5.0 Updates for apache demo

Dale McDiarmid · Dale McDiarmid · commit 71b094d10ad2 · 2016-10-28T13:04:25.000+01:00
diff --git a/ElasticStack_apache/README.md b/ElasticStack_apache/README.md
@@ -1,14 +1,14 @@
-### Getting Started with ELK for Apache Logs
-This **Getting Started with ELK** example provides sample files to ingest, analyze & visualize **Apache Access Logs** using the ELK stack, i.e. Elasticsearch, Logstash and Kibana. The sample logs in this example are in the default apache combined log format.
+### Getting Started with Elastic Stack for Apache Logs
+This **Getting Started with Elastic Stack** example provides sample files to ingest, analyze & visualize **Apache Access Logs** using the Elastic Stack, i.e. Elasticsearch, Logstash and Kibana. The sample logs in this example are in the default apache combined log format.
 
 ##### Version
 Example has been tested in following versions:
-- Elasticsearch 2.0 
-- Logstash 2.0
-- Kibana 4.2.0
+- Elasticsearch 5.0
+- Logstash 5.0
+- Kibana 5.0
 
 ### Installation & Setup
-* Follow the [Installation & Setup Guide](https://github.com/elastic/examples/blob/master/Installation%20and%20Setup.md) to install and test the ELK stack (*you can skip this step if you have a working installation of the ELK stack,*)
+* Follow the [Installation & Setup Guide](https://github.com/elastic/examples/blob/master/Installation%20and%20Setup.md) to install and test the Elastic Stack (*you can skip this step if you have a working installation of the Elastic Stack,*)
 
