Last active
January 14, 2021 22:34
-
-
Save Nick011/8b0b4368803edc4de8fa6543e225b631 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Version Info | |
| GET / | |
| ################ | |
| # Cluster info # | |
| ################ | |
| # General cluster health | |
| GET _cluster/health | |
| # Cluster settings — flat, not nested | |
| GET _cluster/settings?flat_settings=true& | |
| PUT _cluster/settings | |
| { | |
| "transient": { | |
| "cluster.routing.allocation.exclude._name" : "" | |
| } | |
| } | |
| # Cluster settings — flat, also with defaults | |
| GET _cluster/settings?include_defaults=true&flat_settings=true | |
| # | |
| GET _cluster/state | |
| # Index info | |
| GET 2018-08-23-alert-records,2018-08-23-dns-records,2018-08-23-fileinfo-records,2018-08-23-flow-records,2018-08-23-http-records,2018-08-23-log-records,2018-08-23-logalert-records,2018-08-23-smtp-records,2018-08-23-ssh-records,2018-08-23-stats-records,2018-08-23-tls-records/_settings?flat_settings=true&include_defaults=true | |
| GET _cat/indices?v&s=index | |
| GET 2019-02-19-7-sightings/_search | |
| GET _cat/fielddata?v&h=*&s=size:desc | |
| GET _stats/fielddata?fields=\*\?pretty | |
| # Shards | |
| GET _shard_stores | |
| # Templates | |
| GET _template | |
| GET _template/index_defaults | |
| GET _template/flow-template | |
| ############## | |
| # Catus Felis | |
| # General Params: | |
| # v (bool) - show col headers | |
| # h (csv) - cols to display | |
| # s (csv) - sort by cols | |
| # Tips | |
| # - ?h=* to see all columns | |
| # - ?s=field:desc to reverse sort | |
| GET _cat/aliases/2018-10-10-*?v | |
| GET _cat/allocation?v&s=node | |
| GET _cat/count?v | |
| GET _cat/fielddata?v&s=size:desc | |
| GET _cat/health?v | |
| GET _cat/indices?v&s=index:asc | |
| GET _cat/master?v | |
| GET _cat/nodeattrs?v | |
| GET _cat/nodes?v&s=name | |
| GET _cat/pending_tasks?v | |
| GET _cat/plugins?v | |
| GET _cat/recovery?v&s=source_node,index | |
| GET _cat/repositories?v | |
| GET _cat/thread_pool?v&s=queue:desc,active:desc,rejected:desc | |
| GET _cat/shards?v&s=index,node,prirep,shard | |
| GET _cat/segments?v | |
| GET _cat/snapshots?v | |
| GET _cat/tasks?v&s=running_time_ns:desc&h=action,task_id,parent_task_id,type,cancelable,start_time,timestamp,running_time,ip,node | |
| GET _tasks/7HvqNpDjQ7uK6qeLu1Ekog:665414311?pretty=true | |
| GET _cat/templates?v&s=name | |
| GET _tasks/GoV98RlJQLiI8Kogo0IAhw | |
| GET master-16-intel/_search | |
| POST master-8-intel/_search | |
| { | |
| "query": { | |
| "term": { "indicator.indicator_id": "EmergingThreats:Indicator-2001219" | |
| } | |
| } | |
| } | |
| ############################## | |
| # Catus Felis — with purpose | |
| # Show relocating shards | |
| GET _cat/shards?v&s=state:desc,node,index:desc,prirep,shard | |
| # Show newest and relocating shards per node | |
| GET _cat/shards?v&s=node,state,index:desc,prirep,shard | |
| GET _cat/shards?v&h=index,shard,prirep,state,unassigned.reason | |
| # pull all indexes for a given date | |
| GET _cat/indices/2018-10-10-*sightings?v&s=creation.date:desc,index&h=index,creation.date.string,docs.count | |
| GET 2019-01-11-log-records/_search/?size=1000&pretty=1 | |
| GET 2019-01-11-dns-records/_search/?size=1000&pretty=1 | |
| ################################ | |
| # DANGER - these are NOT READ commands! | |
| GET 2019-02-19-flow-records/_settings | |
| PUT 2019-02-19-*/_settings | |
| { | |
| "index.routing.allocation.exclude.box_type": "hot", | |
| "index.routing.allocation.require.box_type": "warm", | |
| "index.routing.allocation.total_shards_per_node": -1 | |
| } | |
| POST 2019-02-19-flow-records/_forcemerge?max_num_segments=5 | |
| # Cancel a task by ID | |
| POST _tasks/7HvqNpDjQ7uK6qeLu1Ekog:665414311/_cancel | |
| # Query Grafana tries to use | |
| POST 2018-10-17-flow-records/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "filter": [{ | |
| "range": { | |
| "@timestamp": { | |
| "gte": "1539786170752", | |
| "lte": "1539796970752", | |
| "format": "epoch_millis" | |
| } | |
| } | |
| }, { | |
| "query_string": { | |
| "analyze_wildcard": true, | |
| "query": "*" | |
| } | |
| }] | |
| } | |
| }, | |
| "aggs": { | |
| "4": { | |
| "terms": { | |
| "field": "perch_company_name.keyword", | |
| "size": 5, | |
| "order": { | |
| "_count": "desc" | |
| }, | |
| "min_doc_count": 1 | |
| }, | |
| "aggs": { | |
| "2": { | |
| "date_histogram": { | |
| "interval": "30s", | |
| "field": "@timestamp", | |
| "min_doc_count": 0, | |
| "extended_bounds": { | |
| "min": "1539786170752", | |
| "max": "1539796970752" | |
| }, | |
| "format": "epoch_millis" | |
| }, | |
| "aggs": {} | |
| } | |
| } | |
| } | |
| } | |
| } | |
| # Manually reassign a stuck shard | |
| POST _cluster/reroute?retry_failed=true | |
| { | |
| "commands" : [ { | |
| "allocate_replica" : { | |
| "index" : "2018-10-10-tls-records", | |
| "shard" : 5, | |
| "node" : "prod.es5.data.7" | |
| } | |
| } | |
| ] | |
| } | |
| GET _cat/recovery?v&s=files_percent,bytes_percent,translog_ops_percent,time:desc,stage,source_node,index&h=time,index,shard,prirep,stage,source_node,target_node,files_percent,bytes_percent,translog_ops_percent | |
| GET /_nodes/hot_threads | |
| GET _cat/recovery?v&s=files_percent,bytes_percent,translog_ops_percent,time:desc,stage,source_node,index&h=* | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment