Elasticsearch – Configuring and Managing Documents in Kibana

After kibana is up and running if you access http://localhost:5601, we will see the system is asking us to configure the index pattern. Here you can enter a pattern for which indexes you want to include in the kibana interface. To include everything just give an asterisk “*”, also uncheck the checkbox “Index contains time-based events”. Then click create button. And you are done. This is setting is for you to try out elasticsearch first, then set up the proper index. Next, navigate to Dev tools. 

You will something like fig-1, the interface of this tool changes all the time you might not see exactly something like this but you will find something similar like this, where the console will be ever-present.
So console is the tool which allows you to enter your queries without having to deal with HTTP Headers, formatting responses, etc. On top of that, it also provides syntax highlighting, code completion. Also, we can get the curl version of the query by clicking on the ranch symbol near the written query in the console. Since elasticsearch cluster exposes an HTTP rest API so it’s easy to communicate with. If you don’t want to use
Managing Documents
Creating an Index
Example: adding an index named “product”

IF everything went well we will see something like this


Adding Data
Now, let’s add some document to it by using kibana. We do that by sending a post request to a URI consisting of the index name followed by a type. Since types are going to be removed from elasticsearch we are using a type name default. Since the index name is “product”, that makes the request URI “/product/default”

We are using POST HTTP verb and the endpoint is “/product/default”. Now we put the document we want to add. We do that by adding a JSON object on a new line, which can be of any structure we want. If everything went right we will get result feedback like below.
Notice the id field at the result, this is an identifier which elasticsearch has automatically generated for the document because we didn’t specify any id for the document by our self. IF we want to add an id we can do that. For that, we need to change the HTTP verb to PUT and specify the id in the request URI.

The _id field matches the id that was specified in the request.

Retrieving Data
Let’s retrieve the data using ID, we can do that by using GET verb. The request path would be the index name, the type and the id of the document. The code for retrieving it is:

We can see in the result elasticsearch added some meta fields, which are all prefixed by an underscore. These include an index, type, and version of the document. The document is under the source meta field.

Reference: Service and OS Support: https://www.elastic.co/support/matrix

Replacing Documents
We can use the product ID to replace the product documentation. The query will be

Also, notice the meta field _version has a value of 3, this indicates how many time this record has been changed.

Updating Documents
Instead of replacing the whole document we will patch it or update a certain portion of it. To do that we have to send a POST request to the update API.

We are sending the request to ”_update” API, the update API expects a JSON object and within this object, we can add a doc property, which itself is an object. Within this doc object, we can specify the fields we want to change or add some extra field, in here we added tags property and updated price property.
[P.S. Documents in elasticsearch are immutable meaning that they cannot be changed once they have been indexed. Even though it looks like the document has changed in this example or partially updated, this is not the case internally. What actually happened is the update API retrieves, changes and re-index the document for us. This  means it will retrieve the document, change it according to us and then replace the existing document.]

Scripted Update
Apart from specifying the new values for the fields directly within the update query is also possible to use the scripts. Scripting allows us to do a lot of dynamic things within queries.

We can access the document object on a variable mane “ctx”, this variable contains the fields we have seen in the query result before. To access the price field we have access the “ctx” variable then the _source field, as shown in the above image.

(Reference: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-update.html)

Upsert stands for if a document exists update it or create it otherwise. To perform an upsert we will use the update API with a script and specify an upsert key. The below query means if the document already exists increase the price by 10. If the document doesn’t already exist use the object from the upsert key will be added as a document. In this case, this means that an object with price key and value of 100 will be added.

Deleting Documents
To delete a document just mention the id of the document with the delete verb

Updation multiple documents are not possible in elasticsearch (5.6.3). Deleting multiple documents in one query is possible. Let’s say we insert few documents with a category “fun”.

What we want to do here is delete all the products based on the category of “fun”. We will use an API name delete_by_query which is available at the index level.

We issue a POST request to the product index and use the “_delete_by_query” API. Then we add the JSON object with the type of query. The type of query will ab match query. Match the field name and value. Here it will be “category” and category value. We will see it in details in the search section. Within the result document, we can see that deleted files is showing two documents has been deleted.

To delete the indice Simply put the indice name with the delete verb. [Must not use it on production]