Sign in Subscribe
By Shivam Anand

ElasticSearch, Kibana & OpenSearch Cheat Sheet

ElasticSearch, Kibana & OpenSearch Cheat Sheet

First Set ELASTICSEARCH URL

ELASTICSEARCH_URL="<cluster url with protocol and optinally port number>"

Elastic Search Administration

Get the health of the cluster

GET /_cluster/health

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/health?pretty"

Get cluster stats

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/stats?pretty&human=true"

GET /_cluster/stats?human=true

Get the cluster state

GET /_cluster/state

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/state?pretty"

Cluster Information

GET /

curl -s -XGET $ELASTICSEARCH_URL

Get Size of all indices

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/stats?pretty&human=true" | jq -r '.indices.store.size'

Get Size of Elastic Search data on each node vs node size

GET /_cat/allocation?v

curl -s -XGET "$ELASTICSEARCH_URL/_cat/allocation?v"

Get Node information

GET /_cat/nodes?v

curl -s -XGET "$ELASTICSEARCH_URL/_cat/nodes?v"

Get Thread Pool

GET /_cat/thread_pool?v&s=active:desc

curl -s -XGET "$ELASTICSEARCH_URL/_cat/thread_pool?v&s=active:desc"

Get total number of shards

GET _cluster/stats?filter_path=indices.shards.total

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/stats?filter_path=indices.shards.total&pretty"

curl -s -XGET "$ELASTICSEARCH_URL/_cat/shards" | wc -l

Get total number of indices

curl "$ELASTICSEARCH_URL/_cat/indices?h=index" | wc -l

Get List of Pending Tasks

GET /_cluster/pending_tasks

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/pending_tasks?pretty"

Get List of All mappings

GET /_mapping

curl -s -XGET "$ELASTICSEARCH_URL/_mapping?pretty"

Get all plugins

GET /_cat/plugins?v&s=component

curl -s -XGET "$ELASTICSEARCH_URL/_cat/plugins?v&s=component"

Total Free Space in the CLuster

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/stats?pretty&human=true" | jq -r '.nodes.fs.free'

Format Elastic Search Output; Examples

GET /_cluster/health?format=yaml

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/health?format=yaml"

GET /_cluster/health?format=csv

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/health?format=csv"

GET /_cluster/health?format=txt

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/health?format=txt"

GET /_cluster/health?format=json

curl -s -XGET "$ELASTICSEARCH_URL/_cluster/health?format=json&pretty"

Elastic Search DataBase Operations

Set Index Name

INDEX_NAME="<index name>"

Create an index (default)

PUT /<index-name>

curl -X PUT "$ELASTICSEARCH_URL/$INDEX_NAME"

Create an index with mappings and settings

PUT /index-name
{
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 1
  },
  "mappings": {
    "properties": {
      "name": {
        "type": "text"
      },
      "price": {
        "type": "integer"
      }
    }
  }
}

curl -X PUT "$ELASTICSEARCH_URL/$INDEX_NAME" -H "Content-Type: application/json" -d '{
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 1
  },
  "mappings": {
    "properties": {
      "name": {
        "type": "text"
      },
      "price": {
        "type": "integer"
      }
    }
  }
}'

Add a document

POST /<index-name>/_doc
{
  "name": "Shivam",
  "age": 24
}

curl -X POST "$ELASTICSEARCH_URL/$INDEX_NAME/_doc" -H "Content-Type: application/json" -d '{
  "name": "Shivam",
  "age": 24
}'

Get index mappings and settings

GET /<index-name>

curl -s -XGET "$ELASTICSEARCH_URL/$INDEX_NAME?pretty"

Empty an index

POST /<index-name>/_delete_by_query?q=*

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_delete_by_query?q=*"

Delete an index

DELETE /<index-name>

curl -X DELETE "$ELASTICSEARCH_URL/$INDEX_NAME"

List All Indices (Most useful), Sort by descending order of size, show header and important columns only

GET /_cat/indices?v&s=store.size:desc&h=index,pri,rep,docs.count,docs.deleted,store.size,pri.store.size

curl -s -XGET "$ELASTICSEARCH_URL/_cat/indices?v&s=store.size:desc&h=index,pri,rep,docs.count,docs.deleted,store.size,pri.store.size"

List All Indices with metadata

GET /_cat/indices?v

curl -s -XGET "$ELASTICSEARCH_URL/_cat/indices?v"

Get All Indices list only

GET /_cat/indices?h=index

curl -s -XGET $ELASTICSEARCH_URL/_cat/indices?h=index

Get All Indices sorted in descending order of size

GET /_cat/indices?v&s=store.size:desc

curl -s -XGET "$ELASTICSEARCH_URL/_cat/indices?v&s=store.size:desc"

Get List of All aliases , Sort by index name

GET /_cat/aliases?v&s=index

curl -s -XGET "$ELASTICSEARCH_URL/_cat/aliases?v&s=index"

Get List of All aliases

GET /_cat/aliases?v

curl -s -XGET "$ELASTICSEARCH_URL/_cat/aliases?v"

Get all data inside the index

GET /<index-name>/_search?pretty
{
  "query": {
    "match_all": {}
  }
}

curl -s -XGET "$ELASTICSEARCH_URL/$INDEX_NAME/_search?pretty" -H 'Content-Type: application/json' -d'
{
    "query": {
        "match_all": {}
    }
}'

