Versions Compared

Old Version 5

changes.mady.by.user John

Saved on

compared with

New Version 6

changes.mady.by.user John

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Prerequisites

  • Docker and cocker-compose is required.

Defining our Kibana Services


Write our docker-compose file for kibana 6.2.3

...

Code Block
titlelogstash.yml
input {
 tcp {
    port => 5400
    codec => json
 }
 http {
    id => "http"
    port => 3000
 }
}
output {
  stdout {
    codec => rubydebug
  }
  elasticsearch {
    hosts => "elasticsearch:9200"
    user => elastic
    password => changeme
  }
}


Starting and Stoping Kibana

See the status of the containers by issuing the following command:

...

Stop our containers

docker-compose stop

Connect to our Kibana Instance

Browse to http://localhost:5601/


Loading Sample Data

Pushing directly to Elasticsearch

You can push to elasticsearch directly using curl as follows:

...

Code Block
languagebash
titlespa.sh
#!/usr/bin/env bash

SOURCE_URL=http://spa.jmehan.com/info/
ELASTIC_URL=localhost:9200/spa/1
TMP_FILE=spa.tmp


HEADER1="Content-Type: application/json"
HEADER2="Cache-Control: no-cache"


curl -L $SOURCE_URL -o $TMP_FILE
curl -s -XPOST -H "$HEADER1" -H "$HEADER2" $ELASTIC_URL --data-binary @$TMP_FILE


rm $TMP_FILE

Manipulating ElasticSearch data

Besides adding data to ElasticSearch, you can search it and delete entries

Examples

Code Block
titleSearch
GET myindex/_search
{
    "query": {
        "range" : {
            "temperature" : {
                "lte" : -10
            }
        }
    }
}


Code Block
titleDelete By Query
POST myindex/_delete_by_query
{
  "query": { 
    "range" : {
            "temperature" : {
                "lte" : -10
            }
    }
  }
}


Using the TCP Input Plugin

We will use the logstash TCP plugin to push JSON data into elasticsearch. 

...

nc -c localhost 5400 < test.json

Using the HTTP Input Plugin

curl -H "content-type: application/json" -XPUT 'http://127.0.0.1:3000/twitter/tweet/1' -d '{

    "user" : "kimchy",

    "post_date" : "2009-11-15T14:12:12",

    "message" : "trying out Elasticsearch"

}'

...

curl -XPUT 'http://127.0.0.1:3000/twitter/tweet/1' -'hello'

References

Reference

URL

Kibanahttps://www.elastic.co/products/kibana
Kibana User Guidehttps://www.elastic.co/guide/en/kibana/6.x/index.html
Install ElasticSearch on Dockerhttps://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
Install Kibana on Dockerhttps://www.elastic.co/guide/en/kibana/current/_pulling_the_image.html
Installing Logstash on Dockerhttps://www.elastic.co/guide/en/logstash/current/docker.html
Installing APM on Dockerhttps://www.elastic.co/guide/en/apm/server/6.2/running-on-docker.html#running-on-docker
Using the TCP input filter with logstashhttps://stackoverflow.com/questions/35143576/sending-data-to-logstash-via-tcp
TCP Logstash input pluginhttps://www.elastic.co/guide/en/logstash/5.5/plugins-inputs-tcp.html
HTTP Logstash input pluginhttps://www.elastic.co/blog/introducing-logstash-input-http-plugin

Deploying ELK Stack to the Raspberry Pi

https://logz.io/blog/elk-stack-raspberry-pi/

...