DX O2 ElasticSearch Queries

search cancel

DX O2 ElasticSearch Queries

book

Article ID: 207215

calendar_today

Updated On:

Products

DX Operational Observability

Issue/Introduction

The following is a high list of queries to employ when troubleshooting performance, display and configuration issues related to ElasticSearch

Environment

DX O2

IMPORTANT: ** This KB is valid for DX On Premise version only, if you are using DX SaaS, contact Broadcom Support for assistance **

Resolution

OPTION 1: How to query ElasticSearch from dx o2 pods
OPTION 2: How to query ElasticSearch from a Client Browser

OPTION 1: How to query ElasticSearch from dx o2 pods

By default, the Jarvis APIS and Elastic routes/ingress endpoints are only available inside the kubernetes or openshift cluster. Follow the below steps to query Elastic data:

STEP 1: Connect to an Elasticsearch or kafka pod:

kubectl exec -ti <dxi-pod-name> sh -n<dxi-namepsace>

STEP 2: Use the correct elastic endpoint for your queries:

elasticsearch-master or localhost

STEP 3: Query ES using CURL command:

Syntax:

curl -XGET 'http://<ES_ENDPOINT>:9200/<ES_QUERY>'

Where <ES_ENDPOINT> is your Elastic endpoint

Example how to query for ES health in 23.2+:

curl -XGET 'http://elasticsearch-master:9200/_cluster/health?pretty&human'

Below is a summary table list of some common ES queries:

	DESCRIPTION	QUERY
Elastic Health
	Check Elastic Status (make sure status" : "green")	curl -XGET 'http://<ES_ENDPOINT>:9200/_cluster/health?pretty&human'
	Check disk space usage	curl -XGET 'http://<ES_ENDPOINT>:9200/_nodes/stats/fs?pretty'
	Node stats	curl -XGET 'http://<ES_ENDPOINT>:9200/_nodes/stats/indices?pretty'
	ES health (check status is in green)	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/health?v'
	Displays nodes in cluster (check memory, cpu, load)	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/nodes?v'
	Check for possible errors during allocation, to get explanation on cluster issues	curl -XGET 'http://<ES_ENDPOINT>:9200/_cluster/allocation/explain?pretty'
	reason for unassigned shards	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/shards?h=index,shard,prirep,state,unassigned.reason,unassigned.details&v'
	To look for bulk rejection	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/thread_pool?v'
	Identify backup folder	curl -XGET 'http://<ES_ENDPOINT>:9200/_snapshot/_all?pretty'
	Shards details	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/shards?v'
	Check disk space usage from Elastic servers
	- option 1: go to each elastic server	cd <ES-home>/nodes/0/indices
	- option 2: go inside of the elastic pod(s)	/var/data/elasticsearch/nodes/0/indices
	- execute:	du -m --max-depth 1 \| sort -rn \| more

Delete Incides		IMPORTANT : - Contact Broadcom Support for assistance - see how to reduce elastic disk usage
	To delete indices	curl -X DELETE http://<ES_ENDPOINT>:9200/<index-name>

Query Indices
	List all indices	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices?v'
	List indices by size:	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices/?v&s=ss:desc&h=health,store.size,pri.store.size,pri,rep,store.size,pri.store.size,docs.count,docs.deleted,index,cds'
	List indices by creation date	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices/?v&s=cds:desc&h=health,store.size,pri.store.size,pri,rep,store.size,pri.store.size,docs.count,docs.deleted,index,cds'
	Memory usage of indices	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices?v&h=i,tm&s=tm:desc'
	to get settings of index	curl -XGET 'http://<ES_ENDPOINT>:9200/<index-name>/_settings'
	check Mapping	curl -XGET 'http://<ES_ENDPOINT>:9200/_all/_mapping?pretty'
	metadata for given index	curl -XGET 'http://<ES_ENDPOINT>:9200/_cluster/state/metadata/<indexname>?pretty'

Tenants
	List tenant details	curl -XGET 'http://<ES_ENDPOINT>:9200/ao_dxi_tenants_1_1/_search?size=200&pretty'
	List tenant details (legacy)	curl -XGET 'http://<ES_ENDPOINT>:9200/ao_tenants_1_1/_search?size=200&pretty'