 * Run Elasticsearch & Kibana
   ```shell
@@ -52,17 +52,17 @@ cat apache_logs | <path_to_logstash_root_dir>/bin/logstash -f apache_logstash.co
 
  * Verify that data is succesfully indexed into Elasticsearch
 
-  Running `http://localhost:9200/apache_elk_example/_count` should return a response a `"count":10000`
+  Running `http://localhost:9200/apache_elastic_example/_count` should return a response a `"count":10000`
 
  **Note:** Included `apache_logstash.conf` configuration file assumes that you are running Elasticsearch on the same host as Logstash and have not changed the defaults. Modify the `host` and `cluster` settings in the `output { elasticsearch { ... } }`   section of apache_logstash.conf, if needed.
 
 ##### 2. Visualize data in Kibana
 
 * Access Kibana by going to `http://localhost:5601` in a web browser
-* Connect Kibana to the `apache_elk_example` index in Elasticsearch (autocreated in step 1)
-    * Click the **Settings** tab >> **Indices** tab >> **Create New**. Specify `apache_elk_example` as the index pattern name and click **Create** to define the index pattern. (Leave the **Use event times to create index names** box unchecked)
+* Connect Kibana to the `apache_elastic_example` index in Elasticsearch (autocreated in step 1)
+    * Click the **Management** tab >> **Index Patterns** tab >> **Create New**. Specify `apache_elastic_example` as the index pattern name and click **Create** to define the index pattern. (Leave the **Use event times to create index names** box unchecked and use @timestamp as the Time Field)
 * Load sample dashboard into Kibana
-    * Click the **Settings** tab >> **Objects** tab >> **Import**, and select `apache_kibana.json`
+    * Click the **Management** tab >> **Saved Objects** tab >> **Import**, and select `apache_kibana.json`
 * Open dashboard
     * Click on **Dashboard** tab and open `Sample Dashboard for Apache Logs` dashboard
 
diff --git a/ElasticStack_apache/apache_dashboard.jpg b/ElasticStack_apache/apache_dashboard.jpg
diff --git a/ElasticStack_apache/apache_dashboard.png b/ElasticStack_apache/apache_dashboard.png
diff --git a/ElasticStack_apache/apache_kibana.json b/ElasticStack_apache/apache_kibana.json
@@ -25,7 +25,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
       }
     }
   },
@@ -51,7 +51,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"response\",\"value\":\"200\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"response\":{\"query\":200,\"type\":\"phrase\"}}}}]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"response\",\"value\":\"200\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"response\":{\"query\":200,\"type\":\"phrase\"}}}}]}"
       }
     }
   },
@@ -64,7 +64,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"useragent.device.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"useragent.device.raw\",\"value\":\"Spider\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Spider\",\"type\":\"phrase\"}}}}]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"useragent.device.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"useragent.device.raw\",\"value\":\"Spider\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Spider\",\"type\":\"phrase\"}}}}]}"
       }
     }
   },
@@ -77,7 +77,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"useragent.os.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.os.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}}]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"useragent.os.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.os.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}}]}"
       }
     }
   },
@@ -90,7 +90,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
       }
     }
   },
@@ -103,7 +103,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
       }
     }
   },
@@ -116,7 +116,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
       }
     }
   },
@@ -129,7 +129,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
       }
     }
   },
@@ -142,7 +142,7 @@
       "description": "",
       "version": 1,
       "kibanaSavedObjectMeta": {
-        "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
+        "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
       }
     }
   }
diff --git a/ElasticStack_apache/apache_logstash.conf b/ElasticStack_apache/apache_logstash.conf
@@ -27,14 +27,13 @@ filter {
 
 output {
   stdout {
-    codec => plain { charset => "ISO-8859-1" }
+    codec => dots {}
   }
-  
+
   elasticsearch {
-    hosts => "http://localhost:9200"
-    index => "apache_elk_example"
+    index => "apache_elastic_example"
     template => "./apache_template.json"
-    template_name => "apache_elk_example"
+    template_name => "apache_elastic_example"
     template_overwrite => true
   }
 }
diff --git a/ElasticStack_apache/apache_template.json b/ElasticStack_apache/apache_template.json
@@ -1,6 +1,6 @@
 {
 
-  "template": "apache_elk_example",
+  "template": "apache_elastic_example",
   "settings": {
      "index.refresh_interval": "5s"
   },
@@ -10,9 +10,8 @@
            {
               "message_field": {
                  "mapping": {
-                    "index": "analyzed",
                     "omit_norms": true,
-                    "type": "string"
+                    "type": "text"
                  },
                  "match_mapping_type": "string",
                  "match": "message"
@@ -21,14 +20,12 @@
            {
               "string_fields": {
                  "mapping": {
-                    "index": "analyzed",
                     "omit_norms": true,
-                    "type": "string",
+                    "type": "text",
                     "fields": {
                        "raw": {
-                          "index": "not_analyzed",
                           "ignore_above": 256,
-                          "type": "string"
+                          "type": "keyword"
                        }
                     }
                  },
@@ -48,8 +45,7 @@
               "type": "object"
            },
            "@version": {
-              "index": "not_analyzed",
-              "type": "string"
+              "type": "keyword"
            }
         },
         "_all": {

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`"description": "",`
`26`	`26`	`"version": 1,`
`27`	`27`	`"kibanaSavedObjectMeta": {`
`28`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
	`28`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
`29`	`29`	`}`
`30`	`30`	`}`
`31`	`31`	`},`
`@@ -51,7 +51,7 @@`
`51`	`51`	`"description": "",`
`52`	`52`	`"version": 1,`
`53`	`53`	`"kibanaSavedObjectMeta": {`
`54`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"response\",\"value\":\"200\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"response\":{\"query\":200,\"type\":\"phrase\"}}}}]}"`
	`54`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"response\",\"value\":\"200\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"response\":{\"query\":200,\"type\":\"phrase\"}}}}]}"`
`55`	`55`	`}`
`56`	`56`	`}`
`57`	`57`	`},`
`@@ -64,7 +64,7 @@`
`64`	`64`	`"description": "",`
`65`	`65`	`"version": 1,`
`66`	`66`	`"kibanaSavedObjectMeta": {`
`67`		- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"useragent.device.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"useragent.device.raw\",\"value\":\"Spider\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Spider\",\"type\":\"phrase\"}}}}]}"
	`67`	+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"useragent.device.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"useragent.device.raw\",\"value\":\"Spider\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.device.raw\":{\"query\":\"Spider\",\"type\":\"phrase\"}}}}]}"
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`	`},`
`@@ -77,7 +77,7 @@`
`77`	`77`	`"description": "",`
`78`	`78`	`"version": 1,`
`79`	`79`	`"kibanaSavedObjectMeta": {`
`80`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elk_example\",\"key\":\"useragent.os.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.os.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}}]}"`
	`80`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"apache_elastic_example\",\"key\":\"useragent.os.raw\",\"value\":\"Other\",\"disabled\":false,\"negate\":true,\"apply\":true},\"query\":{\"match\":{\"useragent.os.raw\":{\"query\":\"Other\",\"type\":\"phrase\"}}}}]}"`
`81`	`81`	`}`
`82`	`82`	`}`
`83`	`83`	`},`
`@@ -90,7 +90,7 @@`
`90`	`90`	`"description": "",`
`91`	`91`	`"version": 1,`
`92`	`92`	`"kibanaSavedObjectMeta": {`
`93`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
	`93`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
`94`	`94`	`}`
`95`	`95`	`}`
`96`	`96`	`},`
`@@ -103,7 +103,7 @@`
`103`	`103`	`"description": "",`
`104`	`104`	`"version": 1,`
`105`	`105`	`"kibanaSavedObjectMeta": {`
`106`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
	`106`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
`107`	`107`	`}`
`108`	`108`	`}`
`109`	`109`	`},`
`@@ -116,7 +116,7 @@`
`116`	`116`	`"description": "",`
`117`	`117`	`"version": 1,`
`118`	`118`	`"kibanaSavedObjectMeta": {`
`119`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
	`119`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
`120`	`120`	`}`
`121`	`121`	`}`
`122`	`122`	`},`
`@@ -129,7 +129,7 @@`
`129`	`129`	`"description": "",`
`130`	`130`	`"version": 1,`
`131`	`131`	`"kibanaSavedObjectMeta": {`
`132`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
	`132`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
`133`	`133`	`}`
`134`	`134`	`}`
`135`	`135`	`},`
`@@ -142,7 +142,7 @@`
`142`	`142`	`"description": "",`
`143`	`143`	`"version": 1,`
`144`	`144`	`"kibanaSavedObjectMeta": {`
`145`		`- "searchSourceJSON": "{\"index\":\"apache_elk_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
	`145`	`+ "searchSourceJSON": "{\"index\":\"apache_elastic_example\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"`
`146`	`146`	`}`
`147`	`147`	`}`
`148`	`148`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,14 +27,13 @@ filter {`
`27`	`27`
`28`	`28`	`output {`
`29`	`29`	`stdout {`
`30`		`- codec => plain { charset => "ISO-8859-1" }`
	`30`	`+ codec => dots {}`
`31`	`31`	`}`
`32`		`-`
	`32`	`+`
`33`	`33`	`elasticsearch {`
`34`		`- hosts => "http://localhost:9200"`
`35`		`- index => "apache_elk_example"`
	`34`	`+ index => "apache_elastic_example"`
`36`	`35`	`template => "./apache_template.json"`
`37`		`- template_name => "apache_elk_example"`
	`36`	`+ template_name => "apache_elastic_example"`
`38`	`37`	`template_overwrite => true`
`39`	`38`	`}`
`40`	`39`	`}`