Indexing API's

Question 1

What is the use case for pipelines?

Answer 1

It’s a saved script that can be stored and reused in different API calls.

Question 2

How do you create a pipeline?

Answer 2

PUT _ingest/pipeline/< pipeline name >
{
   description: ".....",
   processors: [
   ]
}

Question 3

What are some processors available?

Answer 3

TODO: Check on elastic website and make a list of important ones.

• remove { field: “….” },
• set { field: “_source.< field > “, value: { “{{ _source…..}}” } # mustache notation
• convert { field: …, type: …. } # type cast
• script { ….. } # more generic processor

Question 4

What’s the gotcha between using scripts in the ingest pipeline and outside of it?

Answer 4

Ingest pipeline script uses “ctx.< field >” while outside you need to use “ctd._source.< field >”.

TODO: is this still the case in latest version?

Question 5

What’s the requirement to use a pipeline?

Answer 5

You need to have an ingest node type running.

Question 6

What are the use cases for the re-index API?

Answer 6

• Copy data across clusters

- Re-process and modify data into a new index

Question 7

What’s the API structure for the re-index API?

Answer 7

POST _reindex
{
   "source": { index: ... }.
   "dest": { index: < new index > },
   "script": { .... }
}

Question 8

How do you enable remote re-index across nodes?

Answer 8

Whitelist the SRC on the DEST config file:

reindex. remote.whitelist: “< ip >:< port >, ….” (comma separated list)”
reindex. ssl.verification_mode: certificate
reindex. ssl.truststore.type: PKCS12
reindex. ssl.keystore.type: PKCS12
reindex. ssl.truststore.path: certs/node-1
reindex. ssl.keystore.path: certs/node-1

$ bin/elasticsearch-keystore add reindex.ssl.truststore.secure_password

$ bin/elasticsearch-keystore add reindex.ssl.keystore.secure_password

Question 9

How do you do remote re-index (across clusters)?

Answer 9

POST _reindex
{
    source: {
        remote: {
            host: "https:///< ip >:< port >",
            username: < user >,
           password: < password >
      }
      index: ....,
   }
   "dest": {
     index: ....
   }
}

Question 10

How to re-index only a subset of the data?

Answer 10

Add a query section to the source section.

POST _reindex
{
source {
    query: { .... }
}
}

Question 11

How do you mutate the data while copying it?

Answer 11

Add a “script” section:

POST _reindex
{

source: { … },
dest: { … },
script: { …. }
}

Question 12

What’s the update by query api structure?

Answer 12

POST < index name >/_update_by_query
{
   script: { .... },
   query: { ... } 
}

Question 13

In what instances would you want to simply increment the version of all the objects in an index?

Answer 13

TODO: this was mentioned in the video, but why?

Question 14

How do you add multi line scripts?

Answer 14

You can use triple quotes in the script (“””) to have multi line scripts from kibana.
This doesn’t seem to be a standard JSON feature. (TODO: confirm)

Question 15

How would you increase a value by X percent with the _update by query api?

Answer 15

script: {
lang: “painless”,
source: “””
ctx. _source.field += ctx._source.balance * X

 if (ctx._source.transactions == null) {
 }
""" }

TODO: move this to a painless deck of cards.
TODO: what about concurrent updates?

Question 16

How do you use reindex and update by query with a pipeline?

Answer 16

_update_by_query:

Add the “?pipeline=< pipeline >” param

re-index:

{

dest: {
pipeline: “< pipeline >”

Question 17

What are the use cases for dynamic templates?

Answer 17

• Allows you to specify how new fields are to be mapped into an index.
• Create patterns so you don’t need to specifiy every new field. For example: “text” is mapped as text, “is” is mapped as boolean, etc. This allow you to use convention instead of explicitly specifying everything.

Question 18

How do you create a dynamic template mapping?