Jarvis Metadata
	Query jarvis_metadata	curl -XGET 'http://<ES_ENDPOINT>:9200/jarvis_metadata/_search?pretty'&q=md_type:"product_info"'

Alarms_all
	List past 200 alarms	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_all/_search?pretty'&sort=@timestamp:desc&size=200'
	Query for a specific Alarm id in "alarms_all* indices	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_all/_search?pretty'&q=alarm_unique_id:<ALARM-ID>'
	Query for specific alarm type	curl -XGET 'http://<ES_ENDPOINT>:9200/ao_itoa_alarms_all_1_1*/serch?pretty'&q=alarmType:Prediction'
	Alarm details from alarms_all index for spectrum alarms	curl -XGET 'http://<ES_ENDPOINT>:9200/ao_itoa_alarms_all*/_search?q=alarm_unique_id:"spectrumAlarmId"&pretty'
UIM indices
	List all uim indices	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices/uim?v'
	List uim ci inventory	curl -XGET 'http://<ES_ENDPOINT>:9200/inventory_uim_ci/_search?sort=@timestamp:desc&size=200&pretty'
	List uim device inventory	curl -XGET 'http://<ES_ENDPOINT>:9200/inventory_uim_device/_search?sort=@timestamp:desc&size=200&pretty'
	List uim alarms	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_uim/_search?sort=@timestamp:desc&size=200&pretty'
	Query for a specific Alarm id in alarms_uim incides	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_uim/_search?pretty'&q=nimid:<ALARM-ID>'

Spectrum indices
	List all spectrum indices	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices/spectrum?v'
	List spectrum alarms	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_spectrum/_search?sort=@timestamp:desc&size=200&pretty'
	List spectrum inventory	curl -XGET 'http://<ES_ENDPOINT>:9200/inventory_spectrum/_search?sort=@timestamp:desc&size=200&pretty'
	Alarm details from alarms_spectrum index	curl -XGET 'http://<ES_ENDPOINT>:9200/ao_itoa_alarms_spectrum*/_search?q=globalAlarmID:"spectrumAlarmId"&pretty'
NetOps / capm indices
	List all capm incides	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices/capm?v'
	List capm events	curl -XGET 'http://<ES_ENDPOINT>:9200/events_capm/_search?sort=@timestamp:desc&size=200&pretty'
	List capm groups	curl -XGET 'http://<ES_ENDPOINT>:9200/groups_capm/_search?sort=@timestamp:desc&size=200&pretty'

APM indices
	List all apmindices	curl -XGET 'http://<ES_ENDPOINT>:9200/_cat/indices/_apm?v'
	List apm inventory inventory	curl -XGET 'http://<ES_ENDPOINT>:9200/inventory_apm/_search?sort=@timestamp:desc&size=200&pretty'
	List apm alarms inventory	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_apm/_search?sort=@timestamp:desc&size=200&pretty'
	List apm tt	curl -XGET 'http://<ES_ENDPOINT>:9200/apm_tt/_search?pretty'

Situation
	List all situations	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_situation_cluster/_search?pretty'&size=100&sort=@timestamp:desc'
	List all situations for a specific tenant	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_situation_cluster/_search?pretty'&size=100&sort=@timestamp:desc&q=@tenant_id:<TENANT_ID>'

ServiceNow
	List alarms services indices	http://<ES_ENDPOINT>:9200/_cat/indices/alarms_service_sa?v'
	Query for a specific Alarm id in "service_sa* indices	curl -XGET 'http://<ES_ENDPOINT>:9200/alarms_service_sa/_search?pretty'&sort=@timestamp:desc&size=200&q=alarm_unique_id:<ALARM-ID>'
	List channel indices	http://<ES_ENDPOINT>:9200/_cat/indices/channels?v'
	Query for a specific Alarm id in "channels* indices	curl -XGET 'http://<ES_ENDPOINT>:9200/channels/_search?pretty'&sort=@timestamp:desc&size=200&q=alarm_unique_id:<ALARM-ID>'
	List alarms services indices	http://<ES_ENDPOINT>:9200/_cat/indices/alarms_service_sa?v'
	Query for a specific Alarm id in "incidents* indices	curl -XGET 'http://<ES_ENDPOINT>:9200/incidents/_search?pretty'&sort=@timestamp:desc&size=200&q=alarm_unique_id:<ALARM-ID>'

