I'm trying to send data to an ElasticSearch server using CURL. There is an index called 'datastream2' which has a lot of fields sorta like this:
"datastream2": {
"mappings": {
"properties": {
"UA": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 512
}
}
},
"accLang": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}...
I'd like to use CURL to send data to this index.
I've been using CURL for the attempted POST like this:
curl -v -X POST http://66-228-66-111.ip.linodeusercontent.com:9200/datastream2/newdocname -H "Content-type: application/json" --user elastic:u34XXXc2qYNGnVS4XXXA -d '{"UA":"Mozilla","acclang":"eng"}'
but it's failing with the message:
{"error":"no handler found for uri [/datastream2/newdocname] and method [POST]"}%
I will admit that I'm not sure what to put after the indexname of '/datastream2/' , but I've tried various different values. Some documentation says to list the type (which I'm not sure where to find) and some docs say that this is no longer necessary on ElasticSearch 8+ .
Any ideas how I can get this data posted into ElasticSearch?
You just need to replace newdocname by _doc and it will work
curl -v -X POST http://66-228-66-111.ip.linodeusercontent.com:9200/datastream2/_doc
trying elasticsearch(6.4.2) sql rest api on yelp dataset,
read -r -d '' sql <<'EOF'
{
"query":"select city, COUNT(*) AS c from \"yelp.business\" group by city"
}
EOF
curl -v -XPOST "http://$host/_xpack/sql?format=txt" -H'Content-Type: application/json' -d"$sql"
get right response
city | c
----------------------------+---------------
Cleveland |2977
Cleveland Heights |179
Cleveland Hghts. |1
East Cleveland |4
Mayfield Heights (Cleveland)|1
but tranlsate sql to dsl
query=`curl -v -XPOST "http://$host/_xpack/sql/translate?format=json" -H'Content-Type: application/json' -d"$sql"`
get following:
{
"_source" : false,
"size" : 0,
"aggregations" : {
"groupby" : {
"composite" : {
"sources" : [
{
"2467" : {
"terms" : {
"order" : "asc",
"field" : "city.keyword",
"missing_bucket" : false
}
}
}
],
"size" : 1000
}
}
},
"stored_fields" : "_none_"
}
execute translated dsl on search request
curl -XGET "http://$host/antkrill.event/_search" -H 'Content-Type: application/json' -d"$query"
and get error
failed to find field [city.keyword] and [missing_bucket] is not set
why search with sql is ok, but error with translated dsl
my own problem! the second query was executed with translated dsl on a different index!
i have problem with the API of ICINGA2.
i'm trying to add new variables with the POST call ,
i'm getting the required result,
But ICINGA2 didn't add the new var.
According to documentation:
http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/icinga2-api
With the following API, i creates all our hosts in vienna :
curl -k -s -u root:icinga -H 'Accept: application/json' -X PUT 'https://localhost:5665/v1/objects/hosts/server.example.com' \
-d '{ "templates": [ "generic-host" ], "attrs": { "zone": "Vienna", "address": "180.33.1.123", "check_command": "hostalive", "vars.os" : "Linux", "vars.agent" : "ssh" } }' \
| python -m json.tool
While this part works as expected,
The problem is once host created, i need to add various vars for different servers.
for example
Adding of the variable: "vars.servicename" : "DHCP_Servers"
If i'm going back to the documentation, the below API that will need to be execute:
curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/objects/hosts/server.example.com' \
-d '{ "templates": [ "generic-host" ], "attrs": { "zone": "Vienna", "address": "180.33.1.123", "check_command": "hostalive", "vars.os" : "Linux", "vars.agent" : "ssh", "vars.servicename" : "DHCP_Servers" } }' \
| python -m json.tool
When i ran the API , as expected i'm getting back:
{
"results": [
{
"code": 200.0,
"name": "server.example.com",
"status": "Attributes updated.",
"type": "Host"
}
]
}
But there is no changes that taking place on ICINGA/ host file.
Obviously the same user as in my inbox and the forums (https://monitoring-portal.org/index.php?thread/37160-adding-vars-with-api/&postID=234885#post234885) lately. Leaving this as a note here as it might help others to see why it does not work. That feature is just not implemented as it involves storing the applied changes, do a rollback, and re-apply. Not as simple as it sounds.
https://dev.icinga.org/issues/11501
I have an ElasticSearch cluster and am trying to query it using the RESTful Search API. My query would return the oldest results but I wanted the newest so I added a range filter
curl -XGET 'https://cluster.com/_search' -d '{
"from": 0, "size": 10000,
"range" : {
"#timestamp" : {
"gt": "now-1h"
}
}
}'
But I get the following error
"error":"SearchPhaseExecutionException[Failed to execute phase [query],.....Parse Failure [Failed to parse source.........Parse Failure [No parser for element [range]]]
I've tried using #timestamp, timestamp, and _timestamp as well for variable names but that didn't work. I've also confirmed that it is the range option that is causing the request to fail.
Any help would be appreciated.
