Elasticsearch
From Halfface
what does it mean
cdm Continuous Diagnostics Mitigation cdm client data master
Add password to .netrc and use curl -n to use creds
~/.netrc machine localhost login <username> password <password>
count entries in index
GET /<indicie>/_count
get latest content from indicies.
curl -n -sk -X GET "https://localhost:9200/<index>/_search" -H 'Content-Type: application/json' -d '{
"size": 1,
"sort": [
{ "@timestamp": { "order": "desc" } }
]
}'
Stats of elasticsearch
curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"
Who is master
curl -n -sk -X GET "https://localhost:9200/_cat/master?v"
Are we recovering
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"
List indicies by size
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
View 5 log entries from biggest indicie
curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"
Search for a string of a log entry in the biggest indicie.
curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
"query": {
"match": {
"message": "<string>"
}
}
}' | jq -r .hits.hits[]._source.message
list snapshot setup
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
Remove all indices
curl -n -sk -X GET "https://localhost:9200/_cat/indices?h=index&s=store.size:desc" | while read INDEX ; do echo '*' "${INDEX}" ; echo curl -n -sk -X DELETE "https://localhost:9200/${INDEX}" ; done
