it compares

vs OpenSearch	OpenSearch is the Apache 2.0 fork of Elasticsearch (post-7.10 license change), maintained by AWS + the community. APIs are highly compatible. Pick OpenSearch if you want strict OSS; Elasticsearch for the latest features.
vs ClickHouse	ClickHouse is 10× cheaper at storing structured log data and faster for aggregations. Elastic wins on full-text search and ad-hoc JSON queries. Many observability stacks moved logs from Elastic to ClickHouse but kept Elastic for search.
vs Algolia / Typesense	Algolia is a hosted SaaS — fast, polished, expensive. Typesense is OSS and lighter. Elasticsearch is heavier but covers analytics + log search beyond pure full-text.
vs Meilisearch	Meilisearch is a focused, modern full-text engine — simpler than Elastic, easier to operate. Pick Meili for product-catalog search; Elastic for "everything search + analytics."

Frequently asked questions

License situation?

Elasticsearch was relicensed from Apache 2.0 to dual SSPL/Elastic License in 2021. SSPL restricts offering Elasticsearch as a managed service. For your own application or internal logs, you're fine — Pier deploys the official Elastic image.

Memory requirements?

Elasticsearch is JVM-based and memory-hungry. Minimum 2 GB RAM in the container; 4 GB+ for production. Configure `ES_JAVA_OPTS=-Xms2g -Xmx2g` to control heap.

Single-node or cluster?

Pier's Elasticsearch template runs single-node by default (suitable for dev/test/small prod). For production clusters, you typically want 3+ master-eligible nodes — outside the scope of this single-container template.

Security / auth?

Elasticsearch 8 enables HTTPS + basic auth by default. Pier generates the elastic user password and shows it on the service page. Disable TLS via `xpack.security.enabled=false` in dev only.

How do I connect Kibana?

Use the `elasticsearch-kibana` template — bundles ES + Kibana with the right env wiring.

Indices vs Data Streams?

For time-series data (logs, metrics), use Data Streams + ILM (Index Lifecycle Management) for automatic rollover. For document collections (products, articles), use plain indices.

Backup strategy?

Use Snapshot Repositories — configure S3 as a repository and run scheduled snapshots. Restore is a single API call.

Related services

Deploy on your VPS

Deploy this service →