r/elasticsearch

What kind of questions would you ask about this Elasticsearch project in a junior interview?

Hi everyone!

I'm preparing for my first technical interview and would really appreciate some advice from people who work with Elasticsearch.

My interview task was to deploy a 3-node Elasticsearch cluster using Ansible. I decided to run everything locally with Docker Compose instead of VMs because of my laptop resources.

Besides Elasticsearch, I also added:

Kibana

Metricbeat

Filebeat

Everything is automated with Ansible roles.

My lecturer told me that during the interview they'll mostly evaluate my way of thinking, not whether I remember every API by heart. I have absolutely no idea what "my way of thinking" even means.

So I'd like to ask experienced engineers:

If you were interviewing a junior candidate who built this project, what questions would you ask?

What topics would you expect them to understand?

Thanks!

reddit.com
u/Nomosann — 14 hours ago

the ELK server crashes, or a commit breaks the log format, and this failure causes a hole in the logs

Hi, I'm a bit annoyed about the fact that I can lose logs, and I'm starting to think maybe I should fix it generically instead of tailoring special alerts and rules in the observability layer.

  • Someone pushed a change and it broke the log format, so now there's a hole in the logs — but everything's green. The new format causes a parsing error into the index, and a parsing-error log often goes unnoticed. The solution I see is an alert with a threshold, but then someone still has to go check what's actually going on.
  • Sometimes the ELK server takes the logs with a lag, or even crashes silently, and you end up with a hole in some indexes.

How do you guys catch this? Logs/events silently stopping, with no error to fire on. Do you alert on expected volume, or is there something less hacky? Curious if everyone just eats it, or if there's an actual approach.

reddit.com
u/Jaded-Share-6329 — 5 days ago

ElasticSearch upgrade 8.19 -> 9.4

Hi all.
I have a question from your experience. I'm planning to do ElasticSearch upgrade from 8.11 to 8.19 and then 8.19 to 9.4. The cluster consists of 50 nodes, so I'm planning to do it in multiple days, but I'm concerned whether there can be issues during that time, when the nodes have different versions, as I know it can be an issue during relocation. Have you encountered such issue, or do you have better ideas about the upgrade plan?
I will do the whole cluster to 8.19 first then to 9.4 afterwards.

reddit.com
u/Rosie871 — 11 days ago