Trifork Blog

Category ‘From The Trenches’

Refactoring from Elasticsearch version 1 with Java Transport client to version 6 with High Level REST client

February 27th, 2018 by

Every long running project accrues technical debt. It may be that the requirements today have evolved in a different direction from what was foreseen when the project was designed, or it may be that difficult infrastructure tasks have been put off in favor of new functionality. From time to time, you need to refactor your code to clean up this technical debt. I recently finished such a refactoring task for a customer, so in the category ‘from the trenches’, I would like to share the story here.

Elasticsearch exposes both a REST interface and the internal Java API, via the binary transport client, for connecting with the search engine. Just over a year ago, Elastic announced to the world that it plans to deprecate the transport client in favor of the high level REST client, “as soon as the REST client is feature complete and is mature enough to replace the Java API entirely”. The reasons for this are clearly explained in Luca Cavanna’s blogpost, but the most important disadvantage is that using the transport client, you introduce a tight coupling between your application and the exact major and minor release of your ES cluster. As long as Elasticsearch exposes its internal API, it has to worry about breaking thousands of applications all over the world that depend on it.

The “as soon as…” timetable sounds somewhat vague and long term, but there may be good reasons to migrate your search functionality now, rather than later. In the case of our customer, their reason is wanting to use the AWS Elasticsearch service. The entire codebase is already running in AWS, and for the past few years they have been managing their own Elasticsearch cluster running in EC2 instances. This turns out to be labor intensive when updates have to be applied to these VMs. It would be easier and probably cheaper to let Amazon manage the cluster. As the AWS Elasticsearch service only exposes the REST API, the dependence on the transport protocol will have to be removed.

Action plan

The starting situation was a dependency on Elasticsearch 1.4.5, using the Java API. The goal was the most recent Elasticsearch version available in the Amazon Elasticsearch Service, which at the time was 6.0.2, using the REST API.

In order to reduce the complexity of the refactoring operation, we decided early on, to reindex the data, rather than trying to convert the indices. Every Elasticsearch release comes with a handy list of breaking changes. Looking through this list, we tried to make a list of breaking changes that would likely affect the search implementation of our customer. There are more potential breaking changes than listed here, but these are the ones that an initial investigation suggested might have an impact:

1.x – 2.x:

  • Facets replaced by aggregations
  • Field names can’t contain dots

2.x – 5.x:

5.x – 6.0:

  • Support for indices with multiple mapping types dropped

The plan was first to convert the existing code to work with ES 6, and only then migrate from the transport client to the High Level REST client.


The entire search functionality, originally written by our former colleague Frans Flippo, was exhaustively covered by unit- and integration tests, so the first step was to update the maven dependency to the current version, run the tests, and see what broke. First there were compilation errors that were easily fixed. Some examples:

Replace FilterBuilder with QueryBuilder, RangeFilterBuilder with RangeQueryBuilder, TermsFilterBuilder with TermsQueryBuilder, PercolateRequestBuilder with PercolateQueryBuilder etc, switch to HighlightBuilder for highlighters, replace ‘fields’ with ‘storedFields’. The count API was removed in version 5.5, and its use had to be replaced by executing a search with size 0. Facets had already been replaced by aggregations by our colleague Attila Houtkooper, so we didn’t have to worry about that.

In ES 5, the suggest API was removed, and became part of the search API. This turned out not to have an impact on our project, because the original developer of the search functionality implemented a custom suggestions service based on aggregation queries. It looks like he wanted the suggestions to be ordered by the number of occurrences in a ‘bucket’, which couldn’t be implemented using the suggest API at the time. We decided that refactoring this to use Elasticsearch suggesters would be new functionality, and outside the scope of this upgrade, so we would continue to use aggregations for now.

Some updates were required to the index mappings. The most obvious one was replacing ‘string’ with either ‘text’ or ‘keyword’. Analyzer became search_analyzer, while index_analyzer became analyzer.