OPTION 2: How to query ElasticSearch from a Client Browser

You can externalize the Elastic Endpoint accessible from your browser

Once Elastic routes/ingress endpoints are available you will be able to run the below common queries:

To list DX Platform Routes and Ingresses you can use:

In kubernetes: kubectl get ingress -n <namespace>
In Openshift: oc -n <namespace> get route

	DESCRIPTION	QUERY
Elastic Health
	Check Elastic version	http(s)://<ES_ENDPOINT>/
	Check Elastic Status (make sure status" : "green")	http(s)://<ES_ENDPOINT>/_cluster/health?pretty&human
	Check disk space usage	http(s)://<ES_ENDPOINT>/_nodes/stats/fs?pretty
	Node stats	http(s)://<ES_ENDPOINT>/_nodes/stats/indices?pretty
	ES health (check status is in green)	http(s)://<ES_ENDPOINT>/_cat/health?v
	Displays nodes in cluster (check memory, cpu, load)	http(s)://<ES_ENDPOINT>/_cat/nodes?v
	Check for possible errors during allocation, to get explanation on cluster issues	http(s)://<ES_ENDPOINT>/_cluster/allocation/explain?pretty
	reason for unassigned shards	http(s)://<ES_ENDPOINT>/_cat/shards?h=index,shard,prirep,state,unassigned.reason,unassigned.details&v
	To look for bulk rejection	http(s)://<ES_ENDPOINT>/_cat/thread_pool?v
	Identify backup folder	http(s)://<ES_ENDPOINT>/_snapshot/_all?pretty
	Shards details	http(s)://<ES_ENDPOINT>/_cat/shards?v

	Check disk space usage from Elastic servers	Go to elastic node(s)
	- via server:	/dxi/jarvis/elasticsearch/nodes/0/indices
	- via pod \| terminal	/var/data/elasticsearch/nodes/0/indices
	Execute:	du -m --max-depth 1 \| sort -rn \| more

Delete indices
	IMPORTANT:
	DO NOT delete indices without first consulting Broadcom Support

	To delete indices	curl -X DELETE http://<ES_ENDPOINT>/<index-name>

Incides
	List all indices	http(s)://<ES_ENDPOINT>/_cat/indices?v
	List indices by size:	http(s)://<ES_ENDPOINT>/_cat/indices/?v&s=ss:desc&h=health,store.size,pri.store.size,pri,rep,store.size,pri.store.size,docs.count,docs.deleted,index,cds
	List indices by creation date	http(s)://<ES_ENDPOINT>/_cat/indices/?v&s=cds:desc&h=health,store.size,pri.store.size,pri,rep,store.size,pri.store.size,docs.count,docs.deleted,index,cds
	Memory usage of indices	http://<ES_ENDPOINT>/_cat/indices?v&h=i,tm&s=tm:desc
	to get settings of index	http://<ES_ENDPOINT>/<index-name>/_settings
	check Mapping	http://<ES_ENDPOINT>/_all/_mapping?pretty
	metadata for given index	http://<ES_ENDPOINT>/_cluster/state/metadata/<indexname>?pretty

Tenants
	List tenant details	http(s)://<ES_ENDPOINT>/ao_dxi_tenants_1_1/_search?size=200&pretty
	List tenant details (legacy)	http(s)://<ES_ENDPOINT>/ao_tenants_1_1/_search?size=200&pretty

Jarvis Metadata
	Query jarvis_metadata	http(s)://<ES_ENDPOINT>/jarvis_metadata/_search?pretty&q=md_type:"product_info"

