Putting data to Elasticsearch
by Saurabh Chhajed, Marek Rogoziński, Rafał Kuć, Bharvi Dixit
Elasticsearch: A Complete Guide
- Elasticsearch: A Complete Guide
- Table of Contents
- Elasticsearch: A Complete Guide
- Elasticsearch: A Complete Guide
- Credits
- Preface
- 1. Module 1
- 1. Getting Started with Elasticsearch
- Introducing Elasticsearch
- Installing and configuring Elasticsearch
- Basic operations with Elasticsearch
- Summary
- 2. Understanding Document Analysis and Creating Mappings
- 3. Putting Elasticsearch into Action
- CRUD operations using elasticsearch-py
- CRUD operations using Java
- Creating a search database
- Elasticsearch Query-DSL
- Understanding Query-DSL parameters
- Search requests using Python
- Search requests using Java
- Sorting your data
- Document routing
- Summary
- 4. Aggregations for Analytics
- 5. Data Looks Better on Maps: Master Geo-Spatiality
- 6. Document Relationships in NoSQL World
- 7. Different Methods of Search and Bulk Operations
- 8. Controlling Relevancy
- 9. Cluster Scaling in Production Deployments
- Node types in Elasticsearch
- Introducing Zen-Discovery
- Multicasting discovery
- Unicasting discovery
- Configuring unicasting discovery
- Minimum number of master nodes: preventing split-brain
- 10. Backups and Security
- II. Module 2
- 1. Introduction to Elasticsearch
- 2. Power User Query DSL
- Default Apache Lucene scoring explained
- Query rewrite explained
- Query templates
- Handling filters and why it matters
- Choosing the right query for the job
- Query categorization
- The use cases
- Summary
- 3. Not Only Full Text Search
- Query rescoring
- Controlling multimatching
- Significant terms aggregation
- Documents grouping
- Relations between documents
- Scripting changes between Elasticsearch versions
- Summary
- 4. Improving the User Search Experience
- Correcting user spelling mistakes
- Improving the query relevance
- Summary
- 5. The Index Distribution Architecture
- 6. Low-level Index Control
- Altering Apache Lucene scoring
- Choosing the right directory implementation – the store module
- NRT, flush, refresh, and transaction log
- Segment merging under control
- When it is too much for I/O – throttling explained
- Understanding Elasticsearch caching
- The filter cache
- The field data cache
- The shard query cache
- Using circuit breakers
- Clearing the caches
- Index, indices, and all caches clearing
- Summary
- 7. Elasticsearch Administration
- Discovery and recovery modules
- The human-friendly status API – using the Cat API
- Backing up
- Federated search
- Summary
- 8. Improving Performance
- Using doc values to optimize your queries
- Knowing about garbage collector
- Benchmarking queries
- Very hot threads
- Scaling Elasticsearch
- Vertical scaling
- Horizontal scaling
- Using Elasticsearch for high load scenarios
- Summary
- 9. Developing Elasticsearch Plugins
- Creating the Apache Maven project structure
- Understanding the basics
- Creating custom REST action
- Creating the custom analysis plugin
- Implementation details
- Implementing TokenFilter
- Implementing the TokenFilter factory
- Implementing the class custom analyzer
- Implementing the analyzer provider
- Implementing the analysis binder
- Implementing the analyzer indices component
- Implementing the analyzer module
- Implementing the analyzer plugin
- Informing Elasticsearch about our custom analyzer
- Testing our custom analysis plugin
- Implementation details
- Summary
- III. Module 3
- 1. Introduction to ELK Stack
- The need for log analysis
- Challenges in log analysis
- The ELK Stack
- ELK data pipeline
- ELK Stack installation
- Installing Elasticsearch
- Running Elasticsearch
- Elasticsearch configuration
- Elasticsearch plugins
- Installing Logstash
- Running Logstash
- Logstash with file input
- Logstash with Elasticsearch output
- Configuring Logstash
- Installing Logstash forwarder
- Logstash plugins
- Installing Kibana
- Configuring Kibana
- Running Kibana
- Kibana interface
- Summary
- 2. Building Your First Data Pipeline with ELK
- 3. Collect, Parse and Transform Data with Logstash
- Configuring Logstash
- Logstash plugins
- Summary
- 4. Creating Custom Logstash Plugins
- 5. Why Do We Need Elasticsearch in ELK?
- 6. Finding Insights with Kibana
- 7. Kibana – Visualization and Dashboard
- 8. Putting It All Together
- 9. ELK Stack in Production
- 10. Expanding Horizons with ELK
- A. Bibliography
- 1. Introduction to ELK Stack
- Index
- Configuring unicasting discovery
- 1. Getting Started with Elasticsearch
Now that we have set up the data to be consumed by a CSV file into Logstash, followed by parsing and processing based on the data type needed, we now need to put the data in Elasticsearch so that we can index the different fields and consume them later via the Kibana interface.
We will use the output plugin of Logstash for an elasticsearch output.
A typical elasticsearch plugin configuration looks like this:
output {
elasticsearch {
action => # string (optional), default: "index"
cluster => # string (optional)
host => # string (optional)
document_id => # string (optional), default: nil
index => # string (optional), default: "logstash-%{+YYYY.MM.dd}"
index_type => # string (optional)
port => # string (optional)
protocol => # string, one of ["node", "transport", "http"] (optional)
}
}action: This specifies what action to perform on incoming documents. The default is"index"and possible values are"index"or"delete". The"index"value will index a document and"delete"will delete a document based on document ID.cluster: This is the name of the cluster set inelasticsearch.host: This is the hostname or IP address of theelasticsearch.document_id: This is the document ID of the index; it is useful to delete or overwrite the existing entries.index: This is the index name to which the incoming events have to be written. By default, it is indexed based on each day, and named as"logstash-%{+YYYY.MM.dd}".index_type: This specifies the index type to write events to. This is to ensure that you write similar types of events to the same index type.port: This specifies the port to be used for theelasticsearchservice.protocol: This specifies the protocol to be used to connect with Elasticsearch. The values are"http","node", and"transport".
Now, let's take a look at our elasticsearch output configuration:
output{
elasticsearch {
host => "localhost"
}}We used the default value for index and most of the other settings.
Now, when we have seen how individual plugins are configured, let's take a look at what the overall Logstash configuration looks like:
input{
file{
path =>"/opt/logstash/input/GOOG.csv"
start_position =>"beginning"
}
}
filter{
csv{
columns =>
["date_of_record","open","high","low","close","volume","adj_close"]
separator => ","
}
date {
match => ["date_of_record","yyyy-MM-dd"]
}
mutate {
convert => ["open","float"]
convert => ["high","float"]
convert => ["low","float"]
convert => ["close","float"]
convert => ["volume","integer"]
convert => ["adj_close","float"]
}
}
output{
elasticsearch {
host => "localhost"
}
}We will save this configuration in the Logstash installation folder with the name logstash.conf, and as we saw earlier, we can run Logstash with this configuration using the following command:
$ bin/logstash –f logstash.conf
Logstash will start to run with the defined configuration and keep on indexing all incoming events to the elasticsearch indexes. You may see an output similar to this on the console:
May 31, 2015 4:04:54 PM org.elasticsearch.node.internal.InternalNode start INFO: [logstash-4004-9716] started Logstash startup completed
At this point, we can open the elasticsearch Kopf plugin console to verify whether we have some documents indexed already, and we can also query the documents.
Elasticsearch Kopf interface
As we can see that there are 129 documents indexed already, we verified that our Logstash configuration worked well.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.