Direct intervention to data in production environments is never recommended. Before any operation or change to be made in production environments, the relevant steps must be tested in the test environment and a current backup of the system must be taken.
Viewing and Deleting Indices Viewing Document Count curl -X GET "<ELASTICSEARCH_IP>:9200/<INDEX_KEY>/_doc/_count"
Viewing Indices with Where Condition curl -X GET "<ELASTICSEARCH_IP>:9200/*/_search?pretty=true&q=apn:XYS"
curl -X GET "<ELASTICSEARCH_IP>:9200/_search?pretty" -H 'Content-Type: application/json' -d ' { "query": { "bool": { "must": [ { "match": { "apn": "TEST GW" } }, { "range": { "@timestamp": { "gte": "now-7d/d", "lt": "now-5d/d" }}}]}}}'
curl -X GET "<ELASTICSEARCH_IP>:9200/_search?pretty" -H 'Content-Type: application/json' -d '{ "script_fields": { "content_type": { "script": { "lang": "painless", "source": "if (params._source == null || params._source.tch == null) return null; for (def h : params._source.tch) { if (h.k == 'Content-Type') return h; } return null;" } } } }'
Query Finding Records Where CID in Request and CID in Response Are Not the Same Using Script curl --location --request GET 'http://<ELASTICSEARCH_IP>:9200/_search' --data-raw '{ "query": { "bool": { "filter": [ { "script": { "script": { "lang": "painless", "source": "doc.containsKey('aci.keyword') != doc.containsKey('fbarh[1].keyword')" } } }, { "range":{ "@timestamp":{ "gte":"2025-11-28T16:30:32.000Z" } } } ] } } }'
List of Requests Coming Per Second in a Specific Time Range curl --location --request GET '<ELASTICSEARCH_IP>:9200/_search' --data-raw '{ "query":{ "bool":{ "filter":[ { "match":{ "apn":"Test GW" } }, { "range":{ "@timestamp":{ "gte":"2025-11-04T09:36:00.183Z", "lte":"2025-11-04T12:36:00.183Z" } } } ] } }, "aggs":{ "reqs_over_time":{ "date_histogram":{ "field": "@timestamp", "fixed_interval": "6s" } } } }'
Finding Specific Documents by Correlation ID curl -X GET "<ELASTICSEARCH_IP>:9200/_search?pretty" -H 'Content-Type: application/json' -d ' { "query": { "match": { "aci": "c3d8523e-e3ac-497b-ac7a-76853198c239" } } }'
Deleting by Index Name curl -X DELETE "<ELASTICSEARCH_IP>:9200/<INDEX_KEY>"
Deleting Indices Containing a Given Word curl -X DELETE "<ELASTICSEARCH_IP>:9200/*metric*"
Changing Elasticsearch Stack’s Read_Only Status For all indices:
curl -X PUT "<ELASTICSEARCH_IP>:9200/_all/_settings?wait_for_completion=false" -H "Content-Type: application/json" -d ' { "index.blocks.read_only_allow_delete": null, "index.blocks.write": null }'
For a single index only:
curl -X PUT "<ELASTICSEARCH_IP>:9200/<INDEX_KEY>/_settings?pretty" -H 'Content-Type: application/json' -d ' { "index.blocks.read_only_allow_delete": null, "index.blocks.write": null }'
Moving to New Index with Rollover curl -X POST "http://<ELASTICSEARCH_IP>:9200/apinizer-log-apiproxy-<INDEX_KEY>/_rollover"
Search Querying Documents in a Specific Index curl -X GET "<ELASTICSEARCH_IP>:9200/<INDEX_KEY>/_search?pretty=true&q=*:*"
Querying Documents in Index by Specific Criteria curl -X GET "<ELASTICSEARCH_IP>:9200/*/_search?pretty=true&q=apn:Petstore+API"
Querying Documents by Specific Time Range curl --location --request GET '<ELASTICSEARCH_IP>:9200/_search' --data-raw '{ "query":{ "bool":{ "must":[ { "match":{ "apn": "Test GW" } }, { "range":{ "@timestamp":{ "gte":"now-5M/M", "lte":"now/d" } } } ] } } }'
Aggregating Document Results by Specific Criteria curl --location --request GET 'http://<ELASTICSEARCH_IP>:9200/_search' --data-raw ' { "query":{ "bool":{ "filter":[ { "match": { "apn":"Test GW" } }, { "range":{ "@timestamp":{ "gte":"2025-12-28T15:08:00.000Z", "lte":"2025-12-30T15:08:00.000Z" } } } ] } }, "aggs": { "reqs_over_time":{ "date_histogram":{ "field":"@timestamp", "fixed_interval":"10s" } } } }'
