Develop Reference

How to get the description of a Kibana index pattern via command line?

To get the structure of an Elasticsearch index via CLI, we can do:
curl -u myuser:p4ssw0rd -XGET "https://myeshost:9200/myindexname"
Is there a way to get the structure (or other information) about a Kibana index pattern, or get the list of all Kibana index patterns that have been created? I haven't found information about this on the documentation.

There is a way to retrieve all Kibana index-patterns using the command below:
GET .kibana/_search?size=100&q=type:"index-pattern"
Note: if you have more than 100 index-patterns, you might want to increase the size.

Using the functions _stats or _settings:
curl -u myuser:p4ssw0rd -XGET "https://myeshost:9200/myindexname/_stats"
curl -u myuser:p4ssw0rd -XGET "https://myeshost:9200/myindexname/_settings"
Reference:
https://www.elastic.co/guide/en/elasticsearch/reference/6.3/indices-stats.html
https://www.elastic.co/guide/en/elasticsearch/reference/6.3/indices-get-settings.html

How to get the list of indices created in Kibana?

I was able to retrieve the indices from Elasticsearch and register the corresponding index pattern in Kibana programmatically in Java. Now I would like to get the list of the index patterns already created in Kibana so that I could cross check it against the index list from Elasticsearch so as to not create them again in Kibana.
Is there an API to fetch the index pattern list from Kibana?
--
API for getting the list of indices from Elasticsearch:
http://{hostname}:{port}/_aliases
API for creating an index pattern in Kibana:
http://{hostname}:{port}/{kibana instance Id}/index-pattern/{index pattern title}

Use the next query:
GET /.kibana/index-pattern/_search

This query works (from kibana dev console):
GET .kibana/_search?size=10000
{
"_source": ["index-pattern.title"],
"query": {
"term": {
"type": "index-pattern"
}
}
}

Works for kibana 7.x:
Get all index patterns
curl -s 'http://192.168.100.100:5601/api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern'
# Use jq to get the index-pattern name:
curl -s 'http://192.168.100.100:5601/api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern' | jq '.saved_objects[].attributes.title'
"service01"
"service02"
"service03"
DELETE specific index pattern
curl -XDELETE -H 'kbn-xsrf: ""' 'http://192.168.100.100:5601/api/saved_objects/index-pattern/970070d0-f252-11ea-b492-31ec85db4535'
-H 'kbn-xsrf: ""' must be set or the API will complain {"statusCode":400,"error":"Bad Request","message":"Request must contain a kbn-xsrf header."}
use jq -r to get the value without qoute.

I'm afraid it still isn't available at the moment, where you could use an api to expose all the indexes which are being created in Kibana.
But keep in mind that you'll be able to create an index in Kibana, only if you've already created the indice in ES. So maybe you could consider checking your ES indices whether you've already got an existing one, if not create the index. Where you can make sure that, if the index isn't existing in your indices list, which means that there's no way that you would've went on and created an index in Kibana.

You can list them from the API:
GET _cat/indices/.marvel*
GET _cat/indices/.kibana

I looked at the Kibana (version 5.5) console and could get the same by doing this query
curl -X POST -H 'Content-Type: application/json' \
-d '{"query":{"match_all":{}},"size":10000}' \
http://$ES_HOST/.kibana/index-pattern/_search/\?stored_fields\=""
Please note that making a GET request to the above url as below will also return the fields, but they are limited to 10.
curl http://$ES_HOST/.kibana/index-pattern/_search/\?stored_fields\=""

not able to index a document using elastic search

This is the first time I am trying to use Elastic Search. I am unable to feed data to it.
here is the command (Having issues with this command):
curl -XPUT localhost:9200/customer/external/1?pretty -d {"name":"John"}
But if I give the same command as below,its working:
curl -XPUT localhost:9200/customer/external/1?pretty -d {"name":true}
Any suggestions will be very helpful.

Why does this ElasticSearch scan and scroll returns IndexMissingException

I run the following:
curl -XGET 'http://my_address/my_index/_search?scroll=1m&size=10&search_type=scan' -d '{'query':{'match_all':{}}}'
It returns a scroll id (very long), and I then use in the first scroll request:
curl -XGET 'http://my_address/my_index/_search/scroll?scroll=1m' -d '<scroll_id>'
It returns an error: {"error":"IndexMissingException[[my_index] missing]","status":404}
I do not know why having this error. I follow the guideline in https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-scroll.html step by step.
What is going on?

Because your second request (i.e. using the scroll_id) should not take any index and read like this instead:
curl -XGET 'http://my_address/_search/scroll?scroll=1m' -d '<scroll_id>'

Deleting all documents of a type and keeping the type

I am trying to delete all indices of one type. Tried to execute this :
curl -XDELETE 'http://localhost:9200/myindex/mytype/_query' -d '{"query": {"match_all": {}}}'
But this doesn't delete anything. The following query shows that my index is still there.
curl -XGET 'http://localhost:9200/myindex/mytype/_search' | json -i
What am I doing wrong?

to delete the whole type you call DELETE on it
curl -XDELETE localhost:9200/myindex/mytype
this deletes the type mytype in the index myindex.
be aware, that this deletes also any mappings etc with the type. but i would consider this a more resource-friendly way (but can not proove it)

Nevermind. I found this answer myself from this question Delete records from Elasticsearch by query
The body to send with the request is just the query. So basically the right request is :
curl -XDELETE 'http://localhost:9200/myindex/mytype/_query' -d '{"match_all": {}}'