====== Elasticsearch ======
==== Quick Commands ====
== Check Cluster Health ==
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
== List all Indexes ==
curl http://localhost:9200/_cat/indices?v
== List all shards ==
curl -XGET 'http://localhost:9200/_cat/shards'
== Unassigned shard | timeout ==
**Try restarting**
curl -XPOST -k https://admin:@:9200/_cluster/reroute?retry_failed=true --CApath /etc/elasticsearch/root-ca-key.pem
**List indexes not assigned**
curl -k --CApath /etc/elasticsearch/root-ca-key.pem -XGET https://admin:@:9200/_cat/shards?h=index,shard,prirep,state,unassigned.reason | grep -i UNASSIGNED
**Detailed information on issue**
curl -k --CApath /etc/elasticsearch/root-ca-key.pem -XGET https://admin:@:9200/_cluster/allocation/explain?pretty
== Detailed Shard Information ==
curl -XGET 'http://localhost:9200/_cat/shards/filebeat?pretty=true'
== Delete indexes ==
curl -XDELETE 'http://localhost:9200/*.reindex'
== Disk usage issue ==
When free disk space fall cluster fails.
curl -H 'Content-Type: application/json' -X PUT -d '{
"transient": {
"cluster.routing.allocation.disk.watermark.low": "89%",
"cluster.routing.allocation.disk.watermark.high": "94%",
"cluster.info.update.interval": "1m"
}
}' http://localhost:9200/_cluster/settings
==== Templates ====
=== Filebeat Template apache2 module ===
{
"template": "filebeat-*",
"version": 50001,
"settings": {
"index.refresh_interval": "5s",
"number_of_replicas": 0
},
"mappings": {
"_default_": {
"dynamic_templates": [
{
"message_field": {
"path_match": "message",
"match_mapping_type": "string",
"mapping": {
"type": "text",
"norms": false
}
}
},
{
"string_fields": {
"match": "*",
"match_mapping_type": "string",
"mapping": {
"type": "text",
"norms": false,
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "keyword"
},
"beat.hostname": {
"type": "string",
"index": "not_analyzed",
"ignore_above": 1024
},
"geoip": {
"dynamic": true,
"properties": {
"ip": {
"type": "ip"
},
"location": {
"type": "geo_point"
},
"latitude": {
"type": "half_float"
},
"longitude": {
"type": "half_float"
}
}
}
}
}
}
}
==== Errors ====
== Error on content type header ==
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
In order to fix issue specify header with your curl XPUT.
[[https://www.elastic.co/blog/strict-content-type-checking-for-elasticsearch-rest-requests|Original Post]]
curl -XPUT 'localhost:9200/_settings' -H 'Content-Type: application/json' -d '
{
"index" : {
"number_of_replicas" : 0
}
}'
==== Rolling Upgrade ====
:!: This should work on elastic.co but my steps are mainly taken from the Opendistro.
=== Set the cluster in upgrade mode ===
curl -k -XPOST https://admin:@:9200/_ml/set_upgrade_mode?enabled=true
=== Disable sharding ===
curl -k -H 'Content-Type: application/json' -XPUT -d '{
"persistent": {
"cluster.routing.allocation.enable": "primaries"
}
}' https://admin:@:9200/_cluster/settings --CApath /etc/elasticsearch/root-ca-key.pem
=== Flush / Sync data on all host in cluster ===
curl -k -XPOST https://admin:@:9200/_flush/synced --CApath /etc/elasticsearch/root-ca-key.pem
=== Stop / Upgrade / start Services ===
systemctl stop kibana.service
systemctl stop elasticsearch.service
dnf install opendistroforelasticsearch-1.12.0 -y
dnf install opendistroforelasticsearch-kibana-1.12.0 -y
systemctl start elasticsearch.service
systemctl start kibana.service
=== Enable Sharding ===
curl -k -H 'Content-Type: application/json' -XPUT -d '{
"persistent": {
"cluster.routing.allocation.enable": "all"
}
}' https://admin:@:9200/_cluster/settings --CApath /etc/elasticsearch/root-ca-key.pem
==== Node Information ====
=== List all nodes and important information ===
:!:[[https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-nodes.html | Document Ref.]]
curl -XGET -k https://admin:@:9200/_cat/nodes?v=true\&h=id,ip,port,v,m,hp,l,r,j,fdc,fdm