Skip to content

Instantly share code, notes, and snippets.

@shakeeb91

shakeeb91/Elasticsearch_Logstash_kibana.md

Created January 23, 2023 13:36
Show Gist options
  • Save shakeeb91/79c00388c360e7fac0a6d265accffac8 to your computer and use it in GitHub Desktop.
Save shakeeb91/79c00388c360e7fac0a6d265accffac8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Elasticsearch_Logstash_kibana.md

ELK stack is widely used for logging and monitoring indexes.

Kibana Dev Tools and GET/POST Request

  1. To Check the Cluster health

GET /_cluster/health

  1. To Check the indices/ List the indices

GET /_cat/indices

  1. To check the nodes in a cluster

GET /_cat/nodes

  1. To check the indices having health not set to green.

You can search for RED as well by replacing yellow with red and similarly to green. GET /_cat/indices?v&health=yellow

  1. Search for specific index

GET /cache-2021.08/_search

  1. Check the shards assigned to specific indices

GET /_cat/shards To get the shards for specific index. GET /_cat/shards/application-*?v&s=index,prirep,shard

  1. To Get the list of susccessfull backups.

GET /_cat/snapshots/eslog_backup To check the path/location where the ES snapshot stored. GET _snapshot To assign specific path for storing data.

PUT /_snapshot/eslog_backup
{
  "type": "fs",
  "settings": {
    "location": "/data/mnt/eslog-backup",
    "compress": true
  }
}
  1. To check where the backup is stored 9 repository name

GET /_cat/repositories

  1. To get the settings of the desired index.

GET /security-2022.09/_settings

  1. To get the list of the allocated space of each node.

GET /_cat/allocation

  1. Delete the index

DELETE /application-2021.03 DELETE /nginx-access-2021.12

  1. Searchguard is active or not.

GET /_searchguard/health

  1. Mapping of certain index.

GET /haproxy-2022.05/_mapping/

  1. To check the running task.

GET /_tasks GET /_tasks/InsLRJoIQKO76mb0LjVLCg:158918900 GET /_tasks/InsLRJoIQKO76mb0LjVLCg:203627912

  1. Mapping and changing certain params.

GET /saml-2022.04/_settings

Update certain field

PUT /saml-2022.04/_settings
{
  "index.mapping.total_fields.limit": 2000
}
  1. Reindexing from source to destination
POST _reindex
{
  "source": {
    "index": "security-2022.03"
  },
  "dest": {
    "index": "security-application-2022.03"
  }
}

or

POST _reindex?wait_for_completion=false
{
  "source": {
    "index": "security-2022.04"
  },
  "dest": {
    "index": "security-application-2022.04"
  }
}
  1. Add certain settings in index
    PUT /_settings
    {
    "index": {
    "blocks": {
    "read_only_allow_delete": "false"
    }
    }
    }
  1. Delete any index

DELETE /nginx-access-2022.04

  1. Reroute the index if there is any failed indexes after reboot of the cluster node.

POST _cluster/reroute?retry_failed

  1. To stop the allocation of indexes for time being.
PUT /_cluster/settings
{
  "transient": {
    "cluster.routing.allocation.enable": "none"
  }
}

To Enable it back.

PUT /_cluster/settings
{
  "transient": {
    "cluster.routing.allocation.enable": "all"
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment