defaults for docker

sysctl -w vm.max_map_count=262144
docker run elasticsearch:5.0.1

kubernetes

volumeMounts:
- mountPath: /usr/share/elasticsearch/data
    name: data

cat indices

127.0.0.1:31128/_cat/indices

drain nodes

curl -XPUT ${master}:9200/_cluster/settings -d '{
    "transient" :{
            "cluster.routing.allocation.exclude._ip" : "172.31.14.194,172.31.7.158,172.31.5.167,172.31.7.157"
     }
}';echo

queries

time range

    {
        "query": {
            "range": {
                "time": {
                    "gte": "now-1h"
                }
            }
        }
    }

bool

{
    "bool" {
        "must": {
            <query>,
            <query>,
            ...
        }
    }
}

terms

{
        "terms": {
            "account_id": [
                "710",
                "1",
                "10"
            ]
        }
}

select fields

https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-source-filtering.html

examples: are false, "obj.*", ["obj1.*", "obj2.*:]

{
    "_source": "obj.*"
}

sort

{
    "sort": {
        "title": {
            "order": "desc"
        }
    }
}