Elasticsearch: Difference between revisions
From Halfface
Jump to navigationJump to search
| (7 intermediate revisions by the same user not shown) | |||
| Line 53: | Line 53: | ||
=list snapshot setup= | =list snapshot setup= | ||
<pre> | <pre> | ||
curl -n -sk -X GET "https://localhost:9200/_cat/ | curl -n -sk -X GET "https://localhost:9200/_snapshot?pretty" | ||
</pre> | |||
=Look at snapshots= | |||
<pre> | |||
curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/_all?pretty" | jq -r '.snapshots | sort_by(.end_time)[] | .snapshot' | |||
</pre> | |||
=List indices inside snapshot= | |||
<pre> | |||
curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/daily-snapshots-2025.09.10-ctbhwxs5r4yl4okmthrilq?pretty" | jq -r '.snapshots[].indices | sort[]' | |||
</pre> | |||
=restore index= | |||
<pre> | |||
curl -n -sk -X POST "https://localhost:9200/_snapshot/elastic_snapshots_repo/<snapshot_name>/_restore" -H 'Content-Type: application/json' -d '{ | |||
"indices": "<index_to_restore>", | |||
"ignore_unavailable": true, | |||
"include_global_state": false | |||
}' | |||
</pre> | |||
=look at status of recover= | |||
<pre> | |||
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?v&h=index,shard,stage,source_host,target_host,total,recovered,percent,recovery_type&bytes=b" | |||
</pre> | </pre> | ||
=Remove all indices= | =Remove all indices= | ||
Latest revision as of 13:12, 10 September 2025
what does it mean
cdm Continuous Diagnostics Mitigation cdm client data master
Add password to .netrc and use curl -n to use creds
~/.netrc machine localhost login <username> password <password>
count entries in index
GET /<indicie>/_count
get latest content from indicies.
curl -n -sk -X GET "https://localhost:9200/<index>/_search" -H 'Content-Type: application/json' -d '{
"size": 1,
"sort": [
{ "@timestamp": { "order": "desc" } }
]
}'
Stats of elasticsearch
curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"
Who is master
curl -n -sk -X GET "https://localhost:9200/_cat/master?v"
Are we recovering
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"
List indicies by size
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
View 5 log entries from biggest indicie
curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"
Search for a string of a log entry in the biggest indicie.
curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
"query": {
"match": {
"message": "<string>"
}
}
}' | jq -r .hits.hits[]._source.message
list snapshot setup
curl -n -sk -X GET "https://localhost:9200/_snapshot?pretty"
Look at snapshots
curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/_all?pretty" | jq -r '.snapshots | sort_by(.end_time)[] | .snapshot'
List indices inside snapshot
curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/daily-snapshots-2025.09.10-ctbhwxs5r4yl4okmthrilq?pretty" | jq -r '.snapshots[].indices | sort[]'
restore index
curl -n -sk -X POST "https://localhost:9200/_snapshot/elastic_snapshots_repo/<snapshot_name>/_restore" -H 'Content-Type: application/json' -d '{
"indices": "<index_to_restore>",
"ignore_unavailable": true,
"include_global_state": false
}'
look at status of recover
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?v&h=index,shard,stage,source_host,target_host,total,recovered,percent,recovery_type&bytes=b"
Remove all indices
curl -n -sk -X GET "https://localhost:9200/_cat/indices?h=index&s=store.size:desc" | while read INDEX ; do echo '*' "${INDEX}" ; echo curl -n -sk -X DELETE "https://localhost:9200/${INDEX}" ; done
