#TIL : Basics of Elasticsearch

Last days, I developed a EFK stack to centralize my system logging. I really like the concepts of FluentD, it’s better than original stack ELK of elastic company.

So I need to learn basics about Elasticsearch and Kibana

This is what I learned :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Get all documents from elasticsearch node
GET _search
{
"query": {
"match_all": {}
}
}

# Check nodes statistics
GET /_nodes/stats

# Check health of cluster (I don't know why it is always yello status)
GET _cluster/health

# Get list of indices (indexes)
GET /_cat/indices?v

# Delete a index (with its data) with name
DELETE /[index-name]

#TIL : Use journalctl to check system logs

Logging and Monitoring are important factor for system admin. Checking the log will help you have a closer look into the issue. One tool could help you will handy features is journalctl.

Here are simple options :

  • -f : follow the log (tailf)
  • -u [service] : filter to show only [service] logs
  • --since=[date] : Show entries not older than the specified date
  • --until=[date] : Show entries not newer than the specified date

Example :

1
2
3
$ sudo journalctl -u nginx.service
$ sudo journalctl -u nginx.service --since yesterday
$ sudo journalctl -u nginx.service --since "2018-01-01" --until today