https://wiki.webko.net.ua/index.php?action=history&feed=atom&title=ELK_useful_commands
ELK useful commands - История изменений
2026-05-03T23:57:09Z
История изменений этой страницы в вики
MediaWiki 1.35.1
https://wiki.webko.net.ua/index.php?title=ELK_useful_commands&diff=650&oldid=prev
Sol: Новая страница: «Show cluster health | pretty formated <syntaxhighlight lang="bash"> curl -XGET 'IP-OF-ELASTIC-SERVER:9200/_cluster/health?pretty' </syntaxhighlight> Show cluster…»
2020-02-21T08:47:39Z
<p>Новая страница: «Show cluster health | pretty formated <syntaxhighlight lang="bash"> curl -XGET 'IP-OF-ELASTIC-SERVER:9200/_cluster/health?pretty' </syntaxhighlight> Show cluster…»</p>
<p><b>Новая страница</b></p><div>Show cluster health | pretty formated<br />
<syntaxhighlight lang="bash"><br />
curl -XGET 'IP-OF-ELASTIC-SERVER:9200/_cluster/health?pretty'<br />
</syntaxhighlight><br />
<br />
Show cluster settings | pretty formated<br />
<syntaxhighlight lang="bash"><br />
curl -XGET 'IP-OF-ELASTIC-SERVER:9200/_cluster/settings?pretty'<br />
</syntaxhighlight><br />
<br />
Show all indexes<br />
<syntaxhighlight lang="bash"><br />
curl -XGET 'IP-OF-ELASTIC-SERVER:9200/_cat/indices?v'<br />
</syntaxhighlight><br />
<br />
Show all indexes which start with logsta*<br />
<syntaxhighlight lang="bash"><br />
curl -XGET 'IP-OF-ELASTIC-SERVER:9200/_cat/indices/logsta*?v&s=index'<br />
</syntaxhighlight><br />
<br />
Show all indexes/shards in state unassigned<br />
<syntaxhighlight lang="bash"><br />
curl -XGET -H 'Content-Type: application/json' http://IP-OF-ELASTIC-SERVER:9200/_cat/shards | grep UNASSIGNED<br />
</syntaxhighlight><br />
<br />
Unlock all indexes manually<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H "Content-Type: application/json" http://IP-OF-ELASTIC-SERVER:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'<br />
</syntaxhighlight><br />
<br />
Get default logstash template from elasticsearch | pretty formated | stored in temp directory<br />
<syntaxhighlight lang="bash"><br />
curl -XGET 'IP-OF-ELASTIC-SERVER:9200/_template/logstash?pretty' > /tmp/logstash-template.json<br />
</syntaxhighlight><br />
<br />
Upload modified logstash template to elasticsearch from directory where logstash-template.json exists | hint dont forget to remove the logstash parameter in the file<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/_template/logstash' -d "@logstash-template.json"<br />
</syntaxhighlight><br />
<br />
Run logstash from commandline with all config files in debug mode<br />
<syntaxhighlight lang="bash"><br />
/usr/share/logstash/bin/logstash --path.settings /etc/logstash/ -r -f "/etc/logstash/conf.d/*" --log.level debug<br />
</syntaxhighlight><br />
<br />
Run logstash from commandline with specific config file in debug mode<br />
<syntaxhighlight lang="bash"><br />
/usr/share/logstash/bin/logstash --path.settings /etc/logstash/ -r -f "/etc/logstash/conf.d/00-test.config" --log.level debug<br />
</syntaxhighlight><br />
<br />
Change the number of replicas at one existing index<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/.alert/_settings' -d '{ "index" : {"number_of_replicas" : 0}}'<br />
</syntaxhighlight><br />
<br />
Change the number of replicas at multiple existing indexes | sets number_of_replicas:0 to all cisco indexes from the year 2018<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/logstash-cisco-2018.*.*/_settings' -d '{ "index" : {"number_of_replicas" : 0}}'<br />
</syntaxhighlight><br />
<br />
Delete all indexes from a year<br />
<syntaxhighlight lang="bash"><br />
curl -XDELETE 'IP-OF-ELASTIC-SERVER:9200/logstash-cisco-2018.*.*'<br />
</syntaxhighlight><br />
<br />
Create an index manuall from cli via curl | name of index is aa_test_index | number_of_shards:1 and number_of_replicas:0<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/aa_test_index?pretty' -d '{"settings" : {"index" : {"number_of_shards" : 1,"number_of_replicas" : 0 }}}'<br />
</syntaxhighlight><br />
<br />
Create an index manuall from cli by using logstash | name of index is aa_test_index_from_cli<br />
<syntaxhighlight lang="bash"><br />
/usr/share/logstash/bin/logstash --path.settings "/etc/logstash/" -e 'input { stdin { } } output { elasticsearch { hosts => "IP-OF-ELASTIC-SERVER:9200" index => "aa_test_index_from_cli" } }'<br />
</syntaxhighlight><br />
<br />
Logstash config test<br />
<syntaxhighlight lang="bash"><br />
/usr/share/logstash/bin/logstash --path.settings "/etc/logstash/" --config.test_and_exit -f /etc/logstash/conf.d/<br />
</syntaxhighlight><br />
<br />
Set existing index to read-only | ! needed for shrinking shards ! | this command sets all shards from december 2018 to read-only<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/logstash-cisco-2018.12.*/_settings' -d '{"index.blocks.write": true}'<br />
</syntaxhighlight><br />
<br />
Shrink existing shards | shrinks the data from existing index "logstash-cisco-2018.12.24" to the new "smaller index" logstash-cisco-2018.12.24.shrinked | copy all index settings to new one | number_of_shards:1 and number_of_replicas:0 | using best_compression | disable read-only mode<br />
<syntaxhighlight lang="json"><br />
curl -POST -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/logstash-cisco-2018.12.24/_shrink/logstash-cisco-2018.12.24-shrinked?copy_settings=true' -d '{ "settings": { "index.number_of_replicas": 0, "index.number_of_shards": 1, "index.codec": "best_compression", "index.routing.allocation.require._name": null, "index.blocks.write": null }, "aliases": { "my_search_indices": {} }}'<br />
</syntaxhighlight><br />
<br />
Increase the elasticsearch shard limit from 1000 to 5000 for each node<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/_cluster/settings' -d '{ "persistent" : {"cluster.max_shards_per_node" : 5000}}'<br />
</syntaxhighlight><br />
<br />
Set the Cluster Metadata Administrator Email address<br />
<syntaxhighlight lang="bash"><br />
curl -XPUT -H 'Content-Type: application/json' 'IP-OF-ELASTIC-SERVER:9200/_cluster/settings' -d '{ "persistent" : {"cluster.metadata.administrator" : "admin@yourdomain.com"}}'<br />
</syntaxhighlight><br />
[[Категория:ELK]]</div>
Sol