Update an entire doc by it ID

PUT /<index-name>/_doc/<doc-id>
{
  "name": "Anand",
  "age": 25
}

curl -X PUT "$ELASTICSEARCH_URL/$INDEX_NAME/_doc/$DOC_ID" -H "Content-Type: application/json" -d '{
  "name": "Anand",
  "age": 25
}'

Update a specific field document in an index by its id

POST /<index-name>/_update/<doc-id>
{
  "doc": {
    "age": 99
  }
}

DOC_ID="<Get document id>"
curl -X POST "$ELASTICSEARCH_URL/$INDEX_NAME/_update/$DOC_ID" -H "Content-Type: application/json" -d '{
  "doc": {
    "age": 99
  }
}'

Update all document in an index by script

POST /<index-name>/_update_by_query
{
  "script": {
    "source": "ctx._source.age += params.count",
    "lang": "painless",
    "params": {
      "count": 10
    }
  }
}

curl -X POST "$ELASTICSEARCH_URL/$INDEX_NAME/_update_by_query" -H 'Content-Type: application/json' -d'
{
  "script" : {
    "source": "ctx._source.age += params.count",
    "lang": "painless",
    "params" : {
      "count" : 10
    }
  }
}'

Bulk Operation using bulk API

POST /<index-name>/_update_by_query
{
  "script": {
    "source": "ctx._source.age += params.count",
    "lang": "painless",
    "params": {
      "count": 10
    }
  }
}

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_bulk?pretty" -H "Content-Type: application/json" -d '
{"index":{"_id":"1"}
{"name": "Ramu","age": 45}
{"index":{"_id":"2"}
{"name": "Lemon","age": 1}
{"delete":{"_id":"1"}}
{"update":{"_id":"2"}}
{"doc":{"name":"Orange"}}
'

Get document count in an index

GET /<index-name>/_count

curl -s -XGET "$ELASTICSEARCH_URL/$INDEX_NAME/_count?pretty"

Make an index read-only

Block write to the source index / make the index read only

PUT /<index-name>/_settings?pretty
{
  "index.blocks.write": true
}

curl -X PUT "$ELASTICSEARCH_URL/$INDEX_NAME/_settings?pretty" -H 'Content-Type: application/json' -d '
{
   "index.blocks.write": true
}'

Verify write is blocked

GET /<index-name>/_settings

curl -s -XGET "$ELASTICSEARCH_URL/$INDEX_NAME/_settings?pretty"

Undo block write / Undo read-only mode

PUT /<source-index>/_settings
{
  "index.blocks.write": false
}

curl -X PUT "$ELASTICSEARCH_URL/$SOURCE_INDEX/_settings" -H 'Content-Type: application/json' -d '
{
   "index.blocks.write": false
}'

Backup an index

SOURCE_INDEX="<copy from index>"

DESTINATION_INDEX="<copy to index>"

Mandatory step to block write to the source index / make the index read only

PUT /<source-index>/_settings?pretty
{
  "index.blocks.write": true
}

curl -X PUT "$ELASTICSEARCH_URL/$SOURCE_INDEX/_settings?pretty" -H 'Content-Type: application/json' -d '
{
   "index.blocks.write": true
}'

Verify write is blocked

GET /<source-index>/_settings

curl -s -XGET "$ELASTICSEARCH_URL/$SOURCE_INDEX/_settings?pretty"

Copy data from source to destination

POST /<source-index>/_clone/<destination-index>?pretty

curl -XPOST "$ELASTICSEARCH_URL/$SOURCE_INDEX/_clone/$DESTINATION_INDEX?pretty"

Verify data is copied to destination

POST /<index-name>/_search?pretty
{
  "query": {
    "match_all": {}
  }
}

curl -s -XGET "$ELASTICSEARCH_URL/$DESTINATION_INDEX/_search?pretty" -H 'Content-Type: application/json' -d'
{
    "query": {
        "match_all": {}
    }
}'

Undo block write / Undo read-only mode

PUT /<source-index>/_settings
{
  "index.blocks.write": false
}

curl -X PUT "$ELASTICSEARCH_URL/$SOURCE_INDEX/_settings" -H 'Content-Type: application/json' -d '
{
   "index.blocks.write": false
}'

Open and close indexes to save memory and CPU

close: A closed index is essentially frozen. Search and write operations are blocked.

POST /<index-name>/_close

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_close"

open: An open index is available for search and write operations. This is the typical state for an index you're actively using for data storage and retrieval.

POST /<index-name>/_open

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_open"

Get Index Stats

GET /<index-name>/_stats

curl -s -XGET "$ELASTICSEARCH_URL/$INDEX_NAME/_stats?pretty"

Get Index Segments Information

GET /<index-name>/_segments

curl -s -XGET "$ELASTICSEARCH_URL/$INDEX_NAME/_segments?pretty"

Get Index Recovery Status (Human Readable)

GET /<index-name>/_recovery&human

curl -s -XGET "$ELASTICSEARCH_URL/$INDEX_NAME/_recovery?pretty&human"

Clear Index Cache

POST /<index-name>/_cache/clear

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_cache/clear"

Refresh Index

POST /<index-name>/_refresh

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_refresh"

Flush Index

POST /<index-name>/_flush

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_flush"

Force Merge Index Segments

POST /<index-name>/_forcemerge

curl -XPOST "$ELASTICSEARCH_URL/$INDEX_NAME/_forcemerge"
Previous

Docker Cheat Sheet

 Next

gcloud cheat sheet
Shivam Anand