# ElasticSearch

**Introduction**

* Managed version of ElasticSearch (ES)
* Needs to run on servers (not a serverless offering)
* Use case:
  * Log analytics
  * Realtime application monitoring
  * Security analytics
  * Fulltext search
  * Clickstream analytics
  * Indexing

**Feature**

* ELK stack
  * ElasticSearch
    * Provide search and indexing capability
  * Kibana
    * Provide realtime dashboards on top of the data that sits in ES
    * Alternative to CloudWatch dashboards (more advanced capabilities)
  * Logstash
    * Log ingestion mechanism, use the "Logstash Agent"
    * Alternative to CloudWatch Logs (you decide on retention and granularity)
* Scenario
  * ElasticSearch for DynamoDB
    * DynamoDB enables DynamoDB Stream to trigger Lambda to send data to ES.
    * With an EC2 instance to search item with ES and fetch items from DynamoDB.
  * ElasticSearch for CloudWatch
    * CloudWatch logs with a subscription filter to trigger, then use:
      * Lambda (real time) to send data to ES.
      * Kinesis Data Firehose (near real time, but cheaper) to send data to ES.