reindex no use
No Use
POST /_refresh
POST /_flush/synced
POST /_cache/clear
Only do this can apply
Wast time Fxxx system.
..................
..................
..................
..................
..................
..................
..................
..................
..................
..................
..................
..................
..................
..................
..................
very bad document, very bad change version............Everythings is BAD for elk kibana
1、 Every time see this "PUT GET or DELETE" command. Use where ???
https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-get.html
Use in Kibana
AND Question is curl
2、Please Watch 6.5 Not old version
You maybe see many document on Internet that check version First.
3、Before geo_point
keep this command : (or find Internet know this mean)
GET _cat/
GET _cat/indices?v
GET _cat/indices?v&s=index
GET /_settings
GET filebeat*
GET /_template
PUT _template/template_filebeat
POST _reindex
=================Begin================
Firest Must already have default index
If want to auto, see http://sueboy.blogspot.com/2018/11/kibana-default-index-pattern.html
Second
#!/bin/bash
echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories
echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories
echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories
apk --no-cache upgrade
apk --no-cache add curl
echo "=====Elk config ========"
until echo | nc -z -v elasticsearch 9200; do
echo "Waiting Elk Kibana to start..."
sleep 2
done
code="400"
until [ "$code" != "400" ]; do
echo "=====Elk importing mappings json ======="
curl -v -XPUT elasticsearch:9200/_template/template_filebeat -H 'Content-Type: application/json' -d @/usr/share/elkconfig/config/template_filebeat.json 2>/dev/null | head -n 1 | cut -d ':' -f2|cut -d ',' -f1 > code.txt
code=`cat code.txt`
sleep 2
done
#reload index for geo_point
echo "=====Get kibana idnex lists ======="
indexlists=()
while [ ${#indexlists[@]} -eq 0 ]
do
sleep 2
indexlists=($(curl -s elasticsearch:9200/_aliases?pretty=true | awk -F\" '!/aliases/ && $2 != "" {print $2}' | grep filebeat-))
done
for i in "${indexlists[@]}"
do
echo "=====reindex filebeat for geo_point ======="
curl -v -XPOST "http://elasticsearch:9200/_reindex" -H 'Content-Type: application/json' -d'{ "source": { "index": "'$i'" }, "dest": { "index": "'$i-reindex'" } }'
done
#curl -XDELETE "http://elasticsearch:9200/filebeat-*"
#curl -XPUT "http://elasticsearch:9200/filebeat"
tail -f /dev/null
* template_filebeat.json is from
GET _cat/indices?v
you can see some index like
GET filebeat-6.4.2-2018.11.19
ok use your mappings replace this mappings
{
"index_patterns": ["filebeat*"],
"settings": {
"number_of_shards": 1
},
"mappings": {
"doc": {
"properties": {
"@timestamp": {
"type": "date"
},
...
}
Only replace mappings. Official website have example.
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-templates.html
And Change
"coordinates": {
"type": "float" => "geo_point"
},
Save file name:template_filebeat.json
Usually new docker elk logstash already have geoip. add_field like picture and mutate add some item. Here is change type with templates.
Back shell, move to =====Get kibana idnex lists=====
This is get use indexlist now after used late.
Then reindex
Why do this Because reindex let geo_point remake. Already inside index. corrdinates type is float.
If you want to change type, usually get error or maybe success, success is fake.
So only use reindex, let it can do.
https://medium.com/@sami.jan/fundamentals-of-elasticsearch-cbb273160f60
I think use docker elk logstash kibana that want to use quickly. Setting config must set default. Change config only use docker image offer. So docker image No offer and don't change docker image, only use API. But API not everything same use config.
All step
1、elk put template for geo_point
"coordinates": {
"type": "geo_point"
},
2、get already used idnex
3、reindex a -> a_reindex
4、Visualize -> create a visualizaition -> Coordinate Map -> choese Filter "filebeat-*" Maybe your different name, by default index
-> Buckets -> Geo Coordinates -> Aggregation -> Geohash -> Field -> Geoip.coordinates (geo_point) -> RUN