Syntax ES 1:

"fields": {
    "analyzed": {
        "type": "string",
        "analyzer" : "dutch",
        "index_analyzer": "default_min_word_length_2"
    "not_analyzed": {
        "type": "string",
        "index": "not_analyzed"

Syntax ES 6:

"fields": {
  "analyzed": {
    "type": "text",
    "search_analyzer": "dutch",
    "analyzer": "default_min_word_length_2"
  "not_analyzed": {
    "type": "keyword",
    "index": true

Document id’s were associated with a path:

"_id": {
    "path": "id"

The _id field is no longer configurable, so in order to have document ids in Elasticsearch match ids in the database, the id has to be set explicitly, or Elasticsearch will generate a random one.

All in all, it was roughly a day of work to get the project to compile and ready to run the unit tests. All of them were red.

Running Elasticsearch integration tests

The integration tests depended on a framework that spun up an embedded Elasticsearch node, to run the tests against. This mechanism is no longer supported. Though with some effort it is still possible to get this to work, the main point of the operation was to move the search implementation back into ‘supported’ territory, so we decided to abandon this approach.

First we tried out the integration test framework offered  by Elasticsearch: ESIntegTestCase. Unfortunately, this framework turns out to be highly opinionated. It wants the tests to run under the RandomizedRunner, which is also used to test Lucene. In order to work with the ESIntegTestCase, we would have had to partially rewrite most of the existing integration tests. Ideally, you can rely on the unit tests to prove that your refactoring preserved the expected functionality. If you have to change the tests, you run the risk that you end up ‘fixing’ a test to make it green. We decided to go with the Elasticsearch maven plugin instead, which required no code changes to the tests other than configuring the ES client.

    <version>6.0</version> <!--Plugin version-->
        <version>6.0.2</version> <!--Elasticsearch version-->

That’s all there is to it. With this configuration, when maven enters the pre-integration test phase, the plugin starts a single node elasticsearch cluster of version 6.0.2 in a new process, listening to ports 9500 and 9400, runs the tests, and then stops the cluster and cleans up. The plugin allows a more fine grained configuration of the cluster, including ES plugins, but we were trying to replace a simple embedded ES node, so this was unnecessary. Now all the tests were yellow: the project compiles, tests run and assertions fail.

Fixing the pitfalls

Some search results were missing data. In version 1.x, fields added to your query were retrieved from the _source field, and returned in your search result. Where we replaced these with storedFields, the fields in question had to be explicitly marked as stored fields in the mapping. Fields that are not stored, are included in your search, but not returned in the search result. This can be useful in queries where you want to retrieve just a few fields from a large document.

Some aggregations were failing with the message ‘Fielddata is disabled on text fields by default’. In ES 1, there were ‘string’ fields, not ‘text’ and ‘keyword’ fields. By default, operations like sorting and aggregations are not allowed on ‘text’ fields, unless you explicitly mark the field as such, with “fielddata”:true. This is generally not a good idea on analyzed fields, as it can cause a substantial performance hit, and may return results you were probably not expecting. We decided to use “copy_to” to make ‘keyword’ type copies of the fields in question to run the aggregations on.

It seems that ES 1.4 supported the java regex engine, while ES 6.x uses a different one, which doesn’t support boundary matchers such as \b. Luckily there was a workaround, which should work in most cases.

In the REST API, a query field can be boosted with a caret: “fields”:[ “title^5”]. In this search implementation based on the transport client, this was implemented by appending ^ and the boost to the field name: “title^”+titleBoost. In ES 6, this approach no longer seemed to work. There was a  clear difference in results between a query through the Java API, and executing the exact same query, via the toString() method of the QueryBuilder, using the REST API. The correct approach is myQueryStringQueryBuilder.field(fieldName, boost). Because the query looked fine in the console, and worked fine when copied and run against the REST API, this pitfall was not immediately obvious.

