Install Beat plugins

Install geoip and user-agent plugin in elasticsearch

sudo bin/elasticsearch-plugin install ingest-geoip sudo bin/elasticsearch-plugin install ingest-user-agent

=> restart elasticsearch

Manage the indices

Create an index

curl -XPUT 'localhost:9200/index_name?pretty&pretty'

List the indexes

curl -XGET 'localhost:9200/_cat/indices?v&pretty'

Delete an index

curl -XDELETE 'localhost:9200/index_name?pretty&pretty'

Delete an index with brackets in the index name

curl -XDELETE -g 'localhost:9200/%25index_name}-2018.02.01?pretty&pretty'

Set the indices back to RW

Elasticsearch is switching to read-only if it cannot index more documents because your hard drive is full. With this it ensures availability for read-only queries. Elasticsearch will not switch back automatically

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'