Elasticsearch

View status of Elasticsearch

SearchBlox requires Elasticsearch version 6.6.2 which is installed along with SearchBlox 9.2.

To view the status of Elasticsearch indices, please go to the following link in your browser:

https://localhost:9200/_cat/indices
username: admin
password: admin

754

Elasticsearch Settings in SearchBlox

Elasticsearch endpoint URL, credentials and path of Elasticsearch installation are provided in <SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/searchblox.yml

searchblox.elasticsearch.url: https://localhost:9200/
searchblox.basic.username: admin
searchblox.basic.password: admin
es.home: C:\SearchBloxServer\elasticsearch

Elasticsearch Settings

Elasticsearch settings can be managed within Elasticsearch YAML file available at <SEARCHBLOX_INSTALLATION_PATH>/elasticsearch/config/elasticsearch.yml

Bind Elasticsearch using Network Host

To access elasticsearch using an IP address, you will need to bind your network IP address by making a change in the file: <SEARCHBLOX_INSTALLATION_PATH>/elasticsearch/config/elasticsearch.yml

      network.bind_host: 0.0.0.0

Change 0.0.0.0 to the required IP address.

Restart the server for the changes to take effect and access elasticsearch if the IP address and port 9200 is allowed.

Disable SSL in Elasticsearch

To disable SSL please make the changes given as follows: <SEARCHBLOX_INSTALLATION_PATH>/elasticsearch/config/elasticsearch.yml

    opendistro_security.disabled: true

After disabling SSL, it is required to update searchblox.elasticsearch.url in <SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/searchblox.yml

searchblox.elasticsearch.url: http://localhost:9200/
searchblox.basic.username: admin
searchblox.basic.password: admin
es.home: C:\SearchBloxServer\elasticsearch

Change Path in Elasticsearch

To update Elasticsearch path for the storage of index data, log files and backup repo, edit the file : <SEARCHBLOX_INSTALLATION_PATH>/elasticsearch/config/elasticsearch.yml

  path.data: C:\elasticsearch\data
  path.logs: D:\elasticsearch\logs
  path.repo: C:/SearchBloxServer/backup/data

Change Password for Elasticsearch

Steps for changing the password in Elasticsearch in Windows

  • Go to C:\SearchBloxServer\elasticsearch\plugins\opendistro_security\tools

  • Run the command hash

  • You will get a prompt for a password, enter the password

  • You will get the hash value for the password

664
  • Copy the hash value and provide it across hash value for admin user in C:\SearchBloxServer\elasticsearch\plugins\opendistro_security\securityconfig\internal_users.yml
721
  • Go to C:\SearchBloxServer\elasticsearch\plugins\opendistro_security\tools

  • Run the following command:

securityadmin -cd ../securityconfig/ -icl -nhnv -cacert C:\SearchBloxServer\elasticsearch\config\root-ca.pem -cert C:\SearchBloxServer\elasticsearch\config\kirk.pem -key C:\SearchBloxServer\elasticsearch\config\kirk-key.pem
  • After running the command your password for elasticsearch will be updated, it is not required to restart elasticsearch.
663
  • You can check by accessing https://localhost:9200 and using the new password for logging in.

  • After completing all the elasticsearch related steps mentioned above, update the password in C:\SearchBloxServer\webapps\searchblox\WEB-INF\searchblox.yml
    searchblox.basic.password: password@123

  • Restart SearchBlox for the changes to take effect.

Steps for changing the password in Elasticsearch in Linux

  • Go to /opt/elasticsearch/plugins/opendistro_security/tools

  • Run the command ./hash

  • You will get a prompt for a password, enter the password

  • You will get the hash value for the password

  • Copy the hash value and provide it across hash value for admin user in /opt/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml

  • Go to /opt/elasticsearch/plugins/opendistro_security/tools

  • Run the following command

./securityadmin -cd ../securityconfig/ -icl -nhnv -cacert C:\SearchBloxServer\elasticsearch\config\root-ca.pem -cert C:\SearchBloxServer\elasticsearch\config\kirk.pem -key C:\SearchBloxServer\elasticsearch\config\kirk-key.pem
  • After running the command, your password for elasticsearch will be updated; it is not required to restart elasticsearch.

  • You can access https://localhost:9200 and use the new password for logging in.

  • After completing all the elasticsearch related steps mentioned above, update the password in /opt/webapps/searchblox/WEB-INF/searchblox.yml
    searchblox.basic.password: password@123

  • Restart SearchBlox for the changes to take effect.

Status of Elasticsearch Indices

If you have trouble viewing the collections from the Admin Dashboard, please check the Elasticsearch indices. Check the status of the indices using the url:

https://localhost:9200/_cat/indices.
username: admin
password: admin

519
  • The first column represents the status.

  • The status of the indices can be green or yellow.

  • A red status means that the index has crashed. You will need to delete the specific index and restart SearchBlox.

RED or CLOSED Indices

  • If the index status is red or closed, you can restart Elasticsearch. If a restart does not recover the index and change the status to green or yellow please follow the below options.

  • A red status of index mostly refers to the crashed index. The only solution is to delete the index, restart Elasticsearch and reindex the collection from SearchBlox.

  • When the status of the index is closed, you can open the index from developer console in Kibana or using the curl command:

  • If your SearchBlox collection no is 1, that corresponds to is idx001 within Elasticsearch. If the index is closed then the following request can be sent from Kibana

        `POST idx001/_open`
    

Alternatively you can use the following curl command

        `curl -k -u admin:admin -XPOST 'https://localhost:9200/idx001/_open?pretty=true'`
  • If the index cannot be reopened, the only option is to delete the index, restart Elasticsearch and reindex the collection from SearchBlox.

        `DELETE idx001`
    

Alternatively you can use the following curl command

        `curl -k -u admin:admin -XDELETE 'https://localhost:9200/idx002?pretty=true'`

Please refer to the following sections using Kibana to work with Elasticsearch.

Delete Elasticsearch Index

You may need to delete the Elasticsearch index if you have the following problems:

  • You cannot access the index from the Admin Dashboard.

  • You cannot index or delete the collection.

  • Most importantly, if the status of the index is red or if it is not possible to open a closed index.

For example, if collection number 2 has crashed, that status will be shown next to idx002 in the Status of Indices.

Then you need to delete idx002 in Elasticsearch. You can also use Kibana that is available in SearchBlox to create visualizations and dashboards.

To delete an index directly, follow the steps:

  • To delete idx002 or any index that has turned red execute the following statement
    DELETE idx002
    You will get the following response once it is successfully completed:
    "acknowledged": "true"
  • Then, delete all the indices that you want to delete from Elasticsearch.
  • Restart Elasticsearch.

Using Kibana to access Elasticsearch

Kibana can be used to create visualizations with Elasticsearch data. Learn how to start and run Kibana

Start Kibana and access Dev Tools from the left menu.

  • To view the indices, use the following command:
    GET _cat/indices
1259
  • To delete an index, use the DELETE command:

DELETE idx001

934
  • If you want to clear index from elasticsearch that is delete all the data in an index say idx001 use the following command.
    Please note that all data in index 1 would be cleared out on using the above which cannot be retrieved again and the collection has to be reindexed.
POST idx009/_delete_by_query
{
    "query": {
    "match_all": {}
  }
}
  • If you want to close or open indices that is close or open index say idx008 please use the requests:
    closing index
    POST idx008/_close
    opening index
    POST idx008/_open
1002

📘

Additional Note:

Reference for SSL certificate for Elasticsearch:
https://aws.amazon.com/blogs/opensource/add-ssl-certificates-open-distro-for-elasticsearch/


What’s Next