Differences in search results

A fair number of the tests failed because the order of search results by relevance had changed between ES 1 and 6. From the way the tests were written, we got the impression that in ES 1, documents with the exact same score were returned in the order in which they were indexed, while in ES 6, this doesn’t seem to be the case. We could have made the tests ‘green’, by adding an additional sort by id after the _score, which would make the test perform consistently over our tiny artificial test data set, but this didn’t ‘feel’ right. We didn’t find an explicit mention of this behavior in the documentation, or any change over ES versions, and there wasn’t a good use case for it. The numerical value of the document id has no special relevance to the users. In real world data, search results with the exact same _score would probably be exactly equally relevant, and the customer agreed with us not to second guess Elasticsearch and Lucene on the matter of search result relevance.

A more interesting issue was a test where documents that looked more relevant to us, were now getting a lower score than seemingly less relevant ones. The tiny data set for these tests contained a large number of mentions of the search term in the queries. Somehow, documents that contained an additional, boosted, field that matched the search term, were scoring lower than an otherwise identical document where one of those fields was left blank. The weight of a search term is the product of a function that combines the term frequency, the inverse document frequency and the boost on a field. Artificially packing a document with more mentions of the search term was actually making a match on this search term less relevant to Lucene. We could have spent considerable time tweaking the queries to make documents in our very artificial test data set equally relevant to ES 6 as they were to ES 1, but the customer agreed with us that this wasn’t the way to go. Considerable effort in the development of search engines goes into making search results more relevant. It seemed like a good idea to trust the experts at Elastic and Lucene when it comes to search result relevance, so the customer agreed we shouldn’t spend a lot of time trying to replicate the behavior of a more primitive version of the search engine, fine tuned to a tiny, artificial test data set. All tests were now green. On to the next stage.

Migrating to the High Level REST Client

In order to work with the Amazon Elasticsearch Service, we had to remove the dependence on the transport client. In the long term, this is a good idea anyway, as Elastic intends to deprecate and ultimately remove this client. In order to facilitate the move away from the transport client, ES has been working on the so called High Level REST Client. This client uses the low level REST client to send requests, but accepts the existing query builders from the Java API, and returns the same response objects. At least in theory, this should allow you to move your search functionality to the new client with minimal code changes. When it came to searching, practice matched this theory quite nicely. Here is a pseudocode representation of the syntax using the transport client:

// Query
SearchRequestBuilder searchRequestBuilder = client.prepareSearch(indexName);

// Paging
searchRequestBuilder.setFrom(maxSize * formObject.getPage());

// Fields to return
for (String field : formObject.getRequestedFields()) {

// Filters

// Sorting
searchRequestBuilder.addSort(formObject.getSortField(), toSortOrder(formObject.getSortOrder()));


SearchResponse searchResponse = searchRequestBuilder.execute().actionGet();

And here is the syntax using the High Level REST Client

// Query
SearchSourceBuilder sb = new SearchSourceBuilder();

// Paging
sb.from(maxSize * formObject.getPage());

// Fields to return

// Filters

// Sorting
sb.sort(formObject.getSortField(), toSortOrder(formObject.getSortOrder()));

SearchRequest request = new SearchRequest(indexName);


SearchResponse searchResponse =;


The query builders were accepted as they were, and the search response object was the same. We ran the tests, and they were still green. The search service no longer depended on the transport client. For indexing operations, the conversion was similarly straight forward:

BulkRequestBuilder indexBulkRequestBuilder = client.prepareBulk();
IndexRequestBuilder indexRequestBuilder = client.prepareIndex(indexName, objectType);
String json = jsonConverter.convertToJson(domainObject);
indexRequestBuilder.setSource(new BytesArray(json), XContentType.JSON);
BulkResponse response = indexBulkRequestBuilder.execute().actionGet();

And with the Low level REST client:

BulkRequest bulkRequest = new BulkRequest();
IndexRequest indexRequest = new IndexRequest();
String json = jsonConverter.convertToJson(domainObject);
indexRequest.source(new BytesArray(json), XContentType.JSON);
BulkResponse response = client.bulk(bulkRequest);

