Skip to content

Instantly share code, notes, and snippets.

@AmirHo3ein13

AmirHo3ein13/Elasticsearch Cheat Sheet.md

Last active March 12, 2021 03:42
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AmirHo3ein13/6b08f3abb01cb2066bc71b8613cecea6 to your computer and use it in GitHub Desktop.
Save AmirHo3ein13/6b08f3abb01cb2066bc71b8613cecea6 to your computer and use it in GitHub Desktop.
Download ZIP
simple cheat sheet for Elasticsearch
Raw
Elasticsearch Cheat Sheet.md

Elasticsearch Cheat-sheet

Links

Cluster

Get cluster stats

GET /_stats

Cluster health

GET _cluster/health

Reroute if having unassigned shards

POST /_cluster/reroute?retry_failed=true

Get state of nodes

GET _cluster/state/nodes

Nodes

Get node (Example)

GET _nodes/AhQaPsVeRx6rKivkJI1Jsg

Get nodes usage

GET _nodes/usage

Indices

Get indices status

GET _cat/indices?v

Create index

PUT my_index
{
  "mappings": {
    "my_doc": {
      "properties": {
        "timestamp_field": {
          "type": "date",
          "fields": {
            "keyword": {
              "type": "keyword"
            }
          },
          "format": "yyyy-MM-dd HH:mm:ss"
        },
        "integer_field": {
          "type": "integer"
        },
        "ip_field": {
          "type": "ip"
        },
        "not_index_short_field": {
          "type": "short",
          "index": false
        },
        "single_analyzer_text_field": {
          "type": "text",
          "analyzer": "english",
          "fielddata": true
        },
        "multi_analyzer_text_field": {
          "type": "text",
          "fields": {
            "en": {
              "type": "text",
              "analyzer": "english"
            },
            "fa": {
              "type": "text",
              "analyzer": "persian"
            }
          }
        }
      }
    }
  }
}

Delete index

DELETE my_index

Change refresh interval of index

PUT my_index/_settings
{
  "index": {
    "refresh_interval": "10m"
  }
}

Stop refresh interval of index

PUT my_index/_settings
{
  "index": {
    "refresh_interval": "-1"
  }
}

Reset refresh interval of index to default

PUT my_index/_settings
{
  "index": {
    "refresh_interval": null
  }
}

Reindex from remote cluster with query and get id to check status and change format of time field

POST _reindex?wait_for_completion=false
{
  "source": {
    "remote": {
      "host": "http://another_cluster:9200"
    },
    "index": "source_index",
    "query": {
      "match": {
        "my_field": "some_value"
      }
    }
  },
  "dest": {
    "index": "destination_index",
    "op_type": "create"
  },
  "script": {
    "source": """
      SimpleDateFormat parser = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
      Date date = parser.parse(ctx._source['timestamp_field']);
      SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
      ctx._source['timestamp_field'] = formatter.format(date)
    """
  }
}

ignore read_only problem

PUT my_index/_settings
{
  "index": {
    "blocks": {
      "read_only_allow_delete": "false"
    }
  }
}

Change number of replicas

PUT my_index/_settings
{
  "number_of_replicas": 2
}

Index shards health

GET _cluster/health/my_index?level=shards

Reroute a shard into a node

POST _cluster/reroute
{
  "commands": [
    {
      "allocate_replica": {
        "index": "my_index",
        "shard": 3,
        "node": "my_data_node"
      }
    }
  ]
}

Get shards of index

GET _cat/shards/my_index?v

Get shards health of index

GET _cluster/health/my_index?level=shards

Open a closed index

POST my_index/_open

Docs

Get doc using id

GET my_index/my_doc/123

Put doc into index with specifying id

PUT myindex/my_doc/doc_id
{
  "my_field": "some_value"
}

Update docs (delete https from text)

POST my_index/my_doc/_update_by_query
{
  "script": {
    "lang": "painless",
    "inline": "ctx._source.f = ctx._source.f.replaceAll(/[https:]/, '')"
  }
}

Bulk index, create, delete, update (each line seperates with \r\n)

{ "index" : { "_index" : "my_index", "_type": "my_doc" } }
{ "field1" : "value1" }
{ "create" : { "_index" : "my_index", "_id" : "3", "_type": "my_doc" } }
{ "field1" : "value3" }
{ "update" : {"_index" : "my_index", "_id" : "1", } }
{ "doc" : {"field2" : "value2"} }
{ "delete" : { "_index" : "test", "_id" : "2", "_type": "my_doc" } }

Search

Get all docs

GET my_index/my_doc/_search
{
  "query": {
    "match_all": {}
  }
}

Match single field

GET my_ind/my_doc/_search
{
  "query": {
    "match": {
      "my_field": "some_value"
    }
  }
}

Range

GET my_ind/my_doc/_search
{
  "query": {
    "range": {
      "my_field": {
        "gte": 10,
        "lt": 20
      }
    }
  }
}

Multiple condition

GET my_index/my_doc/_search
{
  "query": {
    "bool": {
      "must": [
        {
          "match": {
            "FIELD": "TEXT"
          }
        },
        {
          "range": {
            "FIELD": {
              "gte": 10,
              "lte": 20
            }
          }
        }
      ], 
      "must_not": [
        {
          "match": {
            "FIELD": "TEXT"
          }
        }
      ],
      "should": [
        {
          "query_string": {
            "default_field": "FIELD",
            "query": "this AND that OR thus"
          }
        }
      ]
    }
  }
}

Distinct count of a filed in query

GET my_ind/my_doc/_search
{
  "aggs": {
    "distinct_count": {
      "cardinality": {
        "field": "my_field"
      }
    }
  },
  "query": {
    "match": {
      "my_field2": "some_value"
    }
  }
}

Group by a field

GET my_ind/my_doc/_search
{
  "aggs": {
    "group_by_sth": {
      "terms": {
        "field": "my_field",
        "size": 10
      }
    }
  },
  "query": {
    "match": {
      "my_field2": "some_value"
    }
  }
}

Group by day interval

GET my_ind/my_doc/_search
{
  "aggs": {
    "group_by_day": {
      "date_histogram": {
        "field": "time_field",
        "interval": "day"
      }
    }
  }
}

Tasks

Get reindex tasks status

GET _tasks?detailed=true&actions=*reindex

Get specific task status (example)

GET _tasks/j1URiuYiTY3kijMhXsJQcQ:128102

Get all tasks

GET .tasks/task/_search
{
  "query": {
    "match_all": {}
  }
}

Cancel a running task

POST _tasks/nuBvMsG6S_ibM42QPLhBOA:209/_cancel

Snapshots

Create s3 repo

PUT _snapshot/my_repo
{
  "type": "s3",
  "settings": {
    "bucket": "my_bucket_name"
  }
}

Snapshots status

GET _snapshot/my_repo/_all

Create new snapshot with name like snapshot-2019.01.24-13:45:12 (time is now)

PUT _snapshot/my_repo/%3Csnapshot-%7Bnow%2Fs%7Byyyy.MM.dd-HH%3Amm%3Ass%7D%7D%3E
{
  "indices": "my_index1,my_index2,my_index3"
}

Delete snapshot

DELETE _snapshot/my_repo/my_snapshot

Restore snapshot

POST /_snapshot/my_repo/my_snapshot/_restore
{
  "indices": "my_index1,my_index2",
  "ignore_unavailable": true,
  "include_global_state": true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment