Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
elastic_search [2018/08/03 02:53]
root [Beats]
elastic_search [2019/01/09 04:12] (current)
root [Alerting and Monitoring - X-Pack - Watcher]
Line 18: Line 18:
 </​code>​ </​code>​
  
 +== Installing Elastic with Docker == 
 +
 +A nice way to start is with the docker ELK stack 
 +<​code>​
 +git clone https://​github.com/​deviantony/​docker-elk
 +</​code>​
 +
 +cd to the directory and docker-compose up 
  
 == Configuraiton ==  == Configuraiton == 
Line 229: Line 237:
 | | Ids      |        ​| |  ​  | | | | Ids      |        ​| |  ​  | |
 | | Type ​    ​|  ​      ​| |  ​  | | | | Type ​    ​|  ​      ​| |  ​  | |
 +
 +
 +Demystifying Elasticsearch Queries https://​qbox.io/​blog/​elasticsearch-queries-match-phrase-match
 +
 +
  
  
Line 692: Line 705:
 * https://​elasticsearch-dsl.readthedocs.io/​en/​latest/​ * https://​elasticsearch-dsl.readthedocs.io/​en/​latest/​
  
 +<code python>
 +from elasticsearch import Elasticsearch
 +from elasticsearch_dsl import Search
  
 +client = Elasticsearch()
 +
 +s = Search(using=client,​ index="​my-index"​) \
 +    .filter("​term",​ category="​search"​) \
 +    .query("​match",​ title="​python"​) ​  \
 +    .exclude("​match",​ description="​beta"​)
 +
 +</​code>​
 +== Elastic Cluster Managment == 
 +There is a (python) based tools https://​curator.readthedocs.io/​en/​latest/​ that helps manage clusters, indecies, snapshots etc
 == Kibana ==  == Kibana == 
  
Line 701: Line 727:
 curl -XGET "​http://​xxx.xxx.xxx.xxx:​9200/​.kibana/​visualization/​visualization_name?​pretty=1"​ curl -XGET "​http://​xxx.xxx.xxx.xxx:​9200/​.kibana/​visualization/​visualization_name?​pretty=1"​
 </​code>​ </​code>​
 +
 +== Alerting and Monitoring - X-Pack - Watcher == 
 +
 +X-pack watcher was formerly a stand alone package in ver 5. Wachter can be run on any query. ​
 +A Watcher is json document in Elastic
 +<​code>​
 +PUT _watcher/​watch/​my_list_of_watchers
 +{
 +  "​trigger"​ : { 
 +     "​schedule"​ : {
 +        "​interval"​ : "​10s" ​
 +     ​} ​
 +  }, {
 +    "​input"​ : {},
 +    "​conditions"​ : {},
 +    "​actions"​ : {}
 +  } 
 +}
 +</​code>​
 +
 +Elastic also stores the "watch history"​ in an index that can also be show in the dashboard
 +
 +* **input** can be a http request, or search request ​
 +* **condition** expression to be true or false 
 +* **action** ​ might be Email Action, Webhook Action, Index Action, Logging Action, HipChat Action
 +Slack Action, PagerDuty Action, Jira Action
 +https://​www.elastic.co/​guide/​en/​x-pack/​current/​actions.html
 +
 +
 +**See also** ​
 +* https://​github.com/​Yelp/​elastalert Yelp created their own Alert plugin for Elastic ​
 +* Air-bnb stream alert on AWS with python https://​medium.com/​airbnb-engineering/​streamalert-real-time-data-analysis-and-alerting-e8619e3e5043
 == Links and Reference ==  == Links and Reference == 
 * https://​qbox.io/​blog/​maximize-guide-elasticsearch-indexing-performance-part-3 Qbox performance guide  * https://​qbox.io/​blog/​maximize-guide-elasticsearch-indexing-performance-part-3 Qbox performance guide 
Line 711: Line 769:
 * [[http://​elastica.io/​api/​3.2.0/​namespaces/​Elastica.html | Elastica]] php library with a good break down of the fields ​ * [[http://​elastica.io/​api/​3.2.0/​namespaces/​Elastica.html | Elastica]] php library with a good break down of the fields ​
 * tutorials https://​abhishek376.wordpress.com/​2014/​11/​24/​how-we-optimized-100-sec-elasticsearch-queries-to-be-under-a-sub-second/​ * tutorials https://​abhishek376.wordpress.com/​2014/​11/​24/​how-we-optimized-100-sec-elasticsearch-queries-to-be-under-a-sub-second/​
 +
 +
 +== Building a Chat Bot with Elastic == 
 +* https://​speakerdeck.com/​ifengc/​building-chatbot-using-elasticsearch?​slide=24
 
elastic_search.1533290037.txt.gz · Last modified: 2018/08/03 02:53 by root
 
RSS - 200 © CrosswireDigitialMedia Ltd