Elasticsearch - mwicat/personal GitHub Wiki

• https://www.elastic.co/blog/why-am-i-seeing-bulk-rejections-in-my-elasticsearch-cluster
• https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster

Show cluster health in kibana

• https://kibana/app/monitoring#/elasticsearch

Update document

echo '{"index.blocks.read_only_allow_delete": false}' | http -a 'username:password' PUT 'http://localhost:9200/_all/_settings'

Cluster health

curl http://localhost:9200/_cluster/health/

Show unassigned indices

curl http://localhost:9200/_cat/shards?h=index,shard,prirep,state,unassigned.reason | grep UNASSIGNED

Get index list

curl 'http://localhost:9200/_cat/indices?v'

Get index mapping

curl 'http://localhost:9200/logstash-*/_mapping'

Get one document

curl 'http://localhost:9200/yourindex/_search?size=1&pretty=1'

Insert document

curl -XPUT 'localhost:9200/twitter/_doc/1?pretty' -H 'Content-Type: application/json' -d'
{
    "user" : "kimchy",
    "post_date" : "2009-11-15T14:12:12",
    "message" : "trying out Elasticsearch"
}
'

Filter AND with count

{
  "track_scores": true,
  "sort": [
    {
      "@timestamp": "desc"
    }
  ],
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "request": "value1"
          }
        },
        {
          "term": {
            "request": "value2"
          }
        },
        {
          "term": {
            "request": "value3"
          }
        }
      ]
    }
  }
}

Python

sudo pip install elasticsearch elasticsearch-dsl

from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search


server = 'localhost:9020'
auth = 'user', 'pass'
index = 'index'
timespan = '1h'
limit = 100

es = Elasticsearch(server, http_auth=auth, timeout=60)
search = Search(using=es, index=index)

s = search.query('range', **{'@timestamp': {'gt': 'now-%s' % timespan}})
s = s[:limit]
results = [x._d_ for x in s]