To see the available indices:
curl 'localhost:9200/_cat/indices?v'
Some more example for seeing Logstash indices:
curl -XGET 'http://localhost:9200/_mapping' curl -XGET 'http://localhost:9200/logstash-*/log/_mapping' curl -XGET 'http://localhost:9200/logstash-2015.01.08/_search?q=_type:logs&pretty=1' curl -XGET 'http://localhost:9200/logstash-2015.01.08/_search?q=type:syslog&pretty=1' curl -XGET 'http://localhost:9200/logstash-2015.01.08/syslog/_search?q=type:syslog&pretty=1' curl -XGET 'http://localhost:9200/logstash-2015.01.12/loadbalancer/_search?q=tags:_grokparsefailure&pretty=1'
Deleting indices by name or based on query:
curl -XDELETE 'http://localhost:9200/index_name/' curl -XDELETE 'http://localhost:9200/logstash-*/_query?q=facility_label:user-level&pretty=1' curl -XDELETE 'http://localhost:9200/logstash-2015.01.12/loadbalancer/_query?q=tags:_grokparsefailure&pretty=1'
Backing up ES: We need a directory with full access to elasticsearch. I actually not sure if this is necessary or not but this is one of the actions I took to solve a bad problem!
sudo mkdir /usr/share/elasticsearch/backup/ sudo chmod 777 /usr/share/elasticsearch/backup/ sudo chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/backup/
And finally make a snapshot:
curl -XPUT 'http://localhost:9200/_snapshot/dopey_backup' -d '{
"type": "fs",
"settings": {
"compress" : true,
"location": "/usr/share/elasticsearch/backup"
}
}'
Restoring the snapshot is also essential:
curl -XPUT "localhost:9200/_snapshot/dopey_backup/snapshot_1?wait_for_completion=true" curl -XPOST "localhost:9200/_snapshot/dopey_backup/snapshot_1/_restore"
Voyager 