Bird
Raised Fist0
Elasticsearchquery~10 mins

Infrastructure monitoring in Elasticsearch - Interactive Code Practice

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to query all documents from the 'metrics' index.

Elasticsearch
{
  "index": "metrics",
  "body": {
    "query": {
      "match_all": [1]
    }
  }
}
Drag options to blanks, or click blank then click option'
A"all"
Bnull
C[]
D{}
Attempts:
3 left
💡 Hint
Common Mistakes
Using null or an array instead of an empty object causes errors.
Putting a string like 'all' is not valid syntax.
2fill in blank
medium

Complete the code to filter documents where the 'status' field is 'active'.

Elasticsearch
{
  "query": {
    "term": {
      "status": [1]
    }
  }
}
Drag options to blanks, or click blank then click option'
A{ "value": "active" }
Bactive
C"active"
D["active"]
Attempts:
3 left
💡 Hint
Common Mistakes
Using unquoted active causes syntax errors.
Using an object or array instead of a string is invalid.
3fill in blank
hard

Fix the error in the aggregation to calculate average CPU usage.

Elasticsearch
{
  "aggs": {
    "avg_cpu": {
      "avg": {
        "field": [1]
      }
    }
  }
}
Drag options to blanks, or click blank then click option'
A"cpu_usage"
Bcpu_usage
C"avg_cpu"
Davg_cpu
Attempts:
3 left
💡 Hint
Common Mistakes
Omitting quotes around the field name causes errors.
Using aggregation names instead of field names is incorrect.
4fill in blank
hard

Fill both blanks to create a range query filtering memory usage between 4GB and 16GB.

Elasticsearch
{
  "query": {
    "range": {
      "memory": {
        "gte": [1],
        "lte": [2]
      }
    }
  }
}
Drag options to blanks, or click blank then click option'
A"4gb"
B"4g"
C"16gb"
D"16g"
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'g' instead of 'gb' may not be recognized.
Using numbers without quotes causes errors.
5fill in blank
hard

Fill all three blanks to create a terms aggregation on 'host' filtering buckets with doc_count greater than 10.

Elasticsearch
{
  "aggs": {
    "hosts": {
      "terms": {
        "field": [1]
      },
      "aggs": {
        "filtered_hosts": {
          "bucket_selector": {
            "buckets_path": {
              "count": [2]
            },
            "script": "params.count [3] 10"
          }
        }
      }
    }
  }
}
Drag options to blanks, or click blank then click option'
A"host.keyword"
B"_count"
C>
D"host"
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'host' instead of 'host.keyword' causes aggregation on analyzed text.
Using wrong bucket path or missing quotes causes errors.
Using '<' instead of '>' changes filter logic.

Practice

(1/5)
1. What is the primary purpose of infrastructure monitoring in Elasticsearch?
easy
A. To create user accounts and manage permissions
B. To store large amounts of data permanently
C. To watch system health and detect issues early
D. To design the user interface of Kibana dashboards

Solution

  1. Step 1: Understand infrastructure monitoring

    Infrastructure monitoring means watching your systems to keep them healthy and catch problems early.

  2. Step 2: Relate to Elasticsearch context

    Elasticsearch provides APIs to check cluster and node status, which helps monitor system health.

  3. Final Answer:

    To watch system health and detect issues early -> Option C

  4. Quick Check:

    Infrastructure monitoring = watch health early [OK]
Hint: Monitoring means watching system health regularly [OK]
Common Mistakes:
  • Confusing monitoring with data storage
  • Thinking monitoring manages user accounts
  • Mixing monitoring with UI design
2. Which Elasticsearch API command correctly checks the cluster health status?
easy
A. GET /_cluster/health
B. POST /_cluster/status
C. GET /_nodes/stats
D. PUT /_cluster/health

Solution

  1. Step 1: Identify the correct HTTP method and endpoint

    The cluster health API uses GET method and the endpoint is /_cluster/health.

  2. Step 2: Eliminate incorrect options

    POST and PUT are not used for checking health; /_nodes/stats gives node stats, not cluster health.

  3. Final Answer:

    GET /_cluster/health -> Option A

  4. Quick Check:

    Cluster health API = GET /_cluster/health [OK]
Hint: Use GET method with /_cluster/health to check status [OK]
Common Mistakes:
  • Using POST or PUT instead of GET
  • Confusing node stats with cluster health
  • Using wrong endpoint paths
3. What will be the output status field when you run GET /_cluster/health on a healthy Elasticsearch cluster?
medium
A. { \"status\": \"red\" }
B. { \"status\": \"green\" }
C. { \"status\": \"yellow\" }
D. { \"status\": \"blue\" }

Solution

  1. Step 1: Understand cluster health status colors

    Green means all primary and replica shards are active, so cluster is healthy.

  2. Step 2: Match output with healthy cluster

    Healthy cluster returns status as "green" in the JSON response.

  3. Final Answer:

    { "status": "green" } -> Option B

  4. Quick Check:

    Healthy cluster status = green [OK]
Hint: Green status means cluster is fully healthy [OK]
Common Mistakes:
  • Confusing yellow or red as healthy
  • Expecting blue status which does not exist
  • Misreading JSON output format
4. You run GET /_nodes/stats but get a 404 error. What is the most likely cause?
medium
A. The API endpoint is incorrect or misspelled
B. You used POST instead of GET method
C. The cluster is down and unreachable
D. The node stats API requires authentication

Solution

  1. Step 1: Understand 404 error meaning

    404 means the requested URL or endpoint does not exist on the server.

  2. Step 2: Check API endpoint correctness

    If the endpoint is misspelled or wrong, 404 occurs. The correct endpoint is /_nodes/stats.

  3. Final Answer:

    The API endpoint is incorrect or misspelled -> Option A

  4. Quick Check:

    404 error = wrong endpoint [OK]
Hint: 404 means wrong URL or endpoint [OK]
Common Mistakes:
  • Assuming cluster down causes 404 (usually connection error)
  • Confusing 404 with authentication errors
  • Using wrong HTTP method but expecting 404
5. You want to monitor Elasticsearch nodes for CPU and memory usage continuously. Which approach is best?
hard
A. Restart nodes frequently to reset CPU and memory usage
B. Use GET /_cluster/health to check CPU and memory
C. Install Kibana and create dashboards without data collection
D. Run GET /_nodes/stats regularly and parse CPU/memory fields

Solution

  1. Step 1: Identify API for node resource stats

    The /_nodes/stats API provides detailed CPU and memory usage per node.

  2. Step 2: Understand monitoring approach

    Regularly running this API and parsing results allows continuous monitoring of resource usage.

  3. Final Answer:

    Run GET /_nodes/stats regularly and parse CPU/memory fields -> Option D

  4. Quick Check:

    Node stats API for CPU/memory monitoring [OK]
Hint: Use /_nodes/stats API for detailed resource monitoring [OK]
Common Mistakes:
  • Using cluster health API which lacks CPU/memory details
  • Assuming Kibana dashboards work without data
  • Restarting nodes does not monitor usage