====== Elasticsearch Cheatsheet ======
=== Get the Elasticsearch version and tagline ===
GET /
=== Browse the documentation related to your elasticsearch version ===
Go to [[https://www.elastic.co/guide/en/elasticsearch/reference/X.Y/index.html|https://www.elastic.co/guide/en/elasticsearch/reference/X.Y/index.html]]
=== Quickly explore existing indices ===
GET _cat/indices/?v
=== Quickly explore existing aliases ===
GET /_cat/aliases/?v
=== Quickly get settings, mappings and aliases of an index ===
GET /
=== Switch / Manage aliases ===
POST /_aliases
{
"actions": [
{
"remove": {
"index": "",
"alias": ""
}
},
{
"add": {
"index": "",
"alias": ""
}
}
]
}
=== Quickly explore the data in an index ===
GET //_search
{
"from": 0,
"size": 20,
"_source": {
"include": [
""
],
"exclude": [
""
]
},
"query": {
"match_all": {}
},
"aggs": {
"": {
"terms": {
"field": ".keyword",
"size": 10
}
}
}
}
=== Quickly get some data based on exact values and sorted ===
GET //_search
{
"from": 0,
"size": 20,
"query": {
"bool": {
"filter": {
"terms": {
".keyword": [
"value_1",
"value_2"
]
}
}
}
},
"sort": [
{
"": {
"order": "desc"
}
}
]
}
=== Quickly get data matching several fields and explain the relevancy ===
GET //_search
{
"explain": true,
"query": {
"multi_match": {
"query": "",
"fields": [
"^10",
""
]
}
}
}
=== Quickly check how a text is analyzed ===
GET /_analyze
{
"field" : "",
"text" : ""
}
GET /_analyze
{
"analyzer" : "standard",
"text" : ""
}
=== Explore data grouped by a field ===
GET //_search
{
"size": 10,
"_source": {
"excludes": "*"
},
"query": {
"match": {
"": {
"query": ""
}
}
},
"collapse": {
"field": ".keyword",
"inner_hits": {
"size": 5,
"name": "inner_hits",
"highlight": {
"fields": {
"": {}
}
},
"sort": [
{
"": {
"order": "asc"
}
}
]
}
}
}
=== Quicky explore top terms ===
GET //_search
{
"size": 0,
"aggs": {
"": {
"terms": {
"field": ".keyword",
"size": 10
}
}
}
}
=== Explore significant terms within one group ===
GET //_search
{
"size": 0,
"aggs": {
"": {
"terms": {
"field": ".keyword",
"size": 10
},
"aggs": {
"": {
"significant_terms": {
"field": ".keyword"
}
}
}
}
}
}
=== Explore top terms and get details on top hits ===
GET //_search
{
"size": 0,
"aggs": {
"": {
"terms": {
"field": ".keyword",
"size": 10
},
"aggs": {
"": {
"top_hits": {
"size": 1,
"_source": [
".*"
],
"highlight": {
"pre_tags": [
""
],
"post_tags": [
""
],
"fields": {
".*": {
"number_of_fragments": 0
}
}
}
}
}
}
}
}
}
=== Quickly find min and max values of one field ===
GET //_search
{
"size": 0,
"aggs": {
"min" : {
"min": {
"field": ""
}
},
"max" : {
"max": {
"field": ""
}
}
}
}
=== Quickly display a date histogram ===
GET //_search
{
"size": 0,
"aggs": {
"histogram": {
"date_histogram": {
"field": "",
"interval": "day"
}
}
}
}
=== Quickly update the value of a field in a document ===
POST ///_update
{
"doc": {
"": {
"": ""
}
}
}
=== Quickly increment the value of a field in a document ===
POST ///_update
{
"script" : {
"source": "ctx._source.. += params.count",
"lang": "painless",
"params" : {
"count" : 1
}
}
}
=== Get active index templates ===
GET _template/
=== Update or create an index template ===
PUT /_template/
{
"index_patterns": "",
"settings": {
"index.refresh_interval": "5s",
"index.number_of_replicas": "0",
"index.number_of_shards": "1",
"analysis": {}
},
"mappings": {
"": {
"properties": {
"": {
"type": "date"
}
}
}
},
"aliases": {
"": {}
}
}
=== Quickly reindex (after template or mapping changes) ===
POST _reindex
{
"source": {
"index": ""
},
"dest": {
"index": ""
}
}
=== Get nodes information ===
GET _cat/nodes?v
=== Get the cluster health ===
GET _cluster/health
=== Get all the cluster metadata ===
GET _cluster/state
=== Get all nodes statistics ===
GET _nodes/stats
=== Activate the search slow log on an index ===
PUT /_settings
{
"index": {
"search.slowlog.threshold.query.trace": "0s",
"search.slowlog.threshold.fetch.trace": "0s",
"search.slowlog.threshold.query.debug": "0s",
"search.slowlog.threshold.fetch.debug": "0s",
"search.slowlog.threshold.query.info": "0s",
"search.slowlog.threshold.fetch.info": "0s",
"search.slowlog.threshold.query.warn": "0s",
"search.slowlog.threshold.fetch.warn": "0s"
}
}
$ tail -f /_index_search_slowlog.log
=== Quickly snapshot ===
GET /_snapshot/_all
PUT /_snapshot/
{
"type": "fs",
"settings": {
"compress": true,
"location": "/"
}
}
PUT /_snapshot//?wait_for_completion=false
{
"indices": "index1,index2",
"ignore_unavailable": false,
"include_global_state": false
}
GET /_snapshot//
GET /_snapshot///_status
=== Quickly restore ===
POST /_snapshot///_restore
{
"indices": "index1",
"index_settings": {
"index.number_of_replicas": 0
}
}
=== Run the support diagnostics ===
Go to [[https://github.com/elastic/elasticsearch-support-diagnostics/releases/latest|https://github.com/elastic/elasticsearch-support-diagnostics/releases/latest]]
$ wget https://github.com/elastic/support-diagnostics/releases/download/X.Y/support-diagnostics-X.Y-dist.zip
$ unzip support-diagnostics-X.Y-dist.zip
$ cd support-diagnostics-X.Y/
$ ./diagnostics.sh --host localhost --port 9200 --type remote
See the output in ''remote-diagnostics-.tar.gz''