Elasticsearch Notes: Difference between revisions
| Line 196: | Line 196: | ||
ES_HEAP_SIZE=2g | ES_HEAP_SIZE=2g | ||
ES_GC_LOG_FILE=/data/elasticsearch/log/gc.log | ES_GC_LOG_FILE=/data/elasticsearch/log/gc.log | ||
</pre> | |||
== Network == | |||
/etc/services updated: | |||
<pre> | |||
$ grep 9200 /etc/services | |||
elasticsearch-rest 9200/tcp # elasticsearch-restful api | |||
#wap-wsp 9200/tcp # WAP connectionless session service | |||
wap-wsp 9200/udp # WAP connectionless session service | |||
$ grep 9300 /etc/services | |||
elasticsearch-transport 9300/tcp # elasticsearch-transpost | |||
# vrace 9300/tcp # Virtual Racing Service | |||
vrace 9300/udp # Virtual Racing Service | |||
</pre> | </pre> | ||
Revision as of 12:49, 27 July 2016
how to secure
Tough, use an app proxy to be sure. For now: local access only. Not designed with security in mind.
to file /etc/elasticsearch/elasticsearch.yml added to the end
script.disable_dynamic: true
quick stuff
elasticsearch-head and elastic search plugin ( https://github.com/mobz/elasticsearch-head )
_search?search_type=count
{
"aggs" : {
"all_users": {
"terms": {
"field": "screen_name"
}
}
}
}
list indexes and summary:
curl 'localhost:9200/_cat/indices?v'
show health
curl 'localhost:9200/_cat/health?v'
list nodes:
curl 'localhost:9200/_cat/nodes?v'
delete an index
curl -XDELETE 'http://localhost:9200/twitterindex_v2/'
created an index with mappings from a file:
curl -XPUT localhost:9200/twitterindex_v2 -T 'mapping.1'
get the mappoings for an index
curl -XGET "http://localhost:9200/test-index/_mapping" | jsonlint > mapping
pattern of data import
- import data
- dump mapping
- edit mapping
- create new index with new mapping
- import data again.
Explicitly mapping date fields
from: http://joelabrahamsson.com/dynamic-mappings-and-dates-in-elasticsearch/
curl -XPUT "http://localhost:9200/myindex" -d'
{
"mappings": {
"tweet": {
"date_detection": false,
"properties": {
"postDate": {
"type": "date"
}
}
}
}
}'
backup
from: https://www.elastic.co/guide/en/elasticsearch/guide/current/backing-up-your-cluster.html
add to the end of /etc/elasticsearch/elasticsearch.yml :
path.repo: ["/mnt/freenas/dataset_elasticsearch/backup"]
root@keres /mnt/freenas/dataset_elasticsearch/backup # curl -XPUT "http://localhost:9200/_snapshot/freenas_backup" -d'
{
"type": "fs",
"settings": {
"location": "/mnt/freenas/dataset_elasticsearch/backup"
}
}'
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html
searches
{
"query": { "match_all": {} }
}
{
"query": { "match": { "filter_level": "low" } }
}
{
"query": { "match": { "source": "iPad" } },
"_source": [ "source" , "text"]
}
{
"size": 0,
"aggs": {
"group_by_state": {
"terms": {
"field": "source"
}
}
}
}
"size": 0, - print agg only and not hits. PEROFORMANCE!!
changing-mapping-with-zero-downtime
https://www.elastic.co/blog/changing-mapping-with-zero-downtime
aggregates
moving data between indexes
Use ElasticDump ( https://www.npmjs.com/package/elasticdump )
1) yum install epel-release
2) yum install nodejs
3) yum install nodejs npm
4) npm install elasticdump
5) cd node_modules/elasticdump/bin
6)
./elasticdump \ --input=http://192.168.1.1:9200/original \ --output=http://192.168.1.2:9200/newCopy \ --type=data
elasticdump \ --input=http://localhost:9700/.kibana \ --output=http://localhost:9700/.kibana_read_only \ --type=mapping elasticdump \ --input=http://localhost:9700/.kibana \ --output=http://localhost:9700/.kibana_read_only \ --type=data
serverconfig notes
stuff I've added to my default config:
# for backups path.repo: ["/mnt/freenas/dataset_elasticsearch/backup"] # to disallow remote code execution script.disable_dynamic: true
/etc/sysconfig/sysconfig/elasticsearch ( grep -v ^# )
DATA_DIR=/data/elasticsearch/data LOG_DIR=/data/elasticsearch/log WORK_DIR=data/elasticsearch/tmp ES_HEAP_SIZE=2g ES_GC_LOG_FILE=/data/elasticsearch/log/gc.log
Network
/etc/services updated:
$ grep 9200 /etc/services elasticsearch-rest 9200/tcp # elasticsearch-restful api #wap-wsp 9200/tcp # WAP connectionless session service wap-wsp 9200/udp # WAP connectionless session service $ grep 9300 /etc/services elasticsearch-transport 9300/tcp # elasticsearch-transpost # vrace 9300/tcp # Virtual Racing Service vrace 9300/udp # Virtual Racing Service
