Skip to content

Commit

Permalink
[1.7] Change the index pattern in the sample template. (#1048) (#1069)
Browse files Browse the repository at this point in the history
  • Loading branch information
Mathieu Martin authored Nov 2, 2020
1 parent addf6eb commit e78a1b0
Show file tree
Hide file tree
Showing 6 changed files with 39 additions and 15 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ All notable changes to this project will be documented in this file based on the

### Tooling and Artifact Changes

#### Breaking changes

* Changed the index pattern of the sample Elasticsearch template from `ecs-*` to
`try-ecs-*` to avoid conflicting with Logstash' `ecs-logstash-*`. #1048

#### Bugfixes

* Addressed issue where foreign reuses weren't using the user-supplied `as` value for their destination. #960
Expand Down
2 changes: 1 addition & 1 deletion experimental/generated/elasticsearch/7/template.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"index_patterns": [
"ecs-*"
"try-ecs-*"
],
"mappings": {
"_meta": {
Expand Down
2 changes: 1 addition & 1 deletion generated/elasticsearch/6/template.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"index_patterns": [
"ecs-*"
"try-ecs-*"
],
"mappings": {
"_doc": {
Expand Down
2 changes: 1 addition & 1 deletion generated/elasticsearch/7/template.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"index_patterns": [
"ecs-*"
"try-ecs-*"
],
"mappings": {
"_meta": {
Expand Down
41 changes: 30 additions & 11 deletions generated/elasticsearch/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,52 @@
Crafting the perfect Elasticsearch template is an art. But here's a good starting
point for experimentation.

When you're ready to customize this template to the precise needs of your use case,
please check out [USAGE.md](../../USAGE.md).

## Notes on index naming

This sample Elasticsearch template will apply to any index named `try-ecs-*`.
This is good for experimentation.

Note that an index following ECS