Useful ElasticSearch Curl Scripts

之前在與 Hypro 公司的一個專案裡面用到 ELK 很多的指令,本篇記錄一些 Useful ElasticSearch Curl Scripts 用來推送 request 的範例,包含:

  1. 刪除特定事件 ( Delete specific event in a specific Index )
  2. 查看索引狀態 ( Check Index Status )
  3. 刪除特定索引 ( Delete Specific Index )
  4. 新增與更新工作流 ( Create and Update pipeline )
  5. 新增索引 (New Index)
  6. 推送事件到特定的索引 (Insert a Json to Specific Index)

備註:以下的範例都是針對 http:// 沒有 SSL 的 ElasticSearch 伺服器做推送,如果你的 ElasticSearch 伺服器有 SSL 的保護時,會拿到以下的錯誤訊息:

curl: (52) Empty reply from server

此時可以嘗試以下兩種不同的方法增加 argument 來符合 HTTPS 的認證。

curl --insecure
curl --cacert /path/to/ca.crt

 

1. Delete specific event in a specific Index
curl --user user:password -XPOST "http://url/index/_delete_by_query" -H 'Content-Type: application/json' -d' 
{
  "query": {
    "match": {
      "_id": "AWlvdocu0pupZOgb9KkP"
    }
  }
}'

 

2. Check Index Status
curl --user user:password -X GET "http://url:port/_cat/indices?v"
curl --user user:password -X GET "http://url:port/_cluster/health/test2"

 

3. Delete Specific Index
curl --user user:password -X DELETE "http://url/index"

 

4. Create or Update pipeline 參考
curl --user user:password -X PUT "http://59.120.61.14:9200/_ingest/pipeline/timestamp" -H 'Content-Type: application/json' -d' 
{
  "description": "Adds a timestamp field at the current time",
  "processors": [
    {
      "date": {
        "field": "timestamp",
        "formats": [
          "dd-MM-yyyy HH:mm:ss"
        ],
        "timezone": "Asia/Taipei"
      }
    }
  ]
}'

 

5. New Index
curl --user user:password -X PUT "http://59.120.61.14:9200/hypro" -H 'Content-Type: application/json' -d' 
{
  "settings": {
    "index": {
      "number_of_shards": 5,
      "number_of_replicas": 2
    }
  }
}'

 

6. Insert a Json to a Specific Index
curl --user user:password -XPOST "http://59.120.61.14:9200/test/info?pipeline=timestamp" -H 'Content-Type: application/json' -d '
{
  "temperature": "25.0",
  "humidity": "20.0",
  "timestamp": "21-04-2019 15:52:20"
}'