Elasticsearch Cheatsheet of Kibana Console Requests
Introduction
The Kibana Console UI is an easy and convenient way to make HTTP requests to an Elasticsearch cluster. It’s not difficult to get started with Kibana: Just make sure that the Kibana service is running, and navigate to it on your server (the default port is 5601). Go to the Dev Tools section (if you’re running Kibana 7, click on the wrench icon), and then click the Console tab.
If you’re just getting started with Elasticsearch and Kibana, it can be helpful to have a cheat sheet to make sure you get the syntax right for your HTTP requests. This handy reference guide will help make sure you’re on the right track whenever you need to make Kibana requests to Elasticsearch.
NOTE: Index data types have been deprecated in Elasticsearch 7. Many requests simply require you to pass _doc into the header instead.
Common GET requests
If you need to get data about an index or about some of its documents, you’ll need to make a GET request to your Elasticsearch cluster. Here are a few of the most useful GET requests:
GET data about a cluster
The following GET requests can be used to have the Elasticsearch cluster return some useful stats and information.
GET the cluster’s health
To get some simple information on your cluster’s health, use the request shown below:
1 | GET _cluster/health |
GET data about an index
Just use the GET HTTP verb followed by the index name to get some basic information on an index:
1 | GET some_index |
Use the _search API to return some of an index’s documents
If you need to have the cluster return a few documents from an index:
1 | GET some_index/_search |
GET a document by ID
If you’d like to request a document by id, include the document type, followed by the id in the request header. Elasticsearch will return the document and its content body:
1 | GET some_index/_doc/1234 |
Common PUT requests
Now that we’ve covered common GET requests, let’s look at some Kibana PUT requests, which are used to create indices and documents.
Creating indices using PUT
The basic request to create an index in Kibana is just PUT some_index.
Kibana PUT request to create an index including shard and replica settings
You can create an index and specify the shard and replica settings all in the same request:
1 2 3 4 5 | PUT some_index "settings": { "number_of_shards": 3, "number_of_replicas": 1 } |
Create an index with shard/replica settings in Kibana and create a mapping
Here’s the same request as the previous one, except this one creates a mapping for the index as well. Use the "type" sub-field to specify the data type for the mapping field:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | PUT some_index "settings" : { "number_of_shards" : 3, "number_of_replicas" : 1 }, "mappings": { "properties": { "field_1": { "type" : "text" }, "field_2": { "type" : "integer" }, "field_3": { "type" : "boolean" }, "created": { "type" : "epoch_millis"} } } } |
Kibana PUT request to create pipelines for a cluster’s indices
Kibana can also be used in conjunction with the Ingest API to create pipelines for an Elasticsearch cluster’s indices:
1 2 3 4 5 6 7 8 9 10 11 12 | PUT _ingest/pipeline/some_pipeline { "description": "Description for the pipeline", "processors": [ { "set": { "field": "_source.some_field", "value": "{{_ingest.some_value}}" } } ] } |
The request will return a response of "acknowledged" : true if it executes correctly.
Kibana requests to delete Elasticsearch documents and indices
You can also make requests to delete documents and indices. Be especially careful when making delete requests so you don’t accidentally delete something you’d regret.
Delete an entire Elasticsearch index
Deleting an entire index is a simple request:
1 | DELETE some_index |
Delete all documents in an index:
To delete all documents in an index, but not the index itself, use the following request:
1 2 3 4 5 6 | DELETE some_index { "query": { "match_all": {} } } |
POST requests to create and update Elasticsearch cluster data
Create a document with an ID of 1
The following request creates a new document in the cars index. Note that this document will have an id of 1:
1 2 3 4 5 6 | POST cars/volvo/1 { "color": "red", "engine": "v6", "model": "V50 Wagon" } |
Get the _source data for a document with an _id of 1234
1 | GET some_index/_doc/1234 |
Update the document using Painless scripting
You can use a script to update a document’s data as well. In this example, we use a Painless script to update a document’s _source data in a POST request:
1 2 3 4 | POST cars/volvo/1/_update { "script" : "ctx._source.year = '2014'" } |
Search requests to query documents and indices on an Elasticsearch cluster
Here are some examples of GET requests used for searching. These queries will return documents based on the JSON query that is passed in the request body.
Make a _search request to get all documents in an index
If you’d like to search for all the documents in an index, use this request:
1 2 3 4 5 6 | GET some_index/_search { "query": { "match_all": {} } } |
Search for a query based on a match with a document’s field value
The following request searches for documents that match a specific field value:
1 2 3 4 5 6 7 | GET some_index/_search 'query': { 'match': { 'some_field': 'FIND THIS VALUE' } } } |
You can also make the same request without a JSON body like this:
1 | GET some_index/_search?q=some_field:"FIND THIS VALUE" |
Range queries made in Kibana
Range queries, which search for all documents with field values that fall within a certain range of numerical values, can also be used in Kibana.
Range query for documents with a value that is less than and greater than
This example will find all documents where the "some_number" field has a value greater than or equal to 5, or less than or equal to 10:
1 2 3 4 5 6 7 8 9 10 11 | GET some_index/_search { "query": { "range" : { "some_number" : { "gte" : 5, "lte" : 10 } } } } |
Range query for dates in Kibana
This particular query finds all documents where the "some_date" field has a date newer than April 1st, 1995, but older than April 1st, 2010 by using the "within" relation option:
1 2 3 4 5 6 7 8 9 10 11 12 | GET some_index/_search { "query" : { "range" : { "some_date" : { "gte" : "1995-04-01", "lte" : "2010-04-01", "relation" : "within" } } } } |
Requests to maintain or change cluster settings
If you need to change the free-disk space “watermark” for a cluster, you can make a PUT request to do so. Be sure that the low setting is higher than the high setting, as shown in the following example:
1 2 3 4 5 6 7 8 9 | PUT _cluster/settings { "transient": { "cluster.routing.allocation.disk.watermark.low": "100gb", "cluster.routing.allocation.disk.watermark.high": "50gb", "cluster.routing.allocation.disk.watermark.flood_stage": "5gb", "cluster.info.update.interval": "1m" } } |
In the following examples, you’ll see how to deactivate a setting to force a cluster to allow writing to an index. These settings also accept null.
Change the read_only_allow_delete setting for all indexes
1 2 3 4 | PUT _all/_settings { "index.blocks.read_only_allow_delete": false } |
Change the read_only_allow_delete setting for just one index
1 2 3 4 | PUT some_index/_settings { "index.blocks.read_only_allow_delete": false } |
Conclusion
As you can see, you can perform a wide variety of Elasticsearch tasks using HTTP requests. It’s possible to create indices, get information about your cluster, execute search queries and modify cluster settings, all from the Kibana interface. With the help of this handy cheat sheet, you’ll have no trouble making any kind of Kibana requests to Elasticsearch.
Pilot the ObjectRocket Platform Free!
Try Fully-Managed CockroachDB, Elasticsearch, MongoDB, PostgreSQL (Beta) or Redis.
Get Started