发表新帖
发表新帖

Create index-patterns from console with Kibana 6.0 or 7+ (v7.0.1)

前端 未结
关注
5 850
面向向阳花
面向向阳花 2021-01-05 07:24

I recently upgraded my ElasticStack instance from 5.5 to 6.0, and it seems that some of the breaking changes of this version has harmed my pipeline. I had a script that, dep

相关标签:
5条回答
  • 日久生厌
    2021-01-05 07:27

    Create index-pattern in bulk with timestamp:

    cat index_svc.txt
my-index1
my-index2
my-index3
my-index4
my-index5
my-index6

cat index_svc.txt | while read index; do
    echo -ne "create index-pattern ${index} \t"
    curl -XPOST "http://10.0.1.44:9200/.kibana/doc/index-pattern:${index}" -H 'Content-Type: application/json' -d "{\"type\":\"index-pattern\",\"index-pattern\":{\"title\":\"${index}2020*\",\"timeFieldName\":\"@timestamp\"}}"
    echo 
done
    0 讨论(0)
  • 情书的邮戳
    2021-01-05 07:36

    For Kibana 7.7.0 with Open Distro security plugin (amazon/opendistro-for-elasticsearch-kibana:1.8.0 Docker image to be precise), this worked for me:

    curl -X POST \
-u USERNAME:PASSWORD \
KIBANA_HOST/api/saved_objects/index-pattern \
-H "kbn-version: 7.7.0" \
-H "kbn-xsrf: true" \
-H "content-type: application/json; charset=utf-8" \
-d '{"attributes":{"title":"INDEX-PATTERN*","timeFieldName":"@timestamp","fields":"[]"}}'

    Please note, that kbn-xsrf header is required, but it seems like it's useless as from security point of view.

    Output was like:

    {"type":"index-pattern","id":"UUID","attributes":{"title":"INDEX-PATTERN*","timeFieldName":"@timestamp","fields":"[]"},"references":[],"migrationVersion":{"index-pattern":"7.6.0"},"updated_at":"TIMESTAMP","version":"VERSION"}

    I can't tell why migrationVersion.index-pattern is "7.6.0".

    For other Kibana versions you should be able to:

    1. Open Kibana UI in browser
    2. Open Developers console, navigate to Network tab
    3. Create index pattern using UI
    4. Open POST request in the Developers console, take a look on URL and headers, than rewrite it to cURL
    0 讨论(0)
  • 醉酒成梦
    2021-01-05 07:47

    Indices created in Elasticsearch 6.0.0 or later may only contain a single mapping type.

    Indices created in 5.x with multiple mapping types will continue to function as before in Elasticsearch 6.x.

    Mapping types will be completely removed in Elasticsearch 7.0.0.

    Maybe you are creating a index with more than one doc_types in ES 6.0.0. https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html

    0 讨论(0)
  • 臣服心动
    2021-01-05 07:52

    If you are Kibana 7.0.1 / 7+ then you can refer saved_objects API ex: Refer: https://www.elastic.co/guide/en/kibana/master/saved-objects-api.html (Look for Get, Create, Delete etc).

    In this case, we'll use: https://www.elastic.co/guide/en/kibana/master/saved-objects-api-create.html

    $ curl -X POST -u $user:$pass -H "Content-Type: application/json" -H "kbn-xsrf:true"  "${KIBANA_URL}/api/saved_objects/index-pattern/dummy_index_pattern" -d '{ "attributes": { "title":"index_name*", "timeFieldName":"sprint_start_date"}}'  -w "\n" | jq

    and

      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   327  100   250  100    77    543    167 --:--:-- --:--:-- --:--:--   543
{
  "type": "index-pattern",
  "id": "dummy_index_pattern",
  "attributes": {
    "title": "index_name*",
    "timeFieldName": "sprint_start_date"
  },
  "references": [],
  "migrationVersion": {
    "index-pattern": "6.5.0"
  },
  "updated_at": "2020-02-25T22:56:44.531Z",
  "version": "Wzg5NCwxNV0="
}

    Where $KIBANA_URL was set to: http://my-elk-stack.devops.local:5601

    If you don't have jq installed, remove | jq from the command (as listed above).

    PS: When KIBANA's GUI is used to create an index-pattern, Kibana stores its i.e. index ID as an alpha-numeric value (ex: laskl32ukdflsdjflskadf-sdf-sdfsaldkjfhsdf-dsfasdf) which is hard to use/find/type when doing GET operation to find info about an existing index-pattern using the following curl command.

    If you passed index pattern name (like we did above), then in Kibana/Elasticsearch, it'll story the Index-Pattern's ID by the name you gave to the REST call (ex: .../api/saved_objects/index-pattern/dummy_index_pattern")

    here: dummy_index_pattern will become the ID (only visible if you hover over your mouse on the index-pattern name in Kibana GUI) and

    it'll have it's index name as: index_name* (i.e. what's listed in GUI when you click on Kibana Home > Gear icon > Index Patterns and see the index patterns listed on the right side.

    NOTE: The timeFieldName is very important. This is the field, which is used for looking for time-series events (i.e. especially TSVB Time Series Visual Builder Visualization type). By default, it uses @timestamp field, but if you recreate your index (instead of sending delta information to your target Elasticsearch index from a data source (ex: JIRA)) every time and send all data in one shot from scratch from a data source, then @timestamp won't help with Visualization's Time-Spanning/Window feature (where you change time from last 1 week to last 1 hour or last 6 months); in that case, you can set a different field i.e. sprint_start_date like I used (and now in Kibana Discover data page, if you select this index-pattern, it'll use sprint_start_date (type: date) field, for events.

    To GET index pattern info about the newly created index-pattern, you can refer: https://www.elastic.co/guide/en/kibana/master/saved-objects-api-get.html --OR run the following where (the last value in the URL path is the ID value of the index pattern we created earlier:

    curl -X GET "${KIBANA_URL}/api/saved_objects/index-pattern/dummy_index_pattern" | jq

    or

    otherwise (if you want to perform a GET on an index pattern which is created via Kibana's GUI/webpage under Page Index Pattern > Create Index Pattern, you'd have to enter something like this:

    curl -X GET "${KIBANA_URL}/api/saved_objects/index-pattern/jqlaskl32ukdflsdjflskadf-sdf-sdfsaldkjfhsdf-dsfasdf" | jq
    0 讨论(0)
  • 情话喂你
    2021-01-05 07:53

    The URL has been changed in version 6.0.0, here is the new URL:

    http://localhost:9200/.kibana/doc/doc:index-pattern:my-index-pattern-name

    This CURL should work for you:

    curl -XPOST "http://localhost:9200/.kibana/doc/index-pattern:my-index-pattern-name" -H 'Content-Type: application/json' -d'
{
  "type" : "index-pattern",
  "index-pattern" : {
    "title": "my-index-pattern-name*",
    "timeFieldName": "execution_time"
  }
}'
    0 讨论(0)
 看不清?
提交回复
热议问题