Finding the Number of Requests Each Authorized User Sent to Each API Proxy in the Last 1 Day curl -X GET "<ELASTICSEARCH_IP>:9200/<INDEX_KEY>/_search?pretty" -H 'Content-Type: application/json' -d ' { "size": 0, "query": { "range": { "@timestamp": { "gte": "now/d", "lt": "now+1d/d" } } }, "aggs": { "by_uok": { "terms": { "field": "uok", "size": 1000 }, "aggs": { "by_apn": { "terms": { "field": "apn", "size": 1000, "missing": "ThoseNotGoingToASpecificApiProxy" } } } } } } '
Update Updating Document curl -X PUT "<ELASTICSEARCH_IP>:9200/<INDEX_KEY>/doc/1?pretty" -H 'Content-Type: application/json' -d ' { "name": "John Doe" }'
Deleting a Specific Element from Specified Fields curl -X POST "<ELASTICSEARCH_IP>:9200/_update_by_query?pretty" -H 'Content-Type: application/json' -d ' { "script": { "source": "ctx._source.headerRequestFromClient.remove(' \' 'header-name-1' \' '); ctx._source.headerRequestToTarget.remove(' \' 'header-name-2' \' ');" }, "query": { "match_all": {} } }'
Deleting Specific Values by Criteria curl -X POST "<ELASTICSEARCH_IP>:9200/*/_update_by_query?pretty&conflicts=proceed&requests_per_second=200" -H 'Content-Type: application/json' -d ' { "query": { "bool" : { "filter": { "exists": { "field": "headerRequestFromClient.user_username" } }, "must_not" : { "term": { "headerRequestFromClient.user_password": "" } } } }, "script": "ctx._source.headerRequestFromClient.remove(\"user_password\");" } '
Execution Reject error will be prevented by the value of the requests_per_second key.Bulk Operation Size is 1000 by default. The wait time between two requests is set by giving 5 (=1000/200).
curl -X POST "http://<ELASTICSEARCH_IP>:9200/*/_update_by_query?conflicts=proceed&wait_for_completion=true" -H 'Content-Type: application/json' -d ' { "script": { "inline": "ctx._source.remove(' \' 'apmi' \' '); ctx._source.remove(' \' 'tba' \' '); ctx._source.remove(' \' 'tcb' \' '); ctx._source.remove(' \' 'fbarb' \' '); ctx._source.remove(' \' 'tbah' \' '); ctx._source.remove(' \' 'fbarh' \' '); ctx._source.remove(' \' 'tch' \' ');", "lang": "painless" }, "query": { "bool": { "must": [ { "range": { "@timestamp": { "gte": "2019-02-01T20:03:12.963", "lte": "2019-04-30T20:03:12.963" } } } ], "adjust_pure_negative": true, "boost": 1 } } }'
Deleting Response Body Fields from Logs Belonging to a Specific REST Endpoint This endpoint must be defined within an API proxy of openapi or no-spec type. If the same endpoint exists in multiple services, the API proxy name should also be added to the query.
curl --location --request POST 'http://<ELASTICSEARCH_IP>:9200/<INDEX_KEY>/_update_by_query?pretty' --header 'Content-Type:application/json' --data-raw '{ "script": { "source": "ctx._source.remove(' \' 'tcb' \' ');ctx._source.remove(' \' 'fbarb' \' ')", "lang": "painless" }, "query": { "term": { "apmn": "/anApiProxyEndpoint" } } }'
Deleting Some Body Fields from Logs Up to a Specific Date curl -X POST "<ELASTICSEARCH_IP>:9200/.ds-apinizer-log-apiproxy-<LOG_KEY>-000*/_update_by_query?pretty" -H 'Content-Type: application/json' -d ' { "query": { "bool": { "filter": [ { "range": { "@timestamp": { "lte": "2024-04-20T00:00:00.000Z" } } } ] } }, "script": { "source": "ctx._source.remove(\"tba\"); ctx._source.remove(\"fbarb\"); ctx._source.remove(\"tcb\")" } }'
If you want to update by API Proxy id value instead of date, you can add the filter "match": { "api": "64ac03067e8f7400cf4adbdd" } instead of the part "range": { "@timestamp": { "lte": "2024-04-20T00:00:00.000Z" } }.
