Date math support in index names
Limiting the number of indices that are searched reduces the load on the cluster and improves execution performance.
form:
<static_name{date_math_expr{date_format|time_zone}}>
例如:
GET /<logstash-{now/d-2d}>,<logstash-{now/d-1d}>,<logstash-{now/d}>/_search
實際呼叫特殊字元要encode:GET /%3Clogstash-%7Bnow%2Fd-2d%7D%3E%2C%3Clogstash-%7Bnow%2Fd-1d%7D%3E%2C%3Clogstash-%7Bnow%2Fd%7D%3E/_search
報文體省略
Common options
- appending
?pretty=trueto any request made, the JSON returned will be pretty formatted (use it for debugging only!). - “size_in_bytes”: 1024 轉化為 “size_in_bytes”: “1kb” by adding
?human=trueto the query string. - Response Filtering
GET /_cluster/state?filter_path=metadata.indices.*.stat*
Responds:
{
"metadata" : {
"indices" : {
"twitter": {"state": "open"}
}
}
}
the ** wildcard can be used to include fields without knowing the exact path of the field.
exclude one or more fields by prefixing the filter with the char -:
GET /_count?filter_path=-_shards
both inclusive and exclusive filters can be combined in the same expression.
raw value of a field, like the _source field.
# 只獲取hits.hits._source欄位且_source中title欄位,按_source中rating欄位降序排序
GET /_search?filter_path=hits.hits._source&_source=title&sort=rating:desc
- Enabling stack traces: url append
error_trace=true
URL-based access control
elasticsearch.yml file:
rest.action.multi.allow_explicit_index: false
Elasticsearch will reject requests that have an explicit index specified in the request body.