Blog

Tracks Inspector adds big data search

shutterstock_115589506_webUnleash the power of Elasticsearch with Tracks Inspector

Tracks Inspector version 3.0 will include Elasticsearch to deliver full-text as well as facetted search across evidence units in a single case and even across multiple cases. Expert users can use the search index to run advanced Boolean and proximity queries.

Elasticsearch is one of the most popular big data search engines today providing state-of-the-art full-text search capabilities. The high-performance computing architecture of Elasticsearch fits seamlessly in the distributed server architecture of Tracks Inspector.

Benefits

The powerful but complex interface of Elasticsearch is simplified by Tracks Inspector’s intuitive user interface. Case-wide search will be faster and facetted search which is already available within evidence units will also be available across multiple file types and evidence units.

A system-wide search option will offer a super-search function enabling privileged users to search across all cases in a Tracks Inspector installation. This will enable them to correlate known entities across different cases, e.g. for linking known offenders and victims to new cases.

Expert users and developers will be able to use a developer-friendly query API, that supports multilingual search, geolocation, contextual did-you-mean suggestions, autocomplete, and result snippets. Kibana (see below) provides a free analytics and search dashboard for Elasticsearch.

How?

Tracks Inspector processes evidence and stores results in a database that has been designed for scalability, speed and robustness. Textual information in the database is indexed by an Elasticsearch process that operates independently from other Tracks Inspector processes.

The distributed server back end of Tracks Inspector is an ideal platform for running the Elasticsearch platform. The communication framework of Elasticsearch fits naturally in Tracks Inspector. Inserting data in the search index and handling queries is very similar to the existing processes.

Upgrading

Upgrading to version 3.0 will be completely automatic. The Elasticsearch indexes can be built on a case by case basis via the case management administrator web interface. Building the indexes is extremely fast and no reprocessing of evidence units is required.

Further reading