I have typed this command to index a document in Elasticsearch
create an index
curl -X PUT "localhost:9200/test_idx_1x"
create a mapping
curl -X PUT "localhost:9200/test_idx_1x/test_mapping_1x/_mapping" -d '{
"test_mapping_1x": {
"properties": {
"my_attachments": {
"type": "attachment"
}
}
}
}'
index this document
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/4' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "test Elastic Search",
"name": "N1"
}'
All these three commands are very goods.
But when I type this command:
curl -XPOST 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"type": "attachment",
"_content_type": "text/plain",
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}
}'
I receive this error message:
{
"error": "NullPointerException[null]",
"status": 500
}
I change it into;
curl -XPOST 'http://localhost:9200/test_idx_1x/test_mapping_1x/1bis' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"type": "attachment",
"_content_type": "text/plain",
"_name": "/inf/bd/my_home_directory/test.txt"
}
}'
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}
}'
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt",
"_content_type": "text/plain"
}
}'
The output is the same error.
I change it like that
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"user": "kimchy",
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": {
"file": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt",
"_content_type": "text/plain",
"content": "... base64 encoded attachment ..."
}
}'
the error is
{
"error": "MapperParsingException[Failed to parse]; nested: JsonParseException[Failed to decode VALUE_STRING as base64 (MIME-NO-LINEFEEDS): Illegal character '.' (code 0x2e) in base64 content\n at [Source: [B#159b3; line: 1, column: 241]]; ",
"status": 400
}
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}'
I receive this error message:
{
"error": "MapperParsingException[Failed to parse]; nested: JsonParseException[Unexpected character ('h' (code 104)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')\n at [Source: [B#1ae9565; line: 1, column: 132]]; ",
"status": 400
}
if I type
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/1' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": "http://localhost:5984/my_test_couch_db_7/ID2/test.txt"
}'
I receive error. I can understand it
{
"error": "MapperParsingException[Failed to parse]; nested: JsonParseException[Failed to decode VALUE_STRING as base64 (MIME-NO-LINEFEEDS): Illegal character ':' (code 0x3a) in base64 content\n at [Source: [B#1ffb7d4; line: 1, column: 137]]; ",
"status": 400
}
How can I use attach files to ES so that ES can index it?
Thanks for your answer. That attachment plugin I have already installed when I type these commands. The content of the text file is encoded in Base64, so I don't encode it anymore. If I don't use the file's path but directly use its contents in Base 64, ex.
curl -XPUT 'http://localhost:9200/test_idx_1x/test_mapping_1x/' -d '{
"post_date": "2009-11-15T14:12:12",
"message": "trying out Elastic Search",
"name": "N2",
"my_attachments": "file's content string encoded in base64"
}'
all is good, I have already succeeded in posting file and searching its content later.
But if I replace it with path's file, I obtained negative results. So I want to know how to encode Base64 a file in command line,in the command of ES indexing (of course, I don't want to type base64 command to encode a file before typing 2nd command to indexing it in ES). As your answer, do I have to installed something like "Perl library" to execute your command?
http://es-cn.medcl.net/tutorials/2011/07/18/attachment-type-in-action.html
#!/bin/sh
coded=`cat fn6742.pdf | perl -MMIME::Base64 -ne 'print encode_base64($_)'`
json="{\"file\":\"${coded}\"}"
echo "$json" > json.file
curl -X POST "localhost:9200/test/attachment/" -d #json.file
First, you don't specify whether you have the attachment plugin installed. If not, you can do so with:
./bin/plugin -install mapper-attachments
You will need to restart ElasticSearch for it to load the plugin.
Then, as you do above, you map a field to have type attachment:
curl -XPUT 'http://127.0.0.1:9200/foo/?pretty=1' -d '
{
"mappings" : {
"doc" : {
"properties" : {
"file" : {
"type" : "attachment"
}
}
}
}
}
'
When you try to index a document, you need to encode the contents of your file in Base64. You could do this on the command line using the base64 command line utility. However, to be legal JSON, you also need to encode new lines, which you can do by piping the output from base64 through Perl:
curl -XPOST 'http://127.0.0.1:9200/foo/doc?pretty=1' -d '
{
"file" : '`base64 /path/to/file | perl -pe 's/\n/\\n/g'`'
}
'
Now you can search your file:
curl -XGET 'http://127.0.0.1:9200/foo/doc/_search?pretty=1' -d '
{
"query" : {
"text" : {
"file" : "text to look for"
}
}
}
'
See ElasticSearch attachment type for more.