Answer 18

• Set it to the index:

PUT < index name >
{
“mappings”: {
“dynamic_templates”: [
“< template name > “: {
“match_mapping_type”: “< type to match >”,
“match”: “< filter on field name >”,
“unmatch”: “ < filter on what NOT to match >”,
“mapping”: {
… < mapping definition > …
“type”: “…. type … “
}
}
]
}
}

Question 19

How to filter on field names on dynamic template mappings?

Answer 19

Use the “match” or “unmatch” fields with a wildcard.

Question 20

What are the use cases for index templates?

Answer 20

• Time series data: as we routinely create new indexes to store data like log for example. We might create a new index every day so we want that index to follow a template.

Question 21

How do you create an index pattern / template?

Answer 21

PUT _templates/< template name >
{
  "aliases": ....,
  "mappings:": ....,
  "settings": ....,
  "index_patterns": ["< wildcard > "] 
}

Question 22

Explain how does index template works

Answer 22

• Whenever a new index is created, it is matched against the index pattern of the templates
• If it matches, the index is created using that template.

Question 23

What are some use cases for aliases?

Answer 23

• Create a filter that return only a subset of the data (like a saved query).
• Aggregate data (same alias, multiple indexes). TODO: test this and learn more about it.

Question 24

How do you create an alias?

Answer 24

POST _aliases
{
 "actions": [
   {
      "add": {
         "index": "< index name >",
         "alias": "< alias name >"
     }
   }
]
}

Question 25

How to access an alias?

Answer 25

It behaves the same way as a regular index.

Question 26

How to remove an alias?

Answer 26

``` POST _aliases { "actions": [ { "remove": { "index": "< index name >", "alias": "< alias name >" } } ] } ```

Question 27

How do you create a filtered alias?

Answer 27

``` POST _aliases POST _aliases { "actions": [ { "add": { "index": "< index name >", "alias": "< alias name >", "filter": { .... < filter definition > .... } } } ] } ```

Question 28

What are the 3 main components of indexes?

Answer 28

- Aliases - Mappings - Settings

Question 29

How do you list indexes?

Answer 29

GET _cat/indices?v

Question 30

What happens to fields (mappings) you don't define when you post new data?

Answer 30

The mappings are auto filled. TODO: Can this be disabled? How to control this?

Question 31

How do you create an index?

Answer 31

``` # empty index PUT ``` ``` # with options PUT { } ```

Question 32

Explain dynamic vs explicity mapping

Answer 32

TODO

Question 33

Where do the default settings for an index come from?

Answer 33

TODO

Question 34

How to index an object?

Answer 34

``` # auto generated id PUT /_doc ``` ``` # With a given id PUT /_doc/ ```

Question 35

How to fetch an object?

Answer 35

With metadata GET /_doc/ Without metadata (source only) GET /_source/

Question 36

How ids are auto generated for elastic objects?

Answer 36

A UUID is generated.

Question 37

What are the 2 types of updates you can perform to an object?

Answer 37

- Doc Update ``` POST /_update/ { "doc": { "lastname": "new last name" } } ``` ``` - Script update { "script": { "lang": "painless", "source": "ctx._source.remove('field')" } } ```

Question 38

What scripting languages are supported by elastic?

Answer 38

- painless TODO

Question 39

How to remove fields from an object?

Answer 39

Use the update api with a script. For example: ctx._source.remove('fieldname')

Question 40

How do you delete an object from the index?

Answer 40

DELETE [INDEX-NAME]/_doc/[ID]

Question 41

What's the file format for bulk indexing?

Answer 41

NDJSON (newline delimited json) (http://ndjson.org/) first line: metadata { "index": { "_id": "...." } } Second line: source {"field": ...., "field2": ....} and so on

Question 42

How to bulk index object?

Answer 42

curl -u -k -H 'Content-Type: application/x-ndjson' -X POST 'https://localhost:9200/[index-name]/_bulk?pretty' --data-binary @file.json > output.json

Question 43

What formats does the bulk api support?

Answer 43

- ndjson | - Apparently that's the only one (https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html)