App-ElasticSearch-Utilities
view release on metacpan or search on metacpan
Correct version check for TLS and Auth
* Use `App::ElasticSearch::Utilities::HTTPRequest` for checking the
version string. * Add a check for `PASSEXEC` to `_get_es_version()` so we
can use the
provided credentials * Correct `::Connection->request()` to set
`authorization_basic()` when
the `->password` has a length greater than 0.
Change: e978a9b33eecd59191cfbf88ffc4f7b54d698c74
Author: Brad Lhotsky <brad@divisionbyzero.net>
Date : 2022-05-31 19:02:24 +0000
More fixes for HTTP Authentication
* Remove `--http-password` and parsing `~/.es-utils.yaml` for the
password. This is not a secure default. * Do not allow HTTP Basic Auth over
HTTP as it leaks credentials * Check for `value_as_string` in
`es_flatten_aggregations`
Change: e49f4394b7a35b3f0539debec53f693f36d43da7
Author: Brad Lhotsky <brad@divisionbyzero.net>
Date : 2022-05-31 03:41:01 +0000
Support HTTPS and Basic Authorization
* Adds support for HTTP Basic Authorization username/password to the
libraries * Add TLS support to `App::ElasticSearch::Utilities::Connection`
and
`es_connect()`
----------------------------------------
version 8.3 at 2022-03-23 00:15:12 +0000
----------------------------------------
README.mkdn view on Meta::CPAN
Takes an optional reference to an `@ARGV` like array. Performs environment and
argument parsing.
## es\_globals($key)
Grab the value of the global value from the es-utils.yaml files.
## es\_basic\_auth($host)
Get the user/password combination for this host. This is called from LWP::UserAgent if
it recieves a 401, so the auth condition must be satisfied.
Returns the username and password as a list.
## es\_pass\_exec(host, username)
Called from es\_basic\_auth to exec a program, capture the password
and return it to the caller. This allows the use of password vaults
and keychains.
## es\_pattern
Returns a hashref of the pattern filter used to get the indexes
{
string => '\*',
re => '.\*',
}
README.mkdn view on Meta::CPAN
# ARGS
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
README.mkdn view on Meta::CPAN
or **$HOME/.config/es-utils/config.yaml** file:
---
base: logstash
days: 7
host: esproxy.example.com
port: 80
timeout: 10
proto: https
http-username: bob
password-exec: /home/bob/bin/get-es-passwd.sh
# CONNECTION ARGUMENTS
Arguments for establishing a connection with the cluster. Unless specified otherwise, these options
can all be set in the globals file.
- **local**
Assume ElasticSearch is running locally, connect to localhost.
README.mkdn view on Meta::CPAN
- **proto**
Defaults to 'http', can also be 'https'.
- **http-username**
If HTTP Basic Authentication is required, use this username.
See also the ["HTTP Basic Authentication"](#http-basic-authentication) section for more details
- **password-exec**
If HTTP Basic Authentication is required, run this command, passing the arguments:
<command_to_run> <es_host> <es_username>
The script expects the last line to contain the password in plaintext.
- **noop**
Prevents any communication to the cluster from making changes to the settings or data contained therein.
In short, it prevents anything but HEAD and GET requests, **except** POST requests to the \_search endpoint.
- **timeout**
Timeout for connections and requests, defaults to 10.
README.mkdn view on Meta::CPAN
The username is selected by going through these mechanisms until one is found:
--http-username
'http-username' in /etc/es-utils.yml or ~/.es-utils.yml
Netrc element matching the hostname of the request
CLI::Helpers prompt()
Once the username has been resolved, the following mechanisms are tried in order:
Netrc element matching the hostname of the request
Password executable defined by --password-exec
'password-exec' in /etc/es-utils.yml, ~/.es-utils.yml
CLI::Helpers prompt()
## Password Exec
It is **BAD** practice to specify passwords as a command line argument, or store it in a plaintext
file. There are cases where this may be necessary, but it is not recommended. The best method for securing your
password is to use the **password-exec** option.
