what does it mean

cdm                 Continuous Diagnostics Mitigation
cdm                 client data master

Add password to .netrc and use curl -n to use creds

~/.netrc 
machine localhost
login <username>
password <password>

count entries in index

GET /<indicie>/_count

get latest content from indicies.

curl -n -sk -X GET "https://localhost:9200/<index>/_search" -H 'Content-Type: application/json' -d '{
  "size": 1,
  "sort": [
    { "@timestamp": { "order": "desc" } }
  ]
}'

Stats of elasticsearch

curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"

Who is master

curl -n -sk -X GET "https://localhost:9200/_cat/master?v"

Are we recovering

curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"

List indicies by size

curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"

View 5 log entries from biggest indicie

curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"

Search for a string of a log entry in the biggest indicie.

curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
  "query": {
    "match": {
      "message": "<string>"
    }
  }
}' | jq -r .hits.hits[]._source.message

list snapshot setup

curl -n -sk -X GET "https://localhost:9200/_snapshot?pretty"

Look at snapshots

curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/_all?pretty" | jq -r '.snapshots | sort_by(.end_time)[] | .snapshot'

List indices inside snapshot

curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/daily-snapshots-2025.09.10-ctbhwxs5r4yl4okmthrilq?pretty" | jq -r '.snapshots[].indices | sort[]'

Remove all indices

curl -n -sk -X GET "https://localhost:9200/_cat/indices?h=index&s=store.size:desc" | while read INDEX ; do echo '*' "${INDEX}" ; echo curl -n -sk -X DELETE "https://localhost:9200/${INDEX}" ; done