Develop Reference

Elasticsearch 7.7 how to read several documents, not fetch all the documents

I am using ElasticSearch 7.7 in CentOS 8 box. I could creat index, type by REST format by command curl. For example, I could use
curl -X PUT "localhost:9200/testindex2"
curl -H "Content-Type: application/json" -XPOST "http://localhost:9200/testindex2/man/1/" -d '{ "name" : "shiny2", "age": 28}'
curl -XGET "localhost:9200/testindex2/man/1/"
curl -XGET "localhost:9200/testindex2/man/_search?pretty"
But if I have inserted many documents, how could I do query by REST command line using command curl to find particular age = 28's documents?

curl -XGET "localhost:9200/testindex2/_search?pretty&q=age:28"
that is the simplest way to query.
more option and documentation:
https://www.elastic.co/guide/en/elasticsearch/reference/7.8/search-search.html
also you can use Match or Term query with JSON body format.
curl -XGET 'localhost:9200/testindex2/_search?pretty' -d '
{
"query": {
"term": {
"age": {
"value": "28"
}
}
}
}'
more documentation:
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-term-query.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-match-query.html

Return Elasticsearch slowlogs settings to default

I want to be able to set the slowlogs time to 0 for a period, then reset the setting back to the default.
I use
curl -X PUT -H "Content-Type: application/json" -d '{"index.search.slowlog.threshold.query.warn": "0s"}' "<ADDRESS>:9200/index/_settings"
to activate slowlogs. which adds
"search": {
"slowlog": {
"threshold": {
"query": {
"warn": "0s"
}
}
}
}
to the settings. I can do
curl -X PUT -H "Content-Type: application/json" -d '{"index.search.slowlog.threshold.query.warn": "-1"}' "<ADDRESS>:9200/index/_settings"
to deactivate slowlogs, but that leaves the new settings block in place where I want the settings to return to what they were before my meddling.
Is there a way to return the settings to default? (Ideally removing the whole new block so the settings are exactly as they were before.)

You can reset to default by passing null as the value of a setting.
curl -X PUT -H "Content-Type: application/json" \
-d '{"index.search.slowlog.threshold.query.warn": null}' \
"<ADDRESS>:9200/index/_settings"
Elasticsearch documentation for updating index settings via API
https://www.elastic.co/guide/en/elasticsearch/reference/7.12/indices-update-settings.html#reset-index-setting

What you want is not possible, Instead of that you can have a look at https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-slowlog.html and see what are the default values of slow log settings and then when you want to revert these, just update the log setting with the default values.

Cannot turn Elasticsearch dynamic mapping on

I disabled dynamic mapping with
curl -XPUT 'localhost:9200/_template/template_all?pretty' -H 'Content-Type: application/json' -d' { "template": "*", "order":0, "settings": { "index.mapper.dynamic": false }}'
I wanted to turn it back on with
curl -XPUT 'localhost:9200/_template/template_all?pretty' -H 'Content-Type: application/json' -d' { "template": "*", "order":0, "settings": { "index.mapper.dynamic": true }}'
It has confirmed it as true, but when I try to have logstash send information to it, in logstash error logs I get back-
"reason"=>"trying to auto create mapping, but dynamic mapping is disabled"
How do I actually turn dynamic mapping back on?

Looks like index for logstash was created with old template (before you update template). Because when you update you template only new indexes will have updated mapping and settings.
Check is index exists:
curl -XGET 'localhost:9200/LOGSTASH_INDEX_NAME_HERE'
If index exists and you can delete this index - do it. After this when logstash will try to send something - index will be created with the new mapping.

error while running the elasticsearch-reindexer from command prompt

elasticsearch-reindex -f http://localhost:9200/artist -t http://localhost:9200/painter
Getting error as:
TypeError: Invalid hosts config. Expected a URL, an array of urls, a host config object, or an array of host config objects.
worker exited with error code: 1
Reindexing completed sucessfully.

Do you really need a plugin to do that?
curl -XPOST 'localhost:9200/_reindex?pretty' -H 'Content-Type: application/json' -d'
{
"source": {
"index": "artist"
},
"dest": {
"index": "painter"
}
}
'
This should work just fine. More options and info here.

Okta application just redirect to a url

One of our requirements Is provision an app to an Okta user so he can click the app box and just redirect to an url with some query string parameters, no login required, is this possible using Okta?

You can add a Bookmark Application using the Apps API:
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
"name": "bookmark",
"label": "Custom Bookmark App",
"signOnMode": "BOOKMARK",
"settings": {
"app": {
"requestIntegration": false,
"url": "https://example.com/bookmark.htm?your=query&params=stuff"
}
}
}' "https://${org}.okta.com/api/v1/apps"
Then assign that app to a user:
curl -v -X PUT \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{}' "https://${org}.okta.com/api/v1/apps/:appId/users/:userId"

To add on to kevlened's accepted answer, you can add a bookmark app through the Admin UI by going to Applications >> Applications >> Add Application >> search for "bookmark" from the application templates and you'll get the option to add a Bookmark App. This works in Version 2018.07 and perhaps earlier.