painless: doc['field'] vs doc['field.keyword']

 doc['field'] are enable by default on all fields EXCEPT text fields.

doc['field.keyword'] 

- populate not while ingesting, but a bit later
- by default only populate if length < 256

Elastic: Group_By and sort

get /my_index/_search

{

  "query": {

    "bool": {

      "filter": [

        {

          "range": {

            "block_time": {

              "gt": "2013-11-21T05:17:33",

              "lt": "2023-11-19T10:30:33"

            }

          }

        },

        {

          "term": {

            "mytoken": "token14"

          }

        }

      ]

    }

  },

  "_source": false,

  "aggs": {

    "block_height_agg": {

      "terms": {

        "field": "block_height",

        "size": 5,

        "order": {"_key": "desc"}

      }

    }

  },

  "size": 3

}

Example to GROUP BY block_height and SORT it

Get https certificate

Certificate:

 openssl s_client -connect <host>:<port> < /dev/null 2>/dev/null

Fingerprint of certificate:

openssl s_client -connect <host>:<port> < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin

Elastic cert use Letsencrypt

xpack.security.http.ssl.key: certs/privkey.pem
xpack.security.http.ssl.certificate: certs/fullchain.pem
xpack.security.http.ssl.certificate_authorities: [ "certs/chain.pem" ]

 https://github.com/CollectionBuilder/collectionbuilder-sa_draft/issues/37

Setup Elastic 8 cluster

setup the initial master mode:
https://towardsdev.com/elasticsearch-8-express-installation-guide-6065d89141d8

for other node, need to copy the certificate from the master node. otherwise they cannot join the cluster.

##

There are http.ssl and transportation.ssl

http.ssl is for client(kibana, logstash, or your custome code) to connect to elastic. Ports 9200

transportation.ssl is for the node in the cluster to communicate among themself . Ports 9300.

Elastic suggest to use different ca and certs for http