Now for the admin operations that manage indices. In our target release of Elasticsearch, 6.0.2, the indices API was not yet supported. In the current release (6.2 at the time of writing this blog), there is support for this, so at first we tried using the 6.2 version of the ES libraries, against a cluster running 6.0.2. This turned out to break the search functionality. The 6.2 version of the query builders was including keywords in some queries, that were not yet supported in 6.0. Elastic had warned about this in their announcement mentioned earlier:

“… the high-level client still depends on Elasticsearch, like the Java API does today. This may not be ideal, as it still ties users of the client to depend on a certain version of Elasticsearch, but this decision allows users to migrate away more easily from the transport client. We would like to get rid of this direct dependency in the future, but since this is a separate long-term project, we didn’t want this to affect the timing of the client’s first release.”

As the High Level REST Client implementation wasn’t directly compatible with the admin operations in our application anyway, we decided to just implement these features using the Low Level REST client. Here is an example of creating an index template using the transport client

String template = readFile(templateFileName);

            .setSource(new BytesArray(template), XContentType.JSON)

And here is the same operation using the low level REST client:

String template = readFile(templateFileName);

HttpEntity entity = new NStringEntity(template, ContentType.APPLICATION_JSON);

client.performRequest("PUT", "_template/" + templateName, emptyMap(), entity);

The index name pattern now had to be included in the template JSON and was no longer dynamically configurable in the code, but this was not a problem for our application. With all the tests nice and green, the project was done!


Software problems always seem easy once you know how to solve them. This report from the trenches may give the impression that this was a simple, straight forward migration that only took a few days, but in reality the whole project involved several weeks of investigation, backtracking from dead ends, and a lot of trial and error. Hopefully, this blog can help fellow Java developers who are tasked with the same problem save a lot of time, or you could contact Trifork to provide a helping hand.

How to send your Spring Batch Job log messages to a separate file

April 14th, 2017 by

In one of my current projects we’re developing a web application which also has a couple of dozen batch jobs that perform all sort of tasks at particular times. These jobs produce quite a bit of logging output when they’re run, which is important to see what has happened during a job exactly. What we noticed however, is that the batch logging would make it hard to quickly spot the other logging performed by the application while also running a batch job. In addition to that, it wasn’t always clear in the context of what job a log statement was issued.
To address these issues I came up with a simple solution based on Logback Filters, which I’ll describe in this blog.

Logback Appenders

We’re using Logback as a logging framework. Logback defines the concept of appenders: appenders are responsible for handling the actual log messages emitted by the loggers in the application by writing them to the console, to a file, to a socket, etc.
Many applications define one or more appenders and them simply list them all as part of their root logger section in the logback.xml configuration file:

<configuration scan="true">

  <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
    <encoder class="net.logstash.logback.encoder.LogstashEncoder"/>

  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
      <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %mdc %-5level %logger{36} - %msg%n</pattern>
  <root level="info">
    <appender-ref ref="LOGSTASH"/>
    <appender-ref ref="FILE"/>


This setup will send all log messages to both of the configured appenders. Read the rest of this entry »

Collecting data from a private LoRaWAN sensor network into Elastic

May 20th, 2016 by

Introduction to LoRaWAN and ELK

Why LoRaWAN, and what makes it different from other types of low power consumption, high range wireless protocols like ZigBee, Z-Wave, etc … ?

LoRa is a wireless modulation for long-range, low-power, low-data-rate applications developed by Semtech. The main features of this technology are the big amount of devices that can connect to one network and the relatively big range that can be covered with one LoRa router. One gateway can coordinate around 20’000 nodes in a range of 10–30km. It’s a very flexible protocol and allows the developers build various types of network architectures according to the demand of the client. The general description of the LoRaWAN protocol together with a small tutorial are available in my previous post.

What is the ELK stack, and why use it with LoRaWAN?

