Lab 1.7: Create Index and Import Pre-Configured¶

Index’s are elasticsearchs way of storing documents in shards. When index’s are created the mapping templates we uploaded before are used to map each of the fields to a type. This is only done once when the index is created

Note

If mappings are changed are updates required the “index“ will have to be deleted, the template deleted and mapping changed and template added. At this point re-creating the index will remap to the new template

This Lab will focus on creating the index’s for each module based on logstash in Lab4

We will import the prepared f5 module json kibana searches / virtuals / and dashboards.

Task 1 - Create Kibana Index’s¶

Configure Indexes in Kibana

Configure the first and default index

index pattern = pem-*
select @timestamps

index pattern = afm-*
select @timestamps

Follow PEM example above for AFM

index pattern = dns-*
select @timestamps

Task 2 - Import preconfigured Kibana json’s¶

Searches / Visualisation and Dashboards

Import object data into Kibana

Import the JSON files in the following order:

Searches
Visualisations
Dashboards

Searches

https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/develop/json/elk_searches.json

Visuals

https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/develop/json/elk_visualisations.json

Dashboards

https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/develop/json/elk_dashboards.json

Note

The JSON files have been placed in the IN_CASE_OF_EMERGENCY folder on the desktop

Previous Next