Bird
Raised Fist0
Elasticsearchquery~20 mins

Cross-cluster search in Elasticsearch - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Cross-Cluster Search Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
Output of a basic cross-cluster search query
What is the output of the following Elasticsearch cross-cluster search query when searching for documents with status:active across two clusters named clusterA and clusterB?
Elasticsearch
GET clusterA:logs-2023,clusterB:logs-2023/_search
{
  "query": {
    "term": { "status": "active" }
  }
}
ARaises an error because cross-cluster search requires a special plugin
BReturns documents only from clusterA because clusterB is not included in the query
CReturns documents from clusterB only because clusterA is ignored in cross-cluster search
DReturns all documents with status 'active' from both clusterA and clusterB indices named logs-2023
Attempts:
2 left
💡 Hint
Cross-cluster search allows querying multiple clusters by prefixing the index name with the cluster alias.
🧠 Conceptual
intermediate
1:30remaining
Understanding remote cluster configuration
Which statement correctly describes how to configure a remote cluster for cross-cluster search in Elasticsearch?
AYou must add the remote cluster's seed nodes in the local cluster's settings under <code>cluster.remote.<cluster_name>.seeds</code>
BRemote clusters are automatically discovered without any configuration
CYou need to install a plugin on both clusters to enable remote cluster communication
DRemote clusters must share the same cluster name to be searchable
Attempts:
2 left
💡 Hint
Think about how the local cluster knows where to find the remote cluster nodes.
🔧 Debug
advanced
2:00remaining
Identify the error in cross-cluster search query
Given the following cross-cluster search query, what error will Elasticsearch return?
Elasticsearch
GET clusterX:logs-2023/_search
{
  "query": {
    "match": { "message": "error" }
  }
}
A"No such remote cluster [clusterX]" error because clusterX is not configured
BSyntaxError due to missing curly braces around the query
CReturns empty results because no documents contain 'error' in message
DTimeout error because cross-cluster search is disabled by default
Attempts:
2 left
💡 Hint
Check if the remote cluster alias is configured in the local cluster.
📝 Syntax
advanced
1:30remaining
Correct syntax for cross-cluster search index pattern
Which option shows the correct syntax to search across indices named logs-2023 in remote clusters east and west simultaneously?
AGET logs-2023@east,logs-2023@west/_search
BGET east:logs-2023,west:logs-2023/_search
CGET logs-2023:east,logs-2023:west/_search
DGET east.logs-2023,west.logs-2023/_search
Attempts:
2 left
💡 Hint
Remember the format is cluster_alias:index_name.
🚀 Application
expert
2:30remaining
Result count from cross-cluster search with filters
You run this cross-cluster search query to count documents with status:failed in clusters alpha and beta. Cluster alpha has 5 matching documents, beta has 3. What is the value of hits.total.value in the response?
Elasticsearch
GET alpha:app-logs,beta:app-logs/_search
{
  "query": {
    "term": { "status": "failed" }
  }
}
A5
B3
C8
D0
Attempts:
2 left
💡 Hint
Cross-cluster search merges results from all targeted clusters.

Practice

(1/5)
1. What is the main purpose of cross-cluster search in Elasticsearch?
easy
A. To monitor cluster health status remotely
B. To backup data from one cluster to another
C. To merge two clusters into one
D. To search data across multiple Elasticsearch clusters using a single query

Solution

  1. Step 1: Understand cross-cluster search concept

    Cross-cluster search allows querying data from multiple clusters in one search request.

  2. Step 2: Differentiate from other cluster operations

    It does not merge clusters, backup data, or monitor health but focuses on searching data.

  3. Final Answer:

    To search data across multiple Elasticsearch clusters using a single query -> Option D

  4. Quick Check:

    Cross-cluster search = search across clusters [OK]
Hint: Cross-cluster search = one query, many clusters [OK]
Common Mistakes:
  • Confusing search with backup or monitoring
  • Thinking it merges clusters
  • Assuming it manages cluster health
2. Which syntax correctly specifies a remote cluster alias in a cross-cluster search query?
easy
A. GET /remote_cluster:index/_search
B. GET /index@remote_cluster/_search
C. GET /index/remote_cluster/_search
D. GET /remote_cluster/_search/index

Solution

  1. Step 1: Recall remote cluster alias syntax

    The correct syntax uses remote_cluster:index to specify the cluster alias and index.