In the figure above, you can see a simplified model of what a typical LoRaWAN network looks like.
As you can see, the data from the LoRa endpoints, has to go through several devices before it reaches the back end application. Nowadays there are a lot of tools that would allow us to gather and manipulate the data. A very good solution is the ELK stack which consists of Elasticsearch, Logstash and Kibana; these three tools allow to gather, store and analyze big amounts of data. More information and details can be found on the official website:

Read the rest of this entry »

From The Trenches: LoRa, LoRaWAN tutorial with the LoRaBee

March 4th, 2016 by

Once in a while you stumble across an interesting technology which is an enabler of new solutions, and new business cases. At Trifork Eindhoven we believe LoRa / LoRaWan might be such a technology. We are currently working on several Internet of Things solutions which could directly benefit from long distance communication, with a low energy footprint.

In this document I will describe the things that I learnt while working with the LoRaBee development kit. I will also provide some basic tutorials on how to set it up, how to start a connection and how to connect it with different platforms.
The hardware that I am using:

  • SODAQ Mbili with Atmel 1284p Microcontroller x 2
  • SODAQ LoRaBee which contains the Microchip RN2483 Module x 2
  • A set of peripherals for data acquisition ( sensors, buttons, LEDs, serial interfaces… )

Quick intro into LoRa

According to Wikipedia:

LoRaWAN (Long Range Wide Area Network) is a low power wireless networking protocol designed for low-cost secure two-way communication in the Internet of Things (IoT). LoRaWANs use of sub-GHz ISM bands also means the network can penetrate the core of large structures and subsurface deployments within a range of 2 km.[1]

The technology utilized in a LoRaWAN network is designed to connect low-cost, battery-operated sensors over long distances in harsh environments that were previously too challenging or cost prohibitive to connect. With its penetration capability, a LoRa gateway deployed on a building or tower can connect to sensors more than 10 miles away or to water meters deployed underground or in basements. The LoRaWAN protocol offers unique and unequaled benefits in terms of bi-directionality, security, mobility and accurate localization that are not addressed by other LPWAN technologies. These benefits will enable the diverse use cases and business models in deployments of LPWAN IoT networks globally.”

In the following picture, you can see the typical LoRaWAN network:

As you can see, all three classes are required for a fully working LoRaWAN network. In the tutorial, we used two LoRa end node devices for a P2P communication; however that is a simple radio transmit/receive between the LoRa modules and not the LoRaWAN protocol.

Read the rest of this entry »

Spring-AMQP and payload validation: some notes from the trenches

February 29th, 2016 by

It’s been a while since I’ve written one of our from-the-trenches blogs: that’s mostly because I’ve been very busy in those trenches developing systems for our customers.

This week I completed a Spring Boot-based microservice which is responsible for interacting with some 3rd party SOAP service: its own clients communicate with it by sending request message over RabbitMQ, and the service then sends back a response to a response queue after handling the SOAP response message.

Of course I used Spring-AMQP to build this service. Spring-AMQP supports a nice annotation-based listener programming model, based on Spring’s generic Message support.
That allows writing listener methods like this:

@RabbitListener(queues = REQUEST_QUEUE) 
public DeclarationResponse submitDeclaration(DeclarationRequest request) { 
  // handle the request and return a response 

The request parameter here is the result of converting the incoming AMQP message using a Spring-AMQP MessageConverter, after which it is considered to be the payload of the message (even when headers are used in the conversion as well).

The request messages that the clients send have some required fields: without those fields, the service can’t make the SOAP calls. While reading the RabbitListener JavaDoc I noticed that Spring-AMQP allows you to apply validation to message payload parameters by annotating it. When using this, you also have to add the @Payload annotation (which is optional without validation if your method doesn’t have any other arguments), so the result looks like this:

@RabbitListener(queues = REQUEST_QUEUE)
public DeclarationResponse submitDeclaration(@Valid @Payload DeclarationRequest request) { … }

By the way, Spring’s own @Validated (even as a meta-annotation) and in fact every annotation whose name starts with “Valid” are supported for this purpose as well.