This option must point to an executable script. That script will be passed two arguments, the hostname and the username
for the request. It expects the password printed to STDOUT as the last line of output. Here's an example password-exec setup
using Apple Keychain:
#!/bin/sh
HOSTNAME=$1;
USERNAME=$2;
/usr/bin/security find-generic-password -w -a "$USERNAME" -s "$HOSTNAME"
If we save this to "$HOME/bin/get-passwd.sh" we can execute a script
like this:
$ es-search.pl --http-username bob --password-exec $HOME/bin/get-passwd.sh \
--base secure-data --fields
Though it's probably best to set this in your ~/.es-utils.yml file:
---
host: secured-cluster.example.org
port: 443
proto: https
http-username: bob
password-exec: /home/bob/bin/get-passwd.sh
### CLI::Helpers and Password Prompting
If all the fails to yield a password, the last resort is to use CLI::Helpers::prompt() to ask the user for their
password. If the user is using version 1.1 or higher of CLI::Helpers, this call will turn off echo and readline magic
for the password prompt.
# INSTALL
**This library attempts to provide scripts compatible with version 0.19 through 1.1 of ElasticSearch**.
Recommended install with [CPAN Minus](http://cpanmin.us):
cpanm App::ElasticSearch::Utilities
You can also use CPAN:
examples/es-utils.yml view on Meta::CPAN
# Sample ES Utils Options
---
# Host to connect to, defaults to localhost
host: es-gateway.corp.company.com
# Port, defaults to 9200
port: 9200
# Protocol, defaults to http, also supports https
proto: http
# If using HTTP Basic Auth
#http-username: bob
#http-password: notRecommended
#password-exec: ~/bin/get-me-es-password-from-keychain.sh
# Default Index Settings
base: log
days: 1
timestamp: timestamp
# Per Index Base Settings
meta:
logstash:
timestamp: '@timestamp'
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
port=i
timeout=i
keep-proxy
index=s
pattern=s
base|index-basename=s
days=i
noop!
proto=s
http-username=s
password-exec=s
master-only|M
insecure
capath=s
cacert=s
cert=s
key=s
);
my $argv;
my %opt;
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
BASE => exists $opts->{base} ? lc $opts->{base}
: exists $_GLOBALS{base} ? $_GLOBALS{base}
: undef,
PATTERN => exists $opts->{pattern} ? $opts->{pattern} : '*',
DAYS => exists $opts->{days} ? $opts->{days}
: exists $_GLOBALS{days} ? $_GLOBALS{days} : 1,
# HTTP Basic Authentication
USERNAME => exists $opts->{'http-username'} ? $opts->{'http-username'}
: exists $_GLOBALS{'http-username'} ? $_GLOBALS{'http-username'}
: $ENV{USER},
PASSEXEC => exists $opts->{'password-exec'} ? $opts->{'password-exec'}
: exists $_GLOBALS{'password-exec'} ? $_GLOBALS{'password-exec'}
: undef,
# TLS Options
INSECURE => exists $opts->{insecure} ? 1
: exists $_GLOBALS{insecure} ? $_GLOBALS{insecure}
: 0,
CACERT => exists $opts->{cacert} ? 1
: exists $_GLOBALS{cacert} ? $_GLOBALS{cacert}
: undef,
CAPATH => exists $opts->{capath} ? 1
: exists $_GLOBALS{capath} ? $_GLOBALS{capath}
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
my %_auth_cache = ();
sub es_basic_auth {
my ($host) = @_;
es_utils_initialize() unless keys %DEF;
$host ||= $DEF{HOST};
# Return the results if we've done this already
return @{ $_auth_cache{$host} }{qw(username password)}
if exists $_auth_cache{$host};
# Set the cached element
my %auth = ();
# Lookup the details netrc
my $netrc = Net::Netrc->lookup($host);
if( $DEF{HOST} eq $host ) {
%auth = map { lc($_) => $DEF{$_} } qw(USERNAME);
}
my %meta = ();
foreach my $k (qw( http-username password-exec )) {
foreach my $name ( $DEF{INDEX}, $DEF{BASE} ) {
next unless $name;
