wiki'd

by JoKeru

elasticsearch basics and commands

A cluster consists of one or more nodes which share the same cluster name. Each cluster has a single master node which is chosen automatically by the cluster and which can be replaced if the current master node fails.

A node is a running instance of elasticsearch which belongs to a cluster. At startup, a node will use unicast (or multicast, if specified) to discover an existing cluster with the same cluster name and will try to join that cluster.

An index is like a database in a relational database. It has a mapping which defines multiple types.

A type is like a table in a relational database. Each type has a list of fields that can be specified for documents of that type. The mapping defines how each field in the document is analyzed.

A document is a JSON document which is stored in elasticsearch. It is like a row in a table in a relational database. Each document is stored in an index and has a type and an id.

A document contains a list of fields, or key-value pairs. The value can be a simple (scalar) value (eg a string, integer, date), or a nested structure like an array or an object. A field is similar to a column in a table in a relational database. The mapping for each field has a field type (not to be confused with document type) which indicates the type of data that can be stored in that field, eg integer, string, object.

The ID of a document identifies a document. The index/type/id of a document must be unique. If no ID is provided, then it will be auto-generated.

[cc lang='bash']
# delete all data
\$ curl -XDELETE 'http://localhost:9200/_all/'

# get cluster info
\$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
\$ curl -XGET 'http://localhost:9200/_cluster/nodes/stats?pretty=true'

# set index template
\$ curl -XPUT http://localhost:9200/_template/squid-access -d '
{
"template": "squid-access-*",
"settings": {
"index.refresh_interval": "3s",
"index.query.default_field": "uri"
},
"mappings": { "_default_": { "_all": { "enabled": false } } }
}'
# get index template
\$ curl -XGET 'http://localhost:9200/_cluster/state?pretty=true' | less
# delete index template
\$ curl -XDELETE http://localhost:9200/_template/squid-access

# get mapping
\$ curl -XGET 'http://localhost:9200/_all/_mapping?pretty=true'
# get settings
\$ curl -XGET 'http://localhost:9200/_all/_settings?pretty=true'

# get data
\$ curl -XGET 'http://localhost:9200/squid-access-2013.10.11/logs/_search?pretty=true'
\$ curl -XGET 'http://localhost:9200/squid-access-2013.10.11/logs/eQWX9i04RAaf-mqpbwlzwg?pretty=true'
[/cc]

Comments