Your query is not formatted correctly, you miss a "query" level:
curl -XGET 'https://cluster.com/_search' -d '{
"from": 0, "size": 10000,
"query": {
"range" : {
"#timestamp" : {
"gt": "now-1h"
}
}
}
}'
I have typed this command to index a document in Elasticsearch
create an index
curl -X PUT "localhost:9200/test_idx_1x"
create a mapping
curl -X PUT "localhost:9200/test_idx_1x/test_mapping_1x/_mapping" -d '{
"test_mapping_1x": {
"properties": {
"my_attachments": {
"type": "attachment"
}
}
}
}'
index this document
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/4' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "test Elastic Search",
"name": "N1"
}'
All these three commands are very goods.
But when I type this command:
curl -XPOST 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"type": "attachment",
"_content_type": "text/plain",
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}
}'
I receive this error message:
{
"error": "NullPointerException[null]",
"status": 500
}
I change it into;
curl -XPOST 'http://localhost:9200/test_idx_1x/test_mapping_1x/1bis' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"type": "attachment",
"_content_type": "text/plain",
"_name": "/inf/bd/my_home_directory/test.txt"
}
}'
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}
}'
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt",
"_content_type": "text/plain"
}
}'
The output is the same error.
I change it like that
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"user": "kimchy",
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt",
"_content_type": "text/plain",
"content": "... base64 encoded attachment ..."
}
}'
the error is
{
"error": "MapperParsingException[Failed to parse]; nested: JsonParseException[Failed to decode VALUE_STRING as base64 (MIME-NO-LINEFEEDS): Illegal character '.' (code 0x2e) in base64 content\n at [Source: [B#159b3; line: 1, column: 241]]; ",
"status": 400
}
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}'
I receive this error message:
{
"error": "MapperParsingException[Failed to parse]; nested: JsonParseException[Unexpected character ('h' (code 104)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')\n at [Source: [B#1ae9565; line: 1, column: 132]]; ",
"status": 400
}
if I type
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}'
I receive error. I can understand it
{
"error": "MapperParsingException[Failed to parse]; nested: JsonParseException[Failed to decode VALUE_STRING as base64 (MIME-NO-LINEFEEDS): Illegal character ':' (code 0x3a) in base64 content\n at [Source: [B#1ffb7d4; line: 1, column: 137]]; ",
"status": 400
}
How can I use attach files to ES so that ES can index it?
Thanks for your answer. That attachment plugin I have already installed when I type these commands. The content of the text file is encoded in Base64, so I don't encode it anymore. If I don't use the file's path but directly use its contents in Base 64, ex.
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": "file's content string encoded in base64"
}'
all is good, I have already succeeded in posting file and searching its content later.
But if I replace it with path's file, I obtained negative results. So I want to know how to encode Base64 a file in command line,in the command of ES indexing (of course, I don't want to type base64 command to encode a file before typing 2nd command to indexing it in ES). As your answer, do I have to installed something like "Perl library" to execute your command?
http://es-cn.medcl.net/tutorials/2011/07/18/attachment-type-in-action.html
#!/bin/sh
coded=`cat fn6742.pdf | perl -MMIME::Base64 -ne 'print encode_base64($_)'`
json="{\"file\":\"${coded}\"}"
echo "$json" > json.file
curl -X POST "localhost:9200/test/attachment/" -d #json.file
First, you don't specify whether you have the attachment plugin installed. If not, you can do so with:
./bin/plugin -install mapper-attachments
You will need to restart ElasticSearch for it to load the plugin.
Then, as you do above, you map a field to have type attachment:
curl -XPUT 'http://127.0.0.1:9200/foo/?pretty=1' -d '
{
"mappings" : {
"doc" : {
"properties" : {
"file" : {
"type" : "attachment"
}
}
}
}
}
'
When you try to index a document, you need to encode the contents of your file in Base64. You could do this on the command line using the base64 command line utility. However, to be legal JSON, you also need to encode new lines, which you can do by piping the output from base64 through Perl:
curl -XPOST 'http://127.0.0.1:9200/foo/doc?pretty=1' -d '
{
"file" : '`base64 /path/to/file | perl -pe 's/\n/\\n/g'`'
}
'
Now you can search your file:
curl -XGET 'http://127.0.0.1:9200/foo/doc/_search?pretty=1' -d '
{
"query" : {
"text" : {
"file" : "text to look for"
}
}
}
'
See ElasticSearch attachment type for more.
This is a complete shell script implementation:
file_path='/path/to/file'
file=$(base64 $file_path | perl -pe 's/\n/\\n/g')
curl -XPUT "http://eshost.com:9200/index/type/" -d '{
"file" : "content" : "'$file'"
}'
There is an alternative solution - plugin at http://elasticwarehouse.org. You can upload binary file using _ewupload?, read newly generated ID and update your different index with this reference.
Install plugin:
plugin -install elasticwarehouseplugin -u http://elasticwarehouse.org/elasticwarehouse/elasticsearch-elasticwarehouseplugin-1.2.2-1.7.0-with-dependencies.zip
Restart cluster, then:
curl -XPOST "http://127.0.0.1:9200/_ewupload?folder=/myfolder&filename=mybinaryfile.bin" --data-binary #mybinaryfile.bin
Sample response:
{"id":"nWvrczBcSEywHRBBBwfy2g","version":1,"created":true}