This is a complete shell script implementation:
file_path='/path/to/file'
file=$(base64 $file_path | perl -pe 's/\n/\\n/g')
curl -XPUT "http://eshost.com:9200/index/type/" -d '{
"file" : "content" : "'$file'"
}'
There is an alternative solution - plugin at http://elasticwarehouse.org. You can upload binary file using _ewupload?, read newly generated ID and update your different index with this reference.
Install plugin:
plugin -install elasticwarehouseplugin -u http://elasticwarehouse.org/elasticwarehouse/elasticsearch-elasticwarehouseplugin-1.2.2-1.7.0-with-dependencies.zip
Restart cluster, then:
curl -XPOST "http://127.0.0.1:9200/_ewupload?folder=/myfolder&filename=mybinaryfile.bin" --data-binary #mybinaryfile.bin
Sample response:
{"id":"nWvrczBcSEywHRBBBwfy2g","version":1,"created":true}
Related
I'm trying to send data to an ElasticSearch server using CURL. There is an index called 'datastream2' which has a lot of fields sorta like this:
"datastream2": {
"mappings": {
"properties": {
"UA": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 512
}
}
},
"accLang": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}...
I'd like to use CURL to send data to this index.
I've been using CURL for the attempted POST like this:
curl -v -X POST http://66-228-66-111.ip.linodeusercontent.com:9200/datastream2/newdocname -H "Content-type: application/json" --user elastic:u34XXXc2qYNGnVS4XXXA -d '{"UA":"Mozilla","acclang":"eng"}'
but it's failing with the message:
{"error":"no handler found for uri [/datastream2/newdocname] and method [POST]"}%
I will admit that I'm not sure what to put after the indexname of '/datastream2/' , but I've tried various different values. Some documentation says to list the type (which I'm not sure where to find) and some docs say that this is no longer necessary on ElasticSearch 8+ .
Any ideas how I can get this data posted into ElasticSearch?
You just need to replace newdocname by _doc and it will work
curl -v -X POST http://66-228-66-111.ip.linodeusercontent.com:9200/datastream2/_doc
I am trying to create a contact point in grafana for pagerduty using grafana API.
Tried with the help of these URLS: AlertProvisioning HTTP_API
API call reference
YAML reference of data changed to JSON and tried this way, the YAML reference
But getting error as
{"message":"invalid object specification: type should not be an empty string","traceID":"00000000000000000000000000000000"}
My API code below, replaced with dummy integration key for security.
curl -X POST --insecure -H "Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -H "Content-Type: application/json" -d '{
"contactPoints": [
{
"orgId": 1,
"name": "test1",
"receivers": [
{
"uid": "test1",
"type": "pagerduty",
"settings": {
"integrationKey": "XXXXXXXXXXXXXXXX",
"severity": "critical",
"class": "ping failure",
"component": "Grafana",
"group": "app-stack",
"summary": "{{ `{{ template \"default.message\" . }}` }}"
}
}
]
}
]
},
"overwrite": false
}' http://XXXXXXXXXXXXXXXX.us-east-2.elb.amazonaws.com/api/v1/provisioning/contact-points
I would recommend to enable Grafana swagger UI. You will see POST /api/v1/provisioning/contact-points model there:
Example:
{
"disableResolveMessage": false,
"name": "webhook_1",
"settings": {},
"type": "webhook",
"uid": "my_external_reference"
}
I'm trying to get cluster info like pods through curl -k https://172.26.2.101:6443/api/v1/pods but i'm getting bellow forbidden error, however, I checked the admin rights and made sure it's in the "system:masters" group.
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" at the cluster scope",
"reason": "Forbidden",
"details": {
"kind": "pods"
},
"code": 403
Any idea ?!
Solved by capturing certs from the .kube/config file
client-key-data:
echo -n "LS0...Cg==" | base64 -d > admin.key
client-certificate-data:
echo -n "LS0...C==" | base64 -d > admin.crt
certificate-authority-data:
echo -n "LS0...g==" | base64 -d > ca.crt
Then, use
curl https://172.26.2.101:6443 \
--key admin.key \
--cert admin.crt
--cacert ca.crt
i have problem with the API of ICINGA2.
i'm trying to add new variables with the POST call ,
i'm getting the required result,
But ICINGA2 didn't add the new var.
