Elasticsearch: Difference between revisions

From Halfface
Jump to navigationJump to search
← Older editNewer edit →
No edit summary
Line 21: Line 21:


=Stats of elasticsearch=
=Stats of elasticsearch=
curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"
<pre>
curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"
</pre>
=Who is master=
=Who is master=
curl -n -sk -X GET "https://localhost:9200/_cat/master?v"
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/master?v"
</pre>
=Are we recovering=
=Are we recovering=
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"
</pre>
=List indicies by size=
=List indicies by size=
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
</pre>
=View 5 log entries from biggest indicie=  
=View 5 log entries from biggest indicie=  
curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"
<pre>
 
curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"
</pre>
=Search for a string of a log entry in the biggest indicie.=
=Search for a string of a log entry in the biggest indicie.=
curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
<pre>
  "query": {
curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
    "match": {
  "query": {
      "message": "<string>"
    "match": {
    }
      "message": "<string>"
  }
    }
}' | jq -r .hits.hits[]._source.message
  }
}' | jq -r .hits.hits[]._source.message
</pre>
=list snapshot setup=
=list snapshot setup=
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
</pre>

Revision as of 09:13, 10 September 2025

what does it mean

cdm                 Continuous Diagnostics Mitigation
cdm                 client data master

Add password to .netrc and use curl -n to use creds

~/.netrc 
machine localhost
login <username>
password <password>

count entries in indicies

GET /<indicie>/_count

get latest content from indicies.

GET /<indicie>/_search
{
  "size": 1,
  "sort": [
    { "@timestamp": { "order": "desc" } }
  ]
}

Stats of elasticsearch

curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"

Who is master

curl -n -sk -X GET "https://localhost:9200/_cat/master?v"

Are we recovering

curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"

List indicies by size

curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"

View 5 log entries from biggest indicie

curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"

Search for a string of a log entry in the biggest indicie.

curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
  "query": {
    "match": {
      "message": "<string>"
    }
  }
}' | jq -r .hits.hits[]._source.message

list snapshot setup

curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
Retrieved from "https://halfface.se/wiki/index.php?title=Elasticsearch&oldid=16271"