if( my $v = es_local_index_meta($k, $name) ) {
$meta{$k} = $v;
last;
}
}
}
# Get the Username
$auth{username} ||= $meta{'http-username'} ? $meta{'http-username'}
: defined $DEF{USERNAME} ? $DEF{USERNAME}
: defined $netrc ? $netrc->login
: $ENV{USER};
# Prompt for the password
$auth{password} ||= defined $netrc ? $netrc->password
: (es_pass_exec($host,$auth{username},$meta{'password-exec'})
|| prompt(sprintf "Password for '%s' at '%s': ", $auth{username}, $host)
);
# Store
$_auth_cache{$host} = \%auth;
return @auth{qw(username password)};
}
sub es_pass_exec {
my ($host,$username,$exec) = @_;
es_utils_initialize() unless keys %DEF;
# Simplest case we can't run
$exec ||= $DEF{PASSEXEC};
return unless length $exec && -x $exec;
my(@out,@err);
# Run the password command captue out, error and RC
run3 [ $exec, $host, $username ], \undef, \@out, \@err;
my $rc = $?;
# Record the error
if( @err or $rc != 0 ) {
output({color=>'red',stderr=>1},
sprintf("es_pass_exec() called '%s' and met with an error code '%d'", $exec, $rc),
@err
);
return;
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
sub _get_es_version {
return $CURRENT_VERSION if defined $CURRENT_VERSION;
my $conn = es_connect();
# Build the request
my $req = App::ElasticSearch::Utilities::HTTPRequest->new(
GET => sprintf "%s://%s:%d",
$conn->proto, $conn->host, $conn->port
);
# Check if we're doing auth
my @auth = $DEF{PASSEXEC} ? es_basic_auth($conn->host) : ();
# Add authentication if we get a password
$req->authorization_basic( @auth ) if @auth;
# Retry with TLS and/or Auth
my %try = map { $_ => 1 } qw( tls auth );
my $resp;
while( not defined $CURRENT_VERSION ) {
$resp = $conn->ua->request($req);
if( $resp->is_success ) {
my $ver;
eval {
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
# Try TLS
last unless $try{tls};
delete $try{tls};
$conn->proto('https');
warn "Attempting promotion to HTTPS, try setting 'proto: https' in ~/.es-utils.yaml";
}
elsif( $resp->code == 401 ) {
# Retry with credentials
last unless $try{auth};
delete $try{auth};
warn "Authorization required, try setting 'password-exec: /home/user/bin/get-password.sh` in ~/.es-utils.yaml'"
unless $DEF{PASSEXEC};
$req->authorization_basic( es_basic_auth($conn->host) );
}
else {
warn "Failed getting version";
last;
}
}
if( !defined $CURRENT_VERSION || $CURRENT_VERSION <= 2 ) {
output({color=>'red',stderr=>1}, sprintf "[%d] Unable to determine Elasticsearch version, something has gone terribly wrong: aborting.", $resp->code);
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
my %conn = (
host => $DEF{HOST},
port => $DEF{PORT},
proto => $DEF{PROTO},
timeout => $DEF{TIMEOUT},
ssl_opts => _get_ssl_opts,
);
# Only authenticate over TLS
if( $DEF{PROTO} eq 'https' ) {
$conn{username} = $DEF{USERNAME};
$conn{password} = es_pass_exec(@DEF{qw(HOST USERNAME)}) if $DEF{PASSEXEC};
}
# If we're overriding, return a unique handle
if(defined $override_servers) {
my @overrides = is_arrayref($override_servers) ? @$override_servers : $override_servers;
my @servers;
foreach my $entry ( @overrides ) {
my ($s,$p) = split /\:/, $entry;
$p ||= $conn{port};
push @servers, { %conn, host => $s, port => $p };
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
Takes an optional reference to an C<@ARGV> like array. Performs environment and
argument parsing.
=head2 es_globals($key)
Grab the value of the global value from the es-utils.yaml files.
=head2 es_basic_auth($host)
Get the user/password combination for this host. This is called from LWP::UserAgent if
it recieves a 401, so the auth condition must be satisfied.
