Organizations are collecting an ever-increasing amount of data from numerous sources such as log systems, click streams, and connected devices. Launched in 2009, Elasticsearch —an open-source analytics and search engine— has emerged as a popular tool for real-time analytics and visualization of data. Some of the most common use cases include risk assessment, error detection, and sentiment analysis. However, as data volumes and applications grow, managing Elasticsearch clusters can consume significant IT resources while adding little or no differentiated value to the organization. Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS Cloud. Amazon ES offers the benefits of a managed service, including cluster provisioning, easy configuration, replication for high availability, scaling options, data durability, security, and node monitoring. This session presents a technical deep dive on Amazon ES. Attendees learn: Common challenges with real-time data analytics and visualization and how to address them; the benefits, reference architecture, and best practices for using Amazon ES; and data ingestion options with Amazon DynamoDB, AWS Lambda, and Amazon Kinesis.
3. What to Expect from the Session
• Context: Managing your growing data
• Introducing Amazon Elasticsearch Service (Amazon ES)
• Configuring, securing, connecting, monitoring, and
scaling your Amazon ES cluster
8. “Big data is not about the data”
- Gary King, Harvard University, making the point that while data is
plentiful and easy to collect, the real value is in the analytics.
9. So what can you do with all this data?
• Share information
• Extract insight
• Recognize patterns
• Track performance
Ultimately, make better business,
technical, and operational decisions
10. Scenario 1: Full-text search
Knowledge Sharing Systems
• Your team is constantly generating
content
• You are tasked with making this
knowledge base searchable and
accessible
• You need key search features including
text matching, faceting, filtering, fuzzy
search, auto complete, and highlighting
11. Scenario 2: Streaming data analytics
Intrusion detection
• You have to protect your system from
attacks
• You need easy to use, yet powerful
analytics and data visualization tools to
detect issues in near real-time
• Easy and flexible data ingestion is
important to capture information from a
variety of key data sources
12. Scenario 3: Batch data analytics
Usage Monitoring
• You are a mobile app developer
• You have to monitor/manage users
across multiple app versions
• You want to analyze and report on
usage and migration between app
versions
14. How Elasticsearch can help
A powerful, real-time, distributed, open-source search and
analytics engine:
• Built on top of Apache Lucene
• Schema free
• Developer friendly RESTful API
15. How Elasticsearch can help
Combined with Logstash and Kibana, the ELK stack
provides a tool for real-time analytics and data visualization
16. Operating Elasticsearch is time-consuming
“Elasticsearch allows us to easily and quickly build bleeding edge big data
and analytics applications using the ELK stack. By offering direct access
to the Elasticsearch API while offloading administrative tasks, Amazon
Elasticsearch Service gives us the manageability, flexibility and control we
need ”
Sean Curtis,
SVP Engineering at Major League
Baseball Advanced Engineering
17. Introducing Amazon Elasticsearch Service
Amazon Elasticsearch Service is
a managed service from AWS that
makes it easy to set up, operate,
and scale Elasticsearch clusters
in the cloud.
18. Key benefits
Easy cluster
creation and
configuration
management
Support for ELK Security with AWS
IAM
Monitoring with
Amazon
CloudWatch
Auditing with AWS
CloudTrail
Integration options
with other AWS
services
(CloudWatch Logs,
Amazon
DynamoDB,
Amazon S3,
Amazon Kinesis)
28. Data partitioning for search
Shard 1 Shard 2
{
{
Id Id Id . . .
Documents
Index
• Document: The unit of search
• ID: Unique identifier, one per
document
• Field: Documents comprise a
collection of fields
• Shard: An instance of Lucene with
a portion of an index
• Index: A collection of data
29. Deployment of indices to a cluster
• Index 1
• Shard 1
• Shard 2
• Shard 3
• Index 2
• Shard 1
• Shard 2
• Shard 3
Amazon ES cluster
1
2
3
1
2
3
1
2
3
1
2
3
Primary Replica
1
3
3
1
Instance 1
2
1
1
2
Instance 2
3
2
2
3
Instance 3
30. Instance type recommendations
Instance Workload
T2 Entry point. Dev and test. OK for dedicated masters.
M3 Equal read and write volumes. Up to 5 TB of storage with EBS.
R3 Read-heavy or workloads with high query demands (e.g.,
aggregations).
I2 Up to 16 TB of SSD instance storage.
41. Loading data using Lambda
Amazon
Lambda
Amazon
Elasticsearch
Service
Amazon S3
DynamoDB
Amazon
Kinesis
42. Lambda code snippet (node.js) for upload
var AWS = require('aws-sdk');
var creds = new AWS.EnvironmentCredentials('AWS');
function postDocumentToES(doc, context) {
var req = new AWS.HttpRequest(endpoint);
var signer = new AWS.Signers.V4(req, 'es');
signer.addAuthorization(creds, new Date());
var send = new AWS.NodeHttpClient();
send.handleRequest(req, null, function(httpResp)...
https://github.com/awslabs/amazon-elasticsearch-lambda-samples
47. What should I monitor?
• FreeStorageSpace – monitor and alarm before the
cluster runs out of space
• CPUUtilization – alarm at 80% CPU to signal the need to
scale up
• ClusterStatus.yellow – check whether replication
requires additional nodes
• JVMMemoryPressure – check instance type and count
for sufficient resources
• MasterCPUUtilization – monitoring for master nodes is
separated from data nodes
52. Taking manual snapshots
Register the bucket
curl -XPUT http://<endpoint>/_snapshot/<repo-name>
-d '{"type":"s3",
"settings": {
"bucket":"<bucket>",
"region":"<region>",
"role-arn":"<arn>"}}'
Take a snapshot
curl -XPUT http://<endpoint>/_snapshot/<repo-name>/snapshot1
Snapshot time is proportional to size.
59. Pay for compute and storage you use
With Amazon Elasticsearch Service, you pay only for the
compute and storage resources you use. AWS Free Tier for
qualifying customers.
60. Amazon Elasticsearch Service is publicly available now!
• us-east-1
• us-west-1
• us-west-2
• eu-west-1
• eu-central-1
• ap-southeast-1
• ap-southeast-2
• ap-northeast-1
• sa-east-1
You can use Amazon Elasticsearch Service in these regions:
61. Wrap up
1. Elasticsearch is a tool for full-text search, analysis, and
visualization of time series data that helps you get the
most out of your growing data set
2. Amazon Elasticsearch Service makes it easy to deploy
and manage an Elasticsearch cluster in the AWS cloud
3. Amazon Elasticsearch Service is a drop-in replacement
for your existing Elasticsearch cluster