splunk_logo.png
confluent_logo-denim.png
elastic_logo.jpg

Seynur Bilgi Teknolojileri A.Ş.

Esentepe Mah. Büyükdere Cad. No:199/6 Levent Şişli İstanbul

+90 212 403 9563 | info@seynur.com

© 2020 Seynur. 

  • Grey Twitter Icon
  • Grey LinkedIn Icon

Elasticsearch Cheat Sheet

The purpose of this cheat sheet is to provide generic commands for Elasticsearch operations. Elasticsearch APIs provide extensive details and functionality. For API details and full set of commands please refer to Elasticsearch Reference.



Indexes

# Create a new index named test_index with all the default settings

PUT test_index


# Get the index settings

GET test_index/_settings


# Change the number of replicas and shards. Defaults are 1 and 5 respectively.

PUT logs/_settings

{

"number_of_replicas": 2

"number_of_shards": 3

}


# Create an alias for logs called current_logs.

POST _aliases

{

"actions": [

{

"add": {

"index": "logs",

"alias": "current_logs"

}

}

]

}


# Create an index template named logs_template that gets applied to any index whose name starts with logs-

PUT _template/logs_template

{

"index_patterns": ["logs-*"],

"order" : 10,

"settings": {

"number_of_shards": 2,

"number_of_replicas": 1


# Delete the logs index.

DELETE logs

Mapping and Analysis

# GET the _mappings of my_test to view the data types

GET my_test/_mappings


# Create an index with a first field under the name Object datatype field, and a user_id field.

PUT my_index { "mappings": { "_doc": { "properties": { "name": { "properties": { "first": { "type": "text" } } }, "user_id": { "type": "keyword" } } } } }


Index Management

# Using the Reindex API, copy the documents from my_tweets to new_tweets.

POST _reindex

{

"source" : {

"index" : "my_tweets"

},

"dest" : {

"index" : "new_tweets"

}

}


# Close the my_tweets index.

POST my_tweets/_close


# Open the my_tweets index.

POST my_tweets/_open


Cluster Management

# Configure shard allocation awareness

PUT _cluster/settings

{

"persistent": {

"cluster": {

"routing": {

"allocation.awareness.attributes": "zone",

"allocation.awareness.force.zone.values": "zoneA,zoneB"

}

}

}

}


# View the routing table of test_1.

GET _cluster/state/routing_table/test_1


# Get node attributes

GET _cat/nodeattrs


# Get cluster settings

GET _cluster/settings


# View allocation settings

GET _cat/allocation


Capacity Planning

# Define an alias named logs-write for the logs-2018-09-04 index.

POST _aliases

{

"actions": [

{

"add": {

"index": "logs-2018-09-04",

"alias": "logs-write"

}

}

]

}


# In a single request, remove the alias of logs-write to the new date

POST _aliases

{

"actions": [

{

"add": {

"index": "logs-2018-09-05",

"alias": "logs-write"

}

},

{

"remove": {

"index": "logs-2018-09-04",

"alias" : "logs-write"

}

}

]

}


# You can simply index new log events to logs-write because of our use of aliases.

PUT logs-write/doc/_bulk

...


#elastic #elasticsearch #seynur #cheatsheet