Table of Contents
Elasticsearch
Quick Commands
Check Cluster Health
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
List all Indexes
curl http://localhost:9200/_cat/indices?v
List all shards
curl -XGET 'http://localhost:9200/_cat/shards'
Unassigned shard | timeout
Try restarting
curl -XPOST -k https://admin:<password>@<hostname>:9200/_cluster/reroute?retry_failed=true --CApath /etc/elasticsearch/root-ca-key.pem
List indexes not assigned
curl -k --CApath /etc/elasticsearch/root-ca-key.pem -XGET https://admin:<password>@<hostname>:9200/_cat/shards?h=index,shard,prirep,state,unassigned.reason | grep -i UNASSIGNED
Detailed information on issue
curl -k --CApath /etc/elasticsearch/root-ca-key.pem -XGET https://admin:<password>@<hostname>:9200/_cluster/allocation/explain?pretty
Detailed Shard Information
curl -XGET 'http://localhost:9200/_cat/shards/filebeat?pretty=true'
Delete indexes
curl -XDELETE 'http://localhost:9200/*.reindex'
Disk usage issue
When free disk space fall cluster fails.
curl -H 'Content-Type: application/json' -X PUT -d '{ "transient": { "cluster.routing.allocation.disk.watermark.low": "89%", "cluster.routing.allocation.disk.watermark.high": "94%", "cluster.info.update.interval": "1m" } }' http://localhost:9200/_cluster/settings
Templates
Filebeat Template apache2 module
{
"template": "filebeat-*",
"version": 50001,
"settings": {
"index.refresh_interval": "5s",
"number_of_replicas": 0
},
"mappings": {
"_default_": {
"dynamic_templates": [
{
"message_field": {
"path_match": "message",
"match_mapping_type": "string",
"mapping": {
"type": "text",
"norms": false
}
}
},
{
"string_fields": {
"match": "*",
"match_mapping_type": "string",
"mapping": {
"type": "text",
"norms": false,
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "keyword"
},
"beat.hostname": {
"type": "string",
"index": "not_analyzed",
"ignore_above": 1024
},
"geoip": {
"dynamic": true,
"properties": {
"ip": {
"type": "ip"
},
"location": {
"type": "geo_point"
},
"latitude": {
"type": "half_float"
},
"longitude": {
"type": "half_float"
}
}
}
}
}
}
}
Errors
Error on content type header
{"error":"Content-Type header [application/x-www-form-urlencoded] is not supported","status":406}
In order to fix issue specify header with your curl XPUT.
- | exmple
curl -XPUT 'localhost:9200/_settings' -H 'Content-Type: application/json' -d ' { "index" : { "number_of_replicas" : 0 } }'
Rolling Upgrade
This should work on elastic.co but my steps are mainly taken from the Opendistro.
Set the cluster in upgrade mode
curl -k -XPOST https://admin:<password>@<hostname>:9200/_ml/set_upgrade_mode?enabled=true
Disable sharding
curl -k -H 'Content-Type: application/json' -XPUT -d '{ "persistent": { "cluster.routing.allocation.enable": "primaries" } }' https://admin:<password>@<hostname>:9200/_cluster/settings --CApath /etc/elasticsearch/root-ca-key.pem
Flush / Sync data on all host in cluster
curl -k -XPOST https://admin:<password>@<hostname>:9200/_flush/synced --CApath /etc/elasticsearch/root-ca-key.pem
Stop / Upgrade / start Services
systemctl stop kibana.service systemctl stop elasticsearch.service dnf install opendistroforelasticsearch-1.12.0 -y dnf install opendistroforelasticsearch-kibana-1.12.0 -y systemctl start elasticsearch.service systemctl start kibana.service
Enable Sharding
curl -k -H 'Content-Type: application/json' -XPUT -d '{ "persistent": { "cluster.routing.allocation.enable": "all" } }' https://admin:<password>@<hostname>:9200/_cluster/settings --CApath /etc/elasticsearch/root-ca-key.pem
Node Information
List all nodes and important information
curl -XGET -k https://admin:<password>@<hostname>:9200/_cat/nodes?v=true\&h=id,ip,port,v,m,hp,l,r,j,fdc,fdm