Elasticsearch Cheat Sheet

Updated 2026-04-29

Next Topic: Firebase Realtime Database Cheat Sheet

Elasticsearch is an open-source, distributed search and analytics engine built on Apache Lucene, offering full-text search, log analytics, vector/semantic search, and real-time data analysis across petabyte-scale datasets. At its core, Elasticsearch uses an inverted index that maps terms to documents, enabling sub-second query responses even across billions of records. Since version 8.x the platform has expanded rapidly into AI-powered search — introducing the semantic_text field, ELSER sparse vectors, BBQ quantization, and a dedicated ES|QL piped query language that is now production-ready. Understanding how queries interact with mappings, analyzers, aggregations, and the new inference layer is essential: a poorly designed mapping or analyzer can turn a millisecond query into a multi-second timeout.

What This Cheat Sheet Covers

This topic spans 16 focused tables and 205 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Core Query TypesTable 2: AggregationsTable 3: Text Analysis ComponentsTable 4: Mapping and Field TypesTable 5: Index ManagementTable 6: Index Lifecycle Management (ILM)Table 7: Cluster and Node ConfigurationTable 8: Search Features and RelevanceTable 9: AI Search and Semantic SearchTable 10: Ingest and Data ProcessingTable 11: Security and Access ControlTable 12: Monitoring and OperationsTable 13: Advanced FeaturesTable 14: ES|QL (Elasticsearch Query Language)Table 15: ELK Stack IntegrationTable 16: Performance Tuning

Table 1: Core Query Types

Query	Example	Description
match query	`{"query": {"match": {"title": "search"}}}`	• Full-text search with analysis and relevance scoring • automatically tokenizes and analyzes input • default query for text fields.
term query	`{"query": {"term": {"status.keyword": "active"}}}`	• Exact match for non-analyzed fields (keyword, IDs, enum values) • case-sensitive • no analysis applied • fastest for structured data.
bool query	`{"query": {"bool": {"must": [...], "should": [...], "filter": [...]}}}`	• Combines queries with boolean logic • `must` scores + requires; `filter` requires without scoring (cached); `should` boosts; `must_not` excludes.
range query	`{"query": {"range": {"age": {"gte": 18, "lt": 65}}}}`	• Matches documents with field values within a range • supports `gte`, `gt`, `lte`, `lt` • works with numbers, dates, and text.
multi_match query	`{"query": {"multi_match": {"query": "search", "fields": ["title^2", "body"]}}}`	• Searches across multiple fields simultaneously • supports field boosting with `^` • types: `best_fields`, `most_fields`, `cross_fields`.
match_phrase query	`{"query": {"match_phrase": {"content": "quick brown fox"}}}`	• Searches for exact phrase in specified order • terms must appear consecutively • supports `slop` for proximity matching.
fuzzy query	`{"query": {"fuzzy": {"text": {"value": "elasticsearch", "fuzziness": "AUTO"}}}}`	• Handles typos and misspellings using Levenshtein edit distance • `fuzziness` can be 0, 1, 2, or AUTO.
query_string query	`{"query": {"query_string": {"query": "title:elasticsearch AND status:published"}}}`	• Supports full Lucene query syntax with AND, OR, NOT operators and field-specific searches • powerful but fragile on user input.

Table 1: Core Query Types

Query	Example	Description
match query	`{"query": {"match": {"title": "search"}}}`	• Full-text search with analysis and relevance scoring • automatically tokenizes and analyzes input • default query for text fields.
term query	`{"query": {"term": {"status.keyword": "active"}}}`	• Exact match for non-analyzed fields (keyword, IDs, enum values) • case-sensitive • no analysis applied • fastest for structured data.
bool query	`{"query": {"bool": {"must": [...], "should": [...], "filter": [...]}}}`	• Combines queries with boolean logic • `must` scores + requires; `filter` requires without scoring (cached); `should` boosts; `must_not` excludes.
range query	`{"query": {"range": {"age": {"gte": 18, "lt": 65}}}}`	• Matches documents with field values within a range • supports `gte`, `gt`, `lte`, `lt` • works with numbers, dates, and text.
multi_match query	`{"query": {"multi_match": {"query": "search", "fields": ["title^2", "body"]}}}`	• Searches across multiple fields simultaneously • supports field boosting with `^` • types: `best_fields`, `most_fields`, `cross_fields`.
match_phrase query	`{"query": {"match_phrase": {"content": "quick brown fox"}}}`	• Searches for exact phrase in specified order • terms must appear consecutively • supports `slop` for proximity matching.
fuzzy query	`{"query": {"fuzzy": {"text": {"value": "elasticsearch", "fuzziness": "AUTO"}}}}`	• Handles typos and misspellings using Levenshtein edit distance • `fuzziness` can be 0, 1, 2, or AUTO.
query_string query	`{"query": {"query_string": {"query": "title:elasticsearch AND status:published"}}}`	• Supports full Lucene query syntax with AND, OR, NOT operators and field-specific searches • powerful but fragile on user input.