Returns the username and password as a list.
=head2 es_pass_exec(host, username)
Called from es_basic_auth to exec a program, capture the password
and return it to the caller. This allows the use of password vaults
and keychains.
=head2 es_pattern
Returns a hashref of the pattern filter used to get the indexes
{
string => '*',
re => '.*',
}
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
=head1 ARGS
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
or B<$HOME/.config/es-utils/config.yaml> file:
---
base: logstash
days: 7
host: esproxy.example.com
port: 80
timeout: 10
proto: https
http-username: bob
password-exec: /home/bob/bin/get-es-passwd.sh
=head1 CONNECTION ARGUMENTS
Arguments for establishing a connection with the cluster. Unless specified otherwise, these options
can all be set in the globals file.
=over
=item B<local>
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
=item B<proto>
Defaults to 'http', can also be 'https'.
=item B<http-username>
If HTTP Basic Authentication is required, use this username.
See also the L<HTTP Basic Authentication> section for more details
=item B<password-exec>
If HTTP Basic Authentication is required, run this command, passing the arguments:
<command_to_run> <es_host> <es_username>
The script expects the last line to contain the password in plaintext.
=item B<noop>
Prevents any communication to the cluster from making changes to the settings or data contained therein.
In short, it prevents anything but HEAD and GET requests, B<except> POST requests to the _search endpoint.
=item B<timeout>
Timeout for connections and requests, defaults to 10.
lib/App/ElasticSearch/Utilities.pm view on Meta::CPAN
The username is selected by going through these mechanisms until one is found:
--http-username
'http-username' in /etc/es-utils.yml or ~/.es-utils.yml
Netrc element matching the hostname of the request
CLI::Helpers prompt()
Once the username has been resolved, the following mechanisms are tried in order:
Netrc element matching the hostname of the request
Password executable defined by --password-exec
'password-exec' in /etc/es-utils.yml, ~/.es-utils.yml
CLI::Helpers prompt()
=head2 Password Exec
It is B<BAD> practice to specify passwords as a command line argument, or store it in a plaintext
file. There are cases where this may be necessary, but it is not recommended. The best method for securing your
password is to use the B<password-exec> option.
This option must point to an executable script. That script will be passed two arguments, the hostname and the username
for the request. It expects the password printed to STDOUT as the last line of output. Here's an example password-exec setup
using Apple Keychain:
#!/bin/sh
HOSTNAME=$1;
USERNAME=$2;
/usr/bin/security find-generic-password -w -a "$USERNAME" -s "$HOSTNAME"
If we save this to "$HOME/bin/get-passwd.sh" we can execute a script
like this:
$ es-search.pl --http-username bob --password-exec $HOME/bin/get-passwd.sh \
--base secure-data --fields
Though it's probably best to set this in your ~/.es-utils.yml file:
---
host: secured-cluster.example.org
port: 443
proto: https
http-username: bob
password-exec: /home/bob/bin/get-passwd.sh
=head3 CLI::Helpers and Password Prompting
If all the fails to yield a password, the last resort is to use CLI::Helpers::prompt() to ask the user for their
password. If the user is using version 1.1 or higher of CLI::Helpers, this call will turn off echo and readline magic
for the password prompt.
=head1 INSTALL
B<This library attempts to provide scripts compatible with version 0.19 through 1.1 of ElasticSearch>.