Setting Replica Count With template:
curl -X PUT "<ELASTICSEARCH_IP>:9200/_template/template_genel?pretty" -H 'Content-Type: application/json' -d ' { "index_patterns": ["apinizer-log-*", "apinizer-metric-*", "mongo-db-*"], "data_stream": { }, "template": { "settings": { "index": { "number_of_shards": 1, "number_of_replicas": 0 } } }, "priority": 501 }'
For all indices:
curl -X PUT "<ELASTICSEARCH_IP>:9200/*/_settings" -H 'Content-Type: application/json' -d ' { "index": { "number_of_replicas": 0 } }'
Shard Allocation curl -X PUT "<ELASTICSEARCH_IP>:9200/_cluster/settings" -H 'Content-Type: application/json' -d ' { "transient": { "cluster.routing.allocation.enable": "all" } }'
Increasing Shard Limit curl -X PUT "http://<ELASTICSEARCH_IP>:9200/_cluster/settings" -H 'Content-Type: application/json' -d ' { "persistent": { "cluster.routing.allocation.total_shards_per_node": 2000, "cluster.max_shards_per_node": 2000 } }'
Changing Log Level curl -X PUT "<ELASTICSEARCH_IP>:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{"transient":{"logger._root":"DEBUG"}}' curl -X PUT "<ELASTICSEARCH_IP>:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{"transient":{"logger._root":"INFO"}}'
ShowLog Settings curl -X PUT "<ELASTICSEARCH_IP>:9200/*log*/_settings?pretty" -H 'Content-Type: application/json' -d ' { "index.search.slowlog.threshold.fetch.trace": "200ms", "index.search.slowlog.threshold.query.trace": "200ms" }'
Elasticsearch Shard and Replication Management
Enabling Shard Allocation
curl -X PUT "<ELASTICSEARCH_IP>:9200/_cluster/settings" -d '{ "transient": { "cluster.routing.allocation.enable": "all" } }' --header 'Content-Type:application/json'
curl -X POST "<ELASTICSEARCH_IP>:9200/_cluster/reroute?retry_failed" --header 'Content-Type:application/json'
Querying Cluster Allocation Explanation
curl -X GET "<ELASTICSEARCH_IP>:9200/_cluster/allocation/explain?pretty"
Updating Index Replication Settings
curl -X PUT "<ELASTICSEARCH_IP>:9200/_settings" -d '{ "index": { "number_of_replicas": 0 } }' --header 'Content-Type:application/json'
Other
curl -X GET "<ELASTICSEARCH_IP>:9200/_cat/indices/*?v&s=index&pretty" curl -X GET "<ELASTICSEARCH_IP>:9200/_cat/thread_pool?v&h=id,node_name,ip,name,core,queue,rejected,completed,max"
curl -X GET "<ELASTICSEARCH_IP>:9200/_nodes/os?pretty" curl -X GET "<ELASTICSEARCH_IP>:9200/_nodes/jvm?pretty" curl -X GET "<ELASTICSEARCH_IP>:9200/_nodes/thread_pool?pretty" curl -X GET "<ELASTICSEARCH_IP>:9200/_nodes/stats/process?filter_path=**.max_file_descriptors"
curl -X GET "<ELASTICSEARCH_IP>:9200/_cluster/stats?pretty" curl -X GET "<ELASTICSEARCH_IP>:9200/_cluster/state?pretty=true" > result.json
curl -X POST "<ELASTICSEARCH_IP>:9200/*log*/_flush/synced?pretty"
curl -X PUT "http://<ELASTICSEARCH_IP>:9200/*log*/_settings" -H 'Content-Type: application/json' -d '{"index": {"blocks": {"read_only_allow_delete": null}}}'
General Information About Snapshot
Repository and Snapshot Details
curl 'http://<ELASTICSEARCH_IP>:9200/_slm/policy/apinizer-slm-policy-<INDEX_KEY>?pretty'
curl -X GET "http://<ELASTICSEARCH_IP>:9200/_snapshot/apinizer-repository-<INDEX_KEY>/apinizer-snapshot-<INDEX_KEY>-2023.03.13-m33h8zcpq_if4swyzn0wrq?pretty" curl -X GET "http://<ELASTICSEARCH_IP>:9200/_snapshot/apinizer-repository-<INDEX_KEY>/apinizer-snapshot-<INDEX_KEY>-2023.03.13-m33h8zcpq_if4swyzn0wrq/_status?pretty"
Deleting Snapshot Settings
curl -X DELETE 'http://<ELASTICSEARCH_IP>:9200/_snapshot/apinizer-repository-<INDEX_KEY>?pretty'