  2. Step 2: Check each option format

    Only GET /remote_cluster:index/_search matches the correct pattern: GET /remote_cluster:index/_search.

  3. Final Answer:

    GET /remote_cluster:index/_search -> Option A

  4. Quick Check:

    Alias:index/_search = correct syntax [OK]
Hint: Use alias:index/_search to target remote cluster data [OK]
Common Mistakes:
  • Placing alias after index
  • Using slashes instead of colon
  • Misordering parts of the URL
3. Given this cross-cluster search query:
GET /clusterA:logs-2023/_search
{
  "query": { "match_all": {} }
}

What data will this query return?
medium
A. All documents from the local cluster's logs-2023 index
B. All documents from the logs-2023 index in clusterA
C. Documents matching "clusterA" in the logs-2023 index
D. An error because cluster alias is missing

Solution

  1. Step 1: Identify cluster alias usage

    The query uses clusterA:logs-2023, meaning it targets the logs-2023 index on remote cluster named clusterA.

  2. Step 2: Understand the query body

    The match_all query returns all documents from that index on clusterA.

  3. Final Answer:

    All documents from the logs-2023 index in clusterA -> Option B

  4. Quick Check:

    Alias:index with match_all = all remote docs [OK]
Hint: Alias:index means search that index on remote cluster [OK]
Common Mistakes:
  • Assuming it searches local cluster
  • Thinking it filters by cluster name in data
  • Believing alias is optional
4. You run this cross-cluster search query:
GET /remoteCluster:products/_search
{
  "query": { "term": { "category": "electronics" } }
}

But get an error: no such remote cluster. What is the likely cause?
medium
A. The query syntax is invalid for cross-cluster search
B. The index 'products' does not exist on the remote cluster
C. The remote cluster alias 'remoteCluster' is not configured in the local cluster
D. The term query cannot be used in cross-cluster search

Solution

  1. Step 1: Analyze the error message

    The error no such remote cluster means the alias 'remoteCluster' is unknown to the local cluster.

  2. Step 2: Check configuration requirements

    Remote clusters must be configured before use; missing alias causes this error.

  3. Final Answer:

    The remote cluster alias 'remoteCluster' is not configured in the local cluster -> Option C

  4. Quick Check:

    Missing alias config = no such remote cluster error [OK]
Hint: Configure remote cluster alias before querying [OK]
Common Mistakes:
  • Assuming index absence causes this error
  • Blaming query syntax for alias errors
  • Thinking term queries are unsupported
5. You want to search the sales-2023 index across two remote clusters named clusterX and clusterY. Which query correctly searches both clusters and returns combined results?
hard
A. GET /clusterX:sales-2023,clusterY:sales-2023/_search { "query": { "match_all": {} } }
B. GET /sales-2023/_search { "query": { "match_all": {} }, "clusters": ["clusterX", "clusterY"] }
C. GET /clusterX:clusterY:sales-2023/_search { "query": { "match_all": {} } }
D. GET /sales-2023/_search { "query": { "match_all": {} }, "remote_clusters": ["clusterX", "clusterY"] }

Solution

  1. Step 1: Recall syntax for multiple remote clusters

    To search multiple clusters, use comma-separated list of <code>cluster_alias:index</code>, like <code>clusterX:sales-2023,clusterY:sales-2023</code>.

  2. Step 2: Evaluate each option

    GET /clusterX:sales-2023,clusterY:sales-2023/_search { "query": { "match_all": {} } } uses <code>clusterX:sales-2023,clusterY:sales-2023</code> which is correct syntax for cross-cluster search across multiple clusters.

  3. Final Answer:

    GET /clusterX:sales-2023,clusterY:sales-2023/_search { "query": { "match_all": {} } } -> Option A

  4. Quick Check:

    clusterX:sales-2023,clusterY:sales-2023/_search = multi-cluster search [OK]
Hint: comma-separate alias:index for multi-cluster search [OK]
Common Mistakes:
  • Using multiple colons instead of commas
  • Adding cluster names inside query body
  • Assuming local index searches multiple clusters