What Elasticsearch Developers Actually Do
"Elasticsearch Developer" can mean different things depending on your needs:
Application Developers with Elasticsearch Skills
Most common need. These developers:
- Integrate Elasticsearch into applications for search functionality
- Write queries and aggregations for search features
- Design index mappings and document structures
- Implement search relevance tuning
- Use Elasticsearch client libraries in their language
Every backend developer building search features should have basic Elasticsearch knowledge.
Search Engineers / Relevance Specialists
Specialized role focusing on:
- Optimizing search relevance and ranking algorithms
- Designing complex query structures and filters
- Tuning analyzers and tokenizers for domain-specific search
- Implementing faceted search, autocomplete, and suggestions
- A/B testing search improvements
Needed when search quality directly impacts your business metrics.
DevOps / Infrastructure Engineers (ELK Stack)
Focus on operations:
- Managing Elasticsearch clusters and node configuration
- Setting up Logstash pipelines for log ingestion
- Building Kibana dashboards for monitoring
- Handling cluster scaling, sharding, and replication
- Performance tuning and capacity planning
Needed when Elasticsearch is critical infrastructure at scale.
Skill Levels: What to Test For
Level 1: Basic Elasticsearch (Every Backend Dev)
- Write basic queries (match, term, bool)
- Create indexes and mappings
- Understand document structure (JSON)
- Use Elasticsearch client library
- Basic aggregations (terms, date_histogram)
Red flag: Never used Elasticsearch or any search engine
Level 2: Competent Elasticsearch User
- Designs effective index mappings
- Writes complex queries with filters and aggregations
- Understands relevance scoring basics
- Implements search features (facets, autocomplete)
- Handles basic cluster concepts (shards, replicas)
This is the minimum for backend developers building search features.
Level 3: Elasticsearch Expert
- Optimizes search relevance systematically
- Designs analyzers and custom tokenizers
- Manages large-scale clusters (100+ nodes)
- Tunes performance (query optimization, caching)
- Understands Lucene internals and scoring algorithms
This is Search Engineer or Infrastructure Engineer territory.
Common Use Cases and What to Look For
Application Search
Product catalogs, content search, user search:
- Priority skills: Query design, relevance tuning, faceted search
- Interview signal: "How would you build search for an e-commerce site?"
- Red flag: Only knows basic match queries, no relevance understanding
Log Analysis (ELK Stack)
Centralized logging and monitoring:
- Priority skills: Logstash pipelines, index templates, Kibana dashboards
- Interview signal: "How would you ingest and analyze application logs?"
- Red flag: Doesn't understand log aggregation patterns
Security Analytics
SIEM, threat detection, security monitoring:
- Priority skills: Complex aggregations, alerting, anomaly detection
- Interview signal: "How would you detect suspicious patterns in logs?"
- Red flag: No experience with security use cases
Business Intelligence / Analytics
Real-time analytics and reporting:
- Priority skills: Aggregations, date histograms, nested queries
- Interview signal: "How would you build a real-time analytics dashboard?"
- Red flag: Treats Elasticsearch like a traditional database
Full-Text Search
Document search, content discovery:
- Priority skills: Analyzers, tokenizers, relevance scoring
- Interview signal: "How would you improve search relevance?"
- Red flag: Doesn't understand how analyzers affect search
Common Hiring Mistakes
1. Testing Basic Queries Only
Knowing how to write a match query doesn't differentiate candidates. Test relevance understanding, index design, and complex query patterns.
2. Ignoring Relevance Expertise
Many developers can write queries but struggle with relevance tuning. Search quality directly impacts user experience—test their understanding of scoring and ranking.
3. Overlooking Cluster Management
Elasticsearch is distributed by nature. Good candidates understand sharding, replication, and cluster health—not just single-node usage.
4. Not Understanding Use Case Fit
Elasticsearch isn't always the right choice. Test their understanding of when Elasticsearch fits vs. databases vs. specialized search solutions.
5. Conflating Elasticsearch with Databases
Elasticsearch is optimized for search, not transactions. Candidates who treat it like PostgreSQL will struggle with proper use cases.
Interview Approach
For Application Developers (Elasticsearch as Skill)
Focus on practical scenarios:
- "Design search for an e-commerce product catalog"
- "How would you implement autocomplete?"
- "Explain how you'd improve search relevance"
For Search Engineers (Elasticsearch as Focus)
Focus on advanced topics:
- "Design a relevance scoring algorithm"
- "How would you scale Elasticsearch for 1B+ documents?"
- "Explain analyzer design for domain-specific search"
Recruiter's Cheat Sheet
Questions That Reveal Skill Level
| Question | Junior Answer | Senior Answer |
|---|---|---|
| "How do you improve search relevance?" | "Add more fields to the query" | Explains TF-IDF, boosting, function_score, query-time vs index-time tuning |
| "What's the difference between match and term queries?" | "They're different" | Explains analyzed vs exact match, when to use each, performance implications |
| "How do you scale Elasticsearch?" | "Add more servers" | Explains sharding strategy, replica configuration, node types, cluster architecture |
Resume Green Flags
- Specific search improvements ("Improved search relevance by 40%")
- Production scale experience ("Managed 50-node Elasticsearch cluster")
- Mentions specific features (analyzers, aggregations, Kibana dashboards)
- ELK stack experience (not just Elasticsearch)
- Relevance tuning and A/B testing experience
Resume Red Flags
- Only lists "Elasticsearch" without specifics
- No mention of search relevance or ranking
- "Expert in Elasticsearch" but only tutorial projects
- Claims Elasticsearch expertise but treats it like a database
Elasticsearch Concepts to Understand
Indexes and Documents
- Index: Like a database in traditional systems
- Document: A JSON object stored in an index
- Mapping: Schema definition (field types, analyzers)
Shards and Replicas
- Shard: Horizontal partition of an index
- Replica: Copy of a shard for redundancy
- Primary shard: Original shard that handles writes
Query Types
- Match: Full-text search with analysis
- Term: Exact match without analysis
- Bool: Combines multiple queries with AND/OR/NOT
- Aggregations: Analytics and grouping (like SQL GROUP BY)
Relevance Scoring
- TF-IDF: Term frequency-inverse document frequency
- Boosting: Increasing importance of certain fields
- Function Score: Custom scoring functions
Good Elasticsearch developers understand these concepts and when to use each.
ELK Stack Components
Elasticsearch
The search and analytics engine:
- Stores and indexes data
- Handles queries and aggregations
- Manages cluster operations
Logstash
Data processing pipeline:
- Ingests data from various sources
- Transforms and enriches data
- Outputs to Elasticsearch
Kibana
Visualization and dashboard tool:
- Creates dashboards and visualizations
- Explores data interactively
- Manages Elasticsearch cluster
Understanding the full ELK stack is valuable for many roles.