Bird
Raised Fist0
Elasticsearchquery~3 mins

Why Runtime fields in Elasticsearch? - Purpose & Use Cases

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Big Idea

What if you could add new searchable fields instantly, without touching your stored data?

The Scenario

Imagine you have a huge collection of documents in Elasticsearch, and you suddenly realize you need to analyze or filter data based on a new field that wasn't stored before.

Without runtime fields, you'd have to reindex all your data or create complex scripts outside Elasticsearch to get the results you want.

The Problem

Manually reindexing data is slow and costly, especially with large datasets.

External scripts add complexity and delay, making your searches less responsive and harder to maintain.

It's like trying to fix a recipe after baking the cake -- too late and too much work!

The Solution

Runtime fields let you define new fields on the fly inside Elasticsearch queries without changing your stored data.

This means you can create, transform, or calculate fields dynamically during search time, making your queries flexible and fast.

Before vs After
Before
Reindex all documents to add a new field before searching.
After
Use 'runtime_mappings' in your query to define a new field dynamically without reindexing.
What It Enables

Runtime fields enable instant, flexible data exploration and filtering without waiting for data changes or reindexing.

Real Life Example

Suppose you want to filter products by a discounted price that isn't stored but calculated from the original price and discount rate -- runtime fields let you do this instantly during search.

Key Takeaways

Runtime fields avoid costly reindexing by creating fields on the fly.

They make your Elasticsearch queries more flexible and powerful.

They help you explore and analyze data dynamically without changing stored documents.

Practice

(1/5)
1. What is the main purpose of runtime fields in Elasticsearch?
easy
A. To backup the index data automatically
B. To create new fields dynamically during search without changing stored data
C. To delete existing fields from documents
D. To permanently add new fields to the index mapping

Solution

  1. Step 1: Understand runtime fields concept

    Runtime fields are used to add fields dynamically at query time without modifying the stored data.

  2. Step 2: Compare options with concept

    Only To create new fields dynamically during search without changing stored data describes creating fields dynamically during search without changing stored data.

  3. Final Answer:

    To create new fields dynamically during search without changing stored data -> Option B

  4. Quick Check:

    Runtime fields = dynamic fields at search time [OK]
Hint: Runtime fields add data on-the-fly, not stored permanently [OK]
Common Mistakes:
  • Confusing runtime fields with permanent mapping changes
  • Thinking runtime fields modify stored documents
  • Assuming runtime fields delete data
2. Which of the following is the correct syntax to define a runtime field named full_name that concatenates first_name and last_name using painless script?
easy
A. { "runtime_mappings": { "full_name": { "type": "keyword", "script": "return doc['first_name'] + ' ' + doc['last_name']" } } }
B. { "mappings": { "full_name": { "type": "text" } } }
C. { "runtime_fields": { "full_name": { "type": "keyword", "script": "emit(doc['first_name'].value + ' ' + doc['last_name'].value)" } } }
D. { "runtime_mappings": { "full_name": { "type": "keyword", "script": { "source": "emit(doc['first_name'].value + ' ' + doc['last_name'].value)" } } } }

Solution

  1. Step 1: Identify correct runtime field syntax

    Runtime fields are defined under runtime_mappings with a type and a script object containing source code.

  2. Step 2: Check script correctness

    { "runtime_mappings": { "full_name": { "type": "keyword", "script": { "source": "emit(doc['first_name'].value + ' ' + doc['last_name'].value)" } } } } uses emit() inside source string and accesses doc['field'].value correctly.

  3. Final Answer:

    { "runtime_mappings": { "full_name": { "type": "keyword", "script": { "source": "emit(doc['first_name'].value + ' ' + doc['last_name'].value)" } } } } -> Option D

  4. Quick Check:

    runtime_mappings + emit() + doc['field'].value = correct syntax [OK]
Hint: Use runtime_mappings with script source and emit() for runtime fields [OK]
Common Mistakes:
  • Using mappings instead of runtime_mappings
  • Missing emit() function in script
  • Incorrect script syntax without source object
3. Given this runtime field definition in a search query:
{
  "runtime_mappings": {
    "age_plus_ten": {
      "type": "long",
      "script": {
        "source": "emit(doc['age'].value + 10)"
      }
    }
  }
}

What will be the value of age_plus_ten for a document with age = 25?
medium
A. 35
B. 15
C. 25
D. Error: field not found

Solution

  1. Step 1: Understand the script logic

    The script emits the value of age field plus 10.

  2. Step 2: Calculate the result for age=25

    25 + 10 = 35.

  3. Final Answer:

    35 -> Option A

  4. Quick Check:

    age + 10 = 35 [OK]
Hint: Add 10 to age field value as scripted [OK]
Common Mistakes:
  • Confusing addition with subtraction
  • Assuming runtime fields modify stored data
  • Expecting syntax error instead of calculation
4. You wrote this runtime field script:
{
  "runtime_mappings": {
    "discounted_price": {
      "type": "double",
      "script": {
        "source": "emit(doc['price'].value * 0.9)"
      }
    }
  }
}

But the query fails with an error: Field [price] not found in doc. What is the likely cause?
medium
A. Runtime fields cannot use numeric types
B. The script syntax is incorrect
C. The price field is missing in some documents
D. The discounted_price field must be defined in mappings

Solution

  1. Step 1: Analyze error message

    Error says price field not found in document, meaning some docs lack this field.

  2. Step 2: Understand runtime field behavior

    Runtime scripts fail if they access missing fields without checks.

  3. Final Answer:

    The price field is missing in some documents -> Option C

  4. Quick Check:

    Missing field in doc causes runtime script error [OK]
Hint: Check if all docs have fields used in runtime scripts [OK]
Common Mistakes:
  • Assuming script syntax error without checking data
  • Thinking runtime fields require mapping changes
  • Ignoring missing field presence in documents
5. You want to create a runtime field status that returns "adult" if age ≥ 18, otherwise "minor". Which painless script correctly implements this logic?
hard
A. "emit(doc['age'].value >= 18 ? 'adult' : 'minor')"
B. "if (doc['age'].value >= 18) { return 'adult' } else { return 'minor' }"
C. "emit(doc['age'] >= 18 ? 'adult' : 'minor')"
D. "emit(doc['age'].value > 18 ? 'adult' : 'minor')"

Solution

  1. Step 1: Check correct painless syntax for runtime fields

    Runtime fields use emit() to output values; accessing field value requires doc['age'].value.

  2. Step 2: Verify conditional logic

    "emit(doc['age'].value >= 18 ? 'adult' : 'minor')" uses ternary operator with >= 18 and emits 'adult' or 'minor' correctly.

  3. Final Answer:

    "emit(doc['age'].value >= 18 ? 'adult' : 'minor')" -> Option A

  4. Quick Check:

    emit() + ternary + doc['age'].value = correct [OK]
Hint: Use emit() with ternary and doc['field'].value for conditions [OK]
Common Mistakes:
  • Using return instead of emit() in runtime fields
  • Accessing doc['age'] without .value
  • Using > instead of >= changing logic