According to documentation:
http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/icinga2-api
With the following API, i creates all our hosts in vienna :
curl -k -s -u root:icinga -H 'Accept: application/json' -X PUT 'https://localhost:5665/v1/objects/hosts/server.example.com' \
-d '{ "templates": [ "generic-host" ], "attrs": { "zone": "Vienna", "address": "180.33.1.123", "check_command": "hostalive", "vars.os" : "Linux", "vars.agent" : "ssh" } }' \
| python -m json.tool
While this part works as expected,
The problem is once host created, i need to add various vars for different servers.
for example
Adding of the variable: "vars.servicename" : "DHCP_Servers"
If i'm going back to the documentation, the below API that will need to be execute:
curl -k -s -u root:icinga -H 'Accept: application/json' -X POST 'https://localhost:5665/v1/objects/hosts/server.example.com' \
-d '{ "templates": [ "generic-host" ], "attrs": { "zone": "Vienna", "address": "180.33.1.123", "check_command": "hostalive", "vars.os" : "Linux", "vars.agent" : "ssh", "vars.servicename" : "DHCP_Servers" } }' \
| python -m json.tool
When i ran the API , as expected i'm getting back:
{
"results": [
{
"code": 200.0,
"name": "server.example.com",
"status": "Attributes updated.",
"type": "Host"
}
]
}
But there is no changes that taking place on ICINGA/ host file.
Obviously the same user as in my inbox and the forums (https://monitoring-portal.org/index.php?thread/37160-adding-vars-with-api/&postID=234885#post234885) lately. Leaving this as a note here as it might help others to see why it does not work. That feature is just not implemented as it involves storing the applied changes, do a rollback, and re-apply. Not as simple as it sounds.
https://dev.icinga.org/issues/11501
I want to configure my elasticsearch 0.19.11 to delete indexes every 60s. My elasticsearch config has these 3 lines:
node.name: "Saurajeet"
index.ttl.disable_purge: false
index.ttl.interval: 60s
indices.ttl.interval: 60s
And its not working
I have 2 default docs indexed. And would be expecting it to go after 60s
$ curl -XGET http://localhost:9200/twitter/_settings?pretty=true
{
"twitter" : {
"settings" : {
"index.version.created" : "191199",
"index.number_of_replicas" : "1",
"index.number_of_shards" : "5"
}
}
Also if i m trying to do the following it doesnot have any effect
$ curl -XPUT http://localhost:9200/twitter/_settings -d '
> { "twitter": {
> "settings" : {
> "index.ttl.interval": "60s"
> }
> }
> }
> '
{"ok":true}~/bin/elasticsearc
$ curl -XGET http://localhost:9200/twitter/_settings?pretty=true
{
"twitter" : {
"settings" : {
"index.version.created" : "191199",
"index.number_of_replicas" : "1",
"index.number_of_shards" : "5"
}
}
}
I have indexes 2 documents and its still showing up after 1hr
$ curl -XPUT 'http://localhost:9200/twitter/tweet/1' -d '
{
"user": "kimchy",
"postDate": "2009-11-15T13:12:00",
"message": "Trying out Elastic Search, so far so good?"
}'
$ curl -XPUT 'http://localhost:9200/twitter/tweet/2' -d '
{
"user": "kimchy",
"postDate": "2009-11-15T13:12:00",
"message": "Trying out Elastic Search, so far so good?"
}'
WHAT DID I DO WRONG
P.S. I want to deploy this config with logstash. So any other alternative can be suggested.
for scaling reasons i dont want this autopurge to be a script.
I believe the indices.ttl.interval setting is only to tweak the cleanup process timing.
You would need to set the _ttl field for the index/type in order to expire it. It looks like this:
{
"tweet" : {
"_ttl" : { "enabled" : true, "default" : "60s" }
}
}
http://www.elasticsearch.org/guide/reference/mapping/ttl-field/
Finally Figured out myself. Upgraded elasticsearch version to 1.2.0. You can put in TTLs from the Mapping API. -> Put Mapping -> TTL.
Enabling TTL on type level on an index
$ curl -XPOST http://localhost:9200/abc/a/_mapping -d '
{
"a": {
"_ttl": {
"enabled": true,
"default": "10000ms"
}
}
}'
$ curl -XPOST http://localhost:9200/abc/a/a1 -d '{"test": "true"}'
$ $ curl -XGET http://localhost:9200/abc/a/a1?pretty
{
"_index" : "abc",
"_type" : "a",
"_id" : "a1",
"_version" : 1,
"found" : true,
"_source":{"test": "true"}
}
$ # After 10s
$ curl -XGET http://localhost:9200/abc/a/a1?pretty
{
"_index" : "abc",
"_type" : "a",
"_id" : "a1",
"found" : false
}
Note:
Mapping applies to docs created after creation of mapping.
Also mapping was created for type a. So if you post to type b and
expect it expired on TTL, thats not gonna happen.
If you need to expire index, you can also create index level mappings during the create index to precreate indexes from your application logic.