Drilldowns are the bread and butter of analytics. By using subsequent drilldowns to reach a result, you decreased cognitive load, improved sense of location during the search, and better understand your search result. Information retrieval engines such as Elasticsearch are well known to be great backends for explorative drilldowns and have been powering data exploration for more than a decade in domains ranging from ecommerce to log analysis. However, Elasticsearch doesn’t have relational join capabilities, so drilldowns cannot take “record to record” relations in consideration.

Giovanni Tummarello (Siren) explores a plug-in for Elasticsearch that adds cluster distributed joins and demonstrates how it enables an exciting array of use cases dealing with interconnected or “Knowledge Graph” enterprise data. Thanks to these capabilities, and a lightweight semantic modeling layer, at frontend level, this allows you to move from simple drilldowns to relational drilldowns and also get network and link analysis. As a result, Elasticsearch can be used to address at very large scale much higher-value use cases in cybersecurity, fraud detection, law enforcement, intelligence, and life sciences.

Prerequisite knowledge

• Familiarity with Elasticsearch

What you'll learn

• See relational drilldown capabilities
• Discover Elasticsearch scale (and speed) navigation of interconnected data
• Understand how this is an equivalent to navigating the enterprise knowledge graph at scale

This session is from the 2019 O'Reilly Strata Conference in New York, NY.