Recommended install with L<CPAN Minus|http://cpanmin.us>:
cpanm App::ElasticSearch::Utilities
You can also use CPAN:
lib/App/ElasticSearch/Utilities/Connection.pm view on Meta::CPAN
);
has 'username' => (
is => 'ro',
isa => Str,
default => sub { $ENV{USER} },
);
has 'password' => (
is => 'ro',
);
has 'ssl_opts' => (
is => 'ro',
isa => HashRef,
default => sub { {} },
);
lib/App/ElasticSearch/Utilities/Connection.pm view on Meta::CPAN
## no critic
my $local_version = eval '$VERSION' || '999.9';
## use critic
my $ua = LWP::UserAgent->new(
keep_alive => 3,
agent => sprintf("%s/%s (Perl %s)", __PACKAGE__, $local_version, $^V),
protocols_allowed => [qw(http https)],
timeout => $self->timeout,
ssl_opts => $self->ssl_opts,
);
debug({color=>'cyan'}, sprintf "Initialized a UA: %s%s", $ua->agent, $self->password ? ' (password provided)' : '');
# Decode the JSON Automatically
$ua->add_handler( response_done => sub {
my ($response,$lwp_ua,$headers) = @_;
debug( {color=>'magenta'}, "respone_done handler, got:");
debug_var($response);
my $ctype = $response->content_type() || 'invalid';
# JSON Transform
if( $ctype =~ m{^application/json\b} ) {
lib/App/ElasticSearch/Utilities/Connection.pm view on Meta::CPAN
}
else{
debug( $content );
}
}
$_[0] = $response;
});
# Warn About Basic Auth without TLS
warn "HTTP Basic Authorization configured and not using TLS, this is not supported"
if length $self->password && $self->proto ne 'https';
return $ua;
}
sub request {
my ($self,$url,$options,$body) = @_;
# Build the Path
$options->{command} ||= $url;
lib/App/ElasticSearch/Utilities/Connection.pm view on Meta::CPAN
}
else {
debug({indent=>1}, split /\r?\n/, $body);
}
}
# Make the request
my $req = App::ElasticSearch::Utilities::HTTPRequest->new( $method => $uri->as_string );
# Authentication
$req->authorization_basic( $self->username, $self->password )
if length $self->password and $self->proto eq 'https';
$req->content($body) if defined $body;
return $self->ua->request( $req );
}
sub exists {
my ($self,%options) = @_;
lib/App/ElasticSearch/Utilities/Connection.pm view on Meta::CPAN
basic authentication.
=head2 timeout
Connection and Read Timeout for the HTTP connection, defaults to B<10> seconds.
=head2 username
HTTP Basic Authorization username, defaults to C<$ENV{USER}>.
=head2 password
HTTP Basic Authorization password, if set, we'll try authentication.
=head2 ssl_opts
SSL Options for L<LWP::UserAgent/ssl_opts>.
=head2 ua
Lazy built B<LWP::UserAgent> to access LWP::UserAgent directly.
=head1 METHODS
scripts/es-aggregate.pl view on Meta::CPAN
--show-raw Show the raw results from the backend
--json Output as newline delimited JSON
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-alias-manager.pl view on Meta::CPAN
--config Location of Config File, default /etc/elasticsearch/aliases.yml
--skip Action name to be skipped, 'add' or 'remove', default none
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-apply-settings.pl view on Meta::CPAN
--manual print full manual
--close Close the index, apply settings, and re-open the index
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-cluster-settings.pl view on Meta::CPAN
--help print help
--manual print full manual
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-copy-index.pl view on Meta::CPAN
--help print help
--manual print full manual
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-daily-index-maintenance.pl view on Meta::CPAN
--replicas-max Maximum number of replicas this index may have (default:1)
--skip-alias Indexes with these aliases will be skipped from all maintenance, can be set more than once
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-graphite-dynamic.pl view on Meta::CPAN
--prefix A metric path to prefix stats, defaults to (--carbon-base).(hostname)
--no-prefix Don't prefix the metrics at all
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-index-blocks.pl view on Meta::CPAN
--help print help
--manual print full manual
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-index-fields.pl view on Meta::CPAN
--help print help
--manual print full manual
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-nodes.pl view on Meta::CPAN
--manual print full manual
--attibutes Comma separated list of attributes to display, default is NONE
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-open.pl view on Meta::CPAN
--help print help
--manual print full manual
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-search.pl view on Meta::CPAN
--bases Display the index base list for this cluster.
--timestamp Field to use as the date object, default: @timestamp
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
scripts/es-storage-overview.pl view on Meta::CPAN
--asc Sort ascending
--desc Sort descending (default)
From App::ElasticSearch::Utilities:
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
( run in 0.669 second using v1.01-cache-2.11-cpan-49f99fa48dc )