Elasticsearch

cluster health

curl 127.0.0.1:9200/_cluster/health?pretty
curl 127.0.0.1:9200/_cat/indices
curl 127.0.0.1:9200/_cat/shards
curl -s 127.0.0.1:9200/_cat/recovery?
curl '127.0.0.1:9200/_cat/nodes?v&h=m,role,id,name,ip,heapPercent,heapMax,disk.avail,cpu'

find large indices

Order elasticsearch indices by size

curl '127.0.0.1:9200/_cat/indices?pretty&s=store.size'

With some extra data

curl -s 'http://localhost:9202/_cat/indices?h=health,status,index,docs.count,store.size,creation.date.string&s=store.size'

other

Disable/Enable re-allocation of indices

curl -s -XPUT 127.0.0.1:9200/_cluster/settings?pretty -d '{"transient":{"cluster.routing.allocation.enable": "none"}}'
curl -s 127.0.0.1:9200/_cluster/settings
curl -s -XPUT 127.0.0.1:9200/_cluster/settings?pretty -d '{"transient":{"cluster.routing.allocation.enable": "all"}}'

Set the amount of shards per node. 3 nodes makes 6000 shards

curl -s -XPUT -H "Content-Type: application/json" 127.0.0.1:9200/_cluster/settings -d '{"transient": { "cluster.max_shards_per_node": "2000" }}'

curl -s -XPUT -H "Content-Type: application/json" 127.0.0.1:9200/_cluster/settings -d '{"transient":{"cluster.routing.allocation.enable": "primaries"}}'

get one document from a index

curl -s -XPOST -H "Content-Type: application/json" '127.0.0.1:9200/filebeat-2021.02.04/_search?pretty' -d '{"size": 1,"query": { "match_all": {}} }'

reindex dont forget wait_for_completion=false

curl -s -XPOST -H "Content-Type: application/json" '127.0.0.1:9200/_reindex' -d '{ "source": { "index": "filebeat-2021.02.04"}, "dest": { "index": "filebeat-2021.02.04_1" } }'

unsorted

watch 'curl -s 127.0.0.1:9200/_cluster/health?pretty'

curl -s -XPUT -H "Content-Type: application/json" 127.0.0.1:9200/_cluster/settings -d '{"transient":{"cluster.routing.rebalance.enable": "none"}}'


get a bunch of documents from a index
curl -X GET '127.0.0.1:9200/_search?search_type=scan&scroll=2m&size=500' -H 'Content-Type: application/json' -d "@/tmp/query.json"