Essential ElasticSearch Commands (2026 Edition)
This guide walks through the most common ElasticSearch commands, covering cluster health checks, index management, document CRUD operations, mapping inspection, full‑text and filtered searches, aggregations, and bulk inserts, while explaining each step with concrete examples and performance tips.
1. Check Cluster Health
Use the REST API to retrieve the health status of the cluster: GET /_cluster/health Or via curl:
curl http://localhost:9200/_cluster/health?prettyTypical response:
{
"cluster_name": "es-cluster",
"status": "green",
"number_of_nodes": 3
}The status field can be:
green : primary and replica shards are healthy.
yellow : primary shards are healthy, but some replica shards are not.
red : one or more primary shards are unavailable.
2. List All Indices
Retrieve a concise list of indices with basic statistics: GET /_cat/indices?v Or via curl: curl http://localhost:9200/_cat/indices?v Typical columns include index name, document count, storage size, and shard status.
3. Create an Index
Define an index with explicit shard and replica settings:
PUT /user
{
"settings": {
"number_of_shards": 3,
"number_of_replicas": 1
}
}Planning the number of shards, replicas, and mappings in advance avoids costly re‑sharding later.
4. Delete an Index
Remove an entire index (irreversible): DELETE /user Recommended safeguards: snapshot backup, double‑check the name, and avoid wildcard deletions.
5. View Index Mapping
Inspect field types for an index: GET /user/_mapping Example snippet:
{
"user": {
"mappings": {
"properties": {
"name": { "type": "text" }
}
}
}
}Useful for diagnosing tokenization or query issues.
6. Add a Document
Index a new document; ElasticSearch generates a unique _id:
POST /user/_doc
{
"name": "Tom",
"age": 20
}Response includes the auto‑generated ID.
7. Retrieve a Document by ID
Fetch a specific document using its ID: GET /user/_doc/abc123 Typical response returns the stored fields.
8. Update a Document
Partial update without replacing the whole source:
POST /user/_update/abc123
{
"doc": { "age": 25 }
}Only the age field is modified.
9. Delete a Document
Remove a single document (e.g., user logout or data cleanup):
DELETE /user/_doc/abc12310. Full‑Text Search
Search for documents matching a text query:
GET /user/_search
{
"query": {
"match": { "name": "Tom" }
}
}ElasticSearch first tokenizes the input (e.g., "Tom Jackson" → "tom", "jackson") and then performs inverted‑index matching.
11. Filter Query
Apply a non‑scoring filter for exact matches:
GET /user/_search
{
"query": {
"bool": {
"filter": [
{ "term": { "age": 20 } }
]
}
}
}Advantages of filter:
No relevance scoring calculation.
Results are cacheable.
Query execution is faster.
12. Aggregation (Statistics)
Compute the average age across all documents:
GET /user/_search
{
"size": 0,
"aggs": {
"avg_age": {
"avg": { "field": "age" }
}
}
}Sample response:
{
"aggregations": {
"avg_age": { "value": 28.5 }
}
}Commonly used for BI reports, data statistics, and real‑time analytics.
13. Bulk Insert
Batch multiple index actions into a single request to dramatically reduce network overhead:
POST /_bulk
{ "index": { "_index": "user" } }
{ "name": "Tom" }
{ "index": { "_index": "user" } }
{ "name": "Jack" }Performance comparison:
Individual writes: ~1000 network requests.
Bulk write: 1 network request.
Typical speedup ranges from 10× to 100×, which is why log systems, order services, and big‑data platforms prefer bulk operations.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Architect Chen
Sharing over a decade of architecture experience from Baidu, Alibaba, and Tencent.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.