Now we can add some JSR-303 Bean Validation annotations to the fields in our DeclarationRequest, like @NotNull, to express our validation constraints.

Read the rest of this entry »

City-wide crowd management in Amsterdam

November 10th, 2015 by

As most residents and visitors of Amsterdam know, every year more people are visiting Amsterdam, city wide events like GayPride, Koningsdag and MuseumNacht are getting bigger and more frequent, putting more strain on the city’s infrastructure and all people living in the city center.

That’s why this November 7th, Amsterdam Marketing organized the Museumn8 hackathon to allow developers to come up with creative and innovative solutions for improving improving mobility, navigation and crowd management in the city. Twenty teams eventually participated.

Trifork (Rienk Prinsen, Marleine van Kampen, Marijn van Zelst) and weCity (David Kat, Luc Deliance) teamed up and joined the hackathon to give their take on solving this problem. Their solution:


By transforming the advertisement billboards of JCDecaux into large information screens displaying real-time information, visitors can get informed about activities and interesting places in the vicinity of the billboard. They receive live crowd information, travel times to and queue lengths at museums and even recommendations where to go next. Read the rest of this entry »

Large organizations are just not set up to be agile

September 21st, 2015 by

There is something going wrong in the organization I am currently part of an onsite project, yet I can’t get my head around the specifics.

This very large governmental organization is growing agile initiatives all over the IT department. Development teams are having fun talking to their customers and are trying to create the best solutions to the needs of their stakeholders, yet everything agile about Agile halts when a shippable increment is ready to begin its journey through the rest of the organization.

A few weeks back I received an email from the team that is tasked with the becoming agile of our organization, asking me to fill out a form so I could show how SCRUM we were. I know it was meant to let us see for ourselves how agile we were, but to me it felt as if we were proving our agility through a checklist.

I know I checked every box there was, so according to the person sending it we were 100% Scrum. I just knew we weren’t agile, so there must be a flaw in checking of the Scrum checklist to see if you are agile.

Read the rest of this entry »

A wrinkle in time

June 30th, 2015 by

Leap second

I clearly remember the morning of Sunday July 1, 2012, almost three years ago. I was at church, actually, when I got a call from one of our clients: “The website doesn’t seem to be working.” All I could check at that point was that, indeed, the website was not responding. So I called our sysadmin, who found that even SSH-ing into the machine running the site was taking much longer than usual. Finally, restarting everything solved the problem, but we were still unsure about what had happened.

As we found out later, it was related to the leap second, a phenomenon I had not even heard of until then. Read the rest of this entry »

Axon from the trenches: how to keep your code compatible with legacy events and Sagas

June 8th, 2015 by

Imagine you’re using Axon to run an event sourcing application. Your production event store might contain millions of events, created in various versions of the application. Wouldn’t it be nice to know for sure that the latest version of your application plays nicely with all your production events and Sagas, including those from previous versions? Well, you can check for that, and it is fairly easy. Read the rest of this entry »

Documenting your REST APIs

May 8th, 2015 by

Whenever you deliver some API that is to be consumed by another party, you will get the inevitable question of providing documentation. Probably every developer’s least favorite task.

In Java there is javadoc, but that doesn’t cut it if you are delivering a Web Service API. In that realm we already know WSDL for SOAP based Web Services. Then again, every developer seems to prefer REST based Web Services these days and those are not WSDL based… So what then? That is a question with multiple answers. In the last few years there have been three different open-source projects that have tried to give an answer to this: swagger, RAML and API BluePrint. Of those Swagger has been around the longest and arguably gained the largest following.

Based on the completely subjective criteria ‘it needs to support Java’, ‘what about Spring MVC?’ and ‘can you deliver it to the customer by Monday?’ I decided to take a stab at documenting an existing API using Swagger. It is written in something that can run on a JVM, has Spring MVC support (via third party libraries) and seemed to be the easiest to set up based on their examples and various other online resources.

Read the rest of this entry »