Index=table/collection of docs.
Document=One JSON record inside an index.
{
"id": "IMP123",
"event": "UE107348",
"name": "Service A",
"customer": [...]
}Field=A property inside a document.
event
name
customer.customerName
customer.billAmountMapping=Schema of the index. Defines field types:
| Type | Used for |
|---|---|
| text | Full text search |
| keyword | Exact match, sorting, grouping |
| double, integer, long | Numeric sort/range/aggregation |
| date | Date filter/sort |
| nested | Array of objects where each object must stay logically separate |
text vs keyword
text is analyzed/tokenized.
Good for search:
"Gold Customer" -> "gold", "customer"keyword is exact.
Good for:
- exact match
- grouping
- sorting
- aggregations
"customerName": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
}Use:
customerName -> search text
customerName.keyword -> exact match/group/sortQuery
Filters/selects documents.
Example:
{
"query": {
"term": {
"event.keyword": {
"value": "UE107348"
}
}
}
}This means:
Find documents where event exactly equals UE107348term vs match
| Query | Use for |
|---|---|
| term | Exact value match, usually on keyword, numbers, ids |
| match | Text search on analyzed text fields |
| range | Numeric/date range |
| bool | Combine multiple conditions |
Example bool:
{
"bool": {
"must": [
{ "term": { "event.keyword": "UE107348" } },
{ "term": { "customer.customerId": "CUST1" } }
]
}
}Hits
Normal search results.
size
Controls how many normal documents are returned.
If you run a query with size: 10, OpenSearch returns 10 matching documents in hits.
Good for:
- search results
- document pagination
{
"size": 10
}Means return 10 hits.
size: 0
Means:
Do not return documents, only return aggregations.Useful when you only need counts/groups/summaries.
from + size
Document pagination.
{
"from": 100,
"size": 20
}Means:
Return documents 101-120Works well for hits/documents.
Does not directly paginate aggregation buckets.
Aggregation
Groups/summarizes documents.
Like SQL GROUP BY.
Examples:
| Aggregation | Meaning |
|---|---|
| terms | Group by exact field |
| max | Max numeric value |
| min | Min numeric value |
| value_count | Count values |
| top_hits | Return sample documents inside a bucket |
| nested | Enter nested object array |
| reverse_nested | Go back from nested object to parent document |
terms aggregation
Group by field.
{
"terms": {
"field": "customer.customerName.keyword",
"size": 100
}
}Means:
Group matching data by customer name and return top 100 bucketsMetric aggregation
Calculates value per bucket.
Example:
"customer_bill_amount": {
"max": {
"field": "customer.billAmount"
}
}Means:
For each customer bucket, calculate max bill amountUsed so buckets can be sorted by bill amount.
Bucket sorting
Example:
"order": [
{ "customer_bill_amount": "desc" }
]Means:
Sort customer buckets by bill amount descendingnested
Needed when field is an array of objects.
Example:
"customer": [
{
"customerId": "C1",
"billAmount": 100
},
{
"customerId": "C2",
"billAmount": 500
}
]Without nested, OpenSearch can mix values from different array objects incorrectly.
Nested keeps each customer object separate.
nested query
Search inside nested object.
{
"nested": {
"path": "customer",
"query": {
"term": {
"customer.customerId": "C1"
}
}
}
}Means:
Find impact docs where one nested customer has customerId C1nested aggregation
Aggregate inside nested object.
{
"nested": {
"path": "customer"
}
}Means:
Go into the customer nested array and aggregate customer rowstop_hits
Returns actual documents/objects inside an aggregation bucket.
Example:
"customer_details": {
"top_hits": {
"size": 1
}
}Means:
For each customer bucket, return one sample hit to get detailsCaution:
- top_hits inside many buckets can become expensive.
- Inner result size limits apply.
Scoring
OpenSearch gives _score when doing relevance search.
Useful for:
- text search
- fuzzy search
- best match ranking
-------------
GET _cat/indices?v
GET _cat/indices/abcIndex-*?v
GET abcIndex/_mapping , _settings
indexes version - actual index
without version - alias that points to above
