Lab 1.5: Configure elasticsearch templates

Templates are used to create mappings between logstash and elasticsearch. Without the mappings elasticsearch will create automatic mappings however these will be elasticsearch’s best guess as to the field. In most cases this will default to text. This means many of the fields such as IP address’s will be searchable but not able to be used in Visualisations.

Upload elasticsearch templates and mappings. There are multiple way this can be achieved. The most common ways are cURL and a REST based program such as POSTMAN. Feel free to use whichever method you are most comfortable with.

Note

RECOMMENDATION Use cURL for the uploading of the templates with json file. POSTMAN is useful for Elasticsearch management once the template are in place.

Task 1 Option1 - Install module templates in Elasticsearch via cURL

  1. Install Index Templates into Elastic Search for the required modules
cd <git clone directory>/json/ git clone directory from Lab 1
curl -XPUT http://localhost:9200/_template/pem?pretty -d @pem_mapping.json
curl -XPUT http://localhost:9200/_template/afm?pretty -d @afm_mapping.json
curl -XPUT http://localhost:9200/_template/dns?pretty -d @dns_mapping.json

Task 1 Option1 - Install module templates in Elasticsearch via POSTMAN

  1. Import ELK Postman Collection and Environment

  2. Click the ‘Import from Link’ tab. Paste the following URL into the text box and click ‘Import’

    https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/develop/postman_collections/ELK Stack.postman_collection.json

  3. You should now see a collection named ‘F5 ELK’ in your Postman Collections sidebar:

    template1

  4. Import the Environment file by clicking ‘Import’ -> ‘Import from Link’ and pasting the following URL and clicking ‘Import’:

    https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/develop/postman_collections/F5 ELK Env.postman_environment.json

    template2

  1. Click on GET Elasticsearch information, HIT SEND.

template3

You should see cluster information regarding elasticsearch

  1. Click on GET Elasticsearch indices, HIT SEND.

template4

You should see the current index’s and information regarding each index.

We will use this command to observe the creation of new indexes

  1. Click on GET Elasticsearch Template Searches, HIT SEND

template5

You should see any current templates listed.

Note

New Install will NOT contain any templates showing {}

  1. Click on Create Template AFM + PEM + DNS Install all templates

template6

Note

Create all templates from the POSTMAN collection

  1. Verify templates created and exist. Click on GET Elasticsearch Template Searches

template7

Note

Look through the template JSON outputted by POSTMAN. Verify and check that the three templates created are present.

Previous Next