Alarms_all
	List past 200 alarms	http(s)://<ES_ENDPOINT>/alarms_all/_search?pretty&sort=@timestamp:desc&size=200
	Query for a specific Alarm id in "alarms_all* indices	http(s)://<ES_ENDPOINT>/alarms_all/_search?pretty&q=alarm_unique_id:<ALARM-ID>
	Query for specific alarm type	http(s)://<ES_ENDPOINT>/ao_itoa_alarms_all_1_1*/serch?pretty&q=alarmType:Prediction
	Alarm details from alarms_all index for spectrum alarms	http(s)://<ES_ENDPOINT>/ao_itoa_alarms_all*/_search?q=alarm_unique_id:"spectrumAlarmId"&pretty
UIM indices
	List all uim indices	http(s)://<ES_ENDPOINT>/_cat/indices/uim?v
	List uim ci inventory	http(s)://<ES_ENDPOINT>/inventory_uim_ci/_search?sort=@timestamp:desc&size=200&pretty
	List uim device inventory	http(s)://<ES_ENDPOINT>/inventory_uim_device/_search?sort=@timestamp:desc&size=200&pretty
	List uim alarms	http(s)://<ES_ENDPOINT>/alarms_uim/_search?sort=@timestamp:desc&size=200&pretty
	Query for a specific Alarm id in alarms_uim incides	http(s)://<ES_ENDPOINT>/alarms_uim/_search?pretty&q=nimid:<ALARM-ID>

Spectrum indices
	List all spectrum indices	http(s)://<ES_ENDPOINT>/_cat/indices/spectrum?v
	List spectrum alarms	http(s)://<ES_ENDPOINT>/alarms_spectrum/_search?sort=@timestamp:desc&size=200&pretty
	List spectrum inventory	http(s)://<ES_ENDPOINT>/inventory_spectrum/_search?sort=@timestamp:desc&size=200&pretty
	Alarm details from alarms_spectrum index	http(s)://<ES_ENDPOINT>/ao_itoa_alarms_spectrum*/_search?q=globalAlarmID:"spectrumAlarmId"&pretty
NetOps / capm indices
	List all capm incides	http(s)://<ES_ENDPOINT>/_cat/indices/capm?v
	List capm events	http(s)://<ES_ENDPOINT>/events_capm/_search?sort=@timestamp:desc&size=200&pretty
	List capm groups	http(s)://<ES_ENDPOINT>/groups_capm/_search?sort=@timestamp:desc&size=200&pretty

APM indices
	List all apmindices	http(s)://<ES_ENDPOINT>/_cat/indices/_apm?v
	List apm inventory inventory	http(s)://<ES_ENDPOINT>/inventory_apm/_search?sort=@timestamp:desc&size=200&pretty
	List apm alarms inventory	http(s)://<ES_ENDPOINT>/alarms_apm/_search?sort=@timestamp:desc&size=200&pretty
	List apm tt	http(s)://<ES_ENDPOINT>/apm_tt/_search?pretty

Situation
	List all situations	http(s)://<ES_ENDPOINT>/alarms_situation_cluster/_search?pretty&size=100&sort=@timestamp:desc
	List all situations for a specific tenant	http(s)://<ES_ENDPOINT>/alarms_situation_cluster/_search?pretty&size=100&sort=@timestamp:desc&q=@tenant_id:<TENANT_ID>

ServiceNow
	Data Flow:
	1) For Raw alarm : alarms are pushed to : alarms_all -> channels -> incidents
	2) For Situation alarm: alarms are pushed to : alarms_all -> service_sa -> channels -> incidents

	List alarms services indices	http://<ES_ENDPOINT>/_cat/indices/alarms_service_sa?v
	Query for a specific Alarm id in "service_sa* indices	http(s)://<ES_ENDPOINT>/alarms_service_sa/_search?pretty&sort=@timestamp:desc&size=200&q=alarm_unique_id:<ALARM-ID>
	List channel indices	http://<ES_ENDPOINT>/_cat/indices/channels?v
	Query for a specific Alarm id in "channels* indices	http(s)://<ES_ENDPOINT>/channels/_search?pretty&sort=@timestamp:desc&size=200&q=alarm_unique_id:<ALARM-ID>
	List alarms services indices	http://<ES_ENDPOINT>/_cat/indices/alarms_service_sa?v
	Query for a specific Alarm id in "incidents* indices	http(s)://<ES_ENDPOINT>/incidents/_search?pretty&sort=@timestamp:desc&size=200&q=alarm_unique_id:<ALARM-ID>

Feedback

thumb_up Yes

thumb_down No