Elastic search and Kibana - getting started
Contents
#Installation:
curl -L -O http://download.elasticsearch.org/PATH/TO/VERSION.zip
unzip elasticsearch-$VERSION.zip
cd elasticsearch-$VERSION
Marvel is management plugin - console about cluster. Install:
./bin/plugin -i elasticsearch/marvel/latest
# disable data collection for local cluster
echo 'marvel.agent.enabled: false' >> ./config/elasticsearch.yml
Test
Startup log:
➜ elasticsearch-1.3.2 bin/elasticsearch
[2014-08-27 11:17:08,325][INFO ][node ] [Joe Fixit] version[1.3.2], pid[59610], build[dee175d/2014-08-13T14:29:30Z]
[2014-08-27 11:17:08,325][INFO ][node ] [Joe Fixit] initializing ...
[2014-08-27 11:17:08,338][INFO ][plugins ] [Joe Fixit] loaded [marvel], sites [marvel, kopf]
[2014-08-27 11:17:10,905][INFO ][marvel.agent ] [Joe Fixit] collecting disabled by settings
[2014-08-27 11:17:11,020][INFO ][node ] [Joe Fixit] initialized
[2014-08-27 11:17:11,021][INFO ][node ] [Joe Fixit] starting ...
[2014-08-27 11:17:11,131][INFO ][transport ] [Joe Fixit] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.179.121:9300]}
[2014-08-27 11:17:11,148][INFO ][discovery ] [Joe Fixit] elasticsearch/nNgRXlHARHCPutTq7dZXWg
[2014-08-27 11:17:14,160][INFO ][cluster.service ] [Joe Fixit] new_master [Joe Fixit][nNgRXlHARHCPutTq7dZXWg][Miros-MacBook-Pro-2.local][inet[/192.168.179.121:9300]], reason: zen-disco-join (elected_as_master)
[2014-08-27 11:17:14,181][INFO ][http ] [Joe Fixit] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.179.121:9200]}
[2014-08-27 11:17:14,181][INFO ][node ] [Joe Fixit] started
[2014-08-27 11:17:14,726][INFO ][gateway ] [Joe Fixit] recovered [4] indices into cluster_state
[2014-08-27 11:18:00,491][INFO ][cluster.service ] [Joe Fixit] added {[logstash-Miros-MacBook-Pro-2.local-59618-4086][Eh5YjUFxSIWIn4xK45xu0w][Miros-MacBook-Pro-2.local][inet[/192.168.179.121:9301]]{client=true, data=false},}, reason: zen-disco-receive(join from node[[logstash-Miros-MacBook-Pro-2.local-59618-4086][Eh5YjUFxSIWIn4xK45xu0w][Miros-MacBook-Pro-2.local][inet[/192.168.179.121:9301]]{client=true, data=false}])
Installed some pluggins - marvel, kopf ...
➜ ~ curl 'http://localhost:9200/?pretty'
{
"status" : 200,
"name" : "Sea Urchin",
"version" : {
"number" : "1.3.2",
"build_hash" : "dee175dbe2f254f3f26992f5d7591939aaefd12f",
"build_timestamp" : "2014-08-13T14:29:30Z",
"build_snapshot" : false,
"lucene_version" : "4.9"
},
"tagline" : "You Know, for Search"
}
The sense console allows to avoid using curl and do it from browser: - <http://localhost:9200/_plugin/marvel/sense/ >
Cluster
same name in cluster.name, default
➜ elasticsearch-1.3.2 cat config/elasticsearch.yml | grep cluster.name
#cluster.name: elasticsearch
Node names are generated, often funny
- Sea Urchin
- Franz Kafka
➜ elasticsearch-1.3.2 grep -r 'initializing ...' logs/
logs//elasticsearch.log:[2014-08-28 00:00:32,437][INFO ][node ] [Thing] initializing ...
logs//elasticsearch.log:[2014-08-28 00:02:01,637][INFO ][node ] [Stacy X] initializing ...
logs//elasticsearch.log:[2014-08-28 00:21:50,121][INFO ][node ] [Ursa Major] initializing ...
logs//elasticsearch.log:[2014-08-28 10:32:37,790][INFO ][node ] [Sea Urchin] initializing ...
logs//elasticsearch.log.2014-08-21:[2014-08-21 16:39:34,140][INFO ][node ] [Moonstone] initializing ...
logs//elasticsearch.log.2014-08-26:[2014-08-26 12:15:31,948][INFO ][node ] [Hydro-Man] initializing ...
logs//elasticsearch.log.2014-08-27:[2014-08-27 11:17:08,325][INFO ][node ] [Joe Fixit] initializing ...
logs//elasticsearch.log.2014-08-27:[2014-08-27 23:57:11,077][INFO ][node ] [Overkill] initializing ...
APIs
Two built in java clients - port 9300, native protocol
Must have same Java version
- node client (non-data mode)
- transport client (send to remote cluster, does not join the cluster)
APIs for Java, JS, Groovy, Perl, PHP, Python, Ruby (even .NET).
Community API for command line
➜ elasticsearch-1.3.2 curl -s download.elasticsearch.org/es2unix/es >~/bin/es
➜ elasticsearch-1.3.2 es version
zsh: permission denied: es
➜ elasticsearch-1.3.2 chmod +x ~/bin/es
➜ elasticsearch-1.3.2 es version
es 20140723711d4f9
elasticsearch 1.3.2
➜ elasticsearch-1.3.2 es indices -v
status name pri rep size bytes docs
yellow logstash-2014.08.21 5 1 19313 5
yellow shakespeare 5 1 19087632 111396
yellow logstash-2014.08.22 5 1 47220 18
yellow logstash-2014.08.27 5 1 24996521 14490
yellow logstash-2014.08.28 5 1 36012778 22645
yellow kibana-int 5 1 36253 3
yellow .marvel-kibana 5 1 3586 1
yellow logstash-2013.12.11 5 1 9943 1
➜ elasticsearch-1.3.2 es nodes
yI0t6FIPTAm83QlwXWvO1Q 192.168.179.121 9200 192.168.179.121 9300 1.7.0_55 10.6% 0 d * Sea Urchin
Restfull API - 9200
- GET, POST, PUT, HEAD, DELETE
- optional ?pretty
Shorthand:
curl -XGET 'localhost:9200/_count?pretty' -d '
{
"query": {
"match_all": {}
}
}'
=>
GET /_count
{
"query": {
"match_all": {}
}
}
Documents are in JSON - http://en.wikipedia.org/wiki/Json. All clients handle conversion to JSON automagically
See Tutorial on Elastic post
Kibana
Tutorial from: http://www.elasticsearch.org/guide/en/kibana/current/using-kibana-for-the-first-time.html
Applying mapping to prevent indexing of some fields
curl -XPUT http://localhost:9200/shakespeare -d '
{
"mappings" : {
"_default_" : {
"properties" : {
"speaker" : {"type": "string", "index" : "not_analyzed" },
"play_name" : {"type": "string", "index" : "not_analyzed" },
"line_id" : { "type" : "integer" },
"speech_number" : { "type" : "integer" }
}
}
}
}
';
{"acknowledged":true}
[2014-08-27 19:43:07,087][INFO ][cluster.metadata ] [Joe Fixit] [shakespeare] creating index, cause [api], shards [5]/[1], mappings [_default_]
Loaded shakespeare.json
Author Miro Adamy
LastMod 2014-08-27
License (c) 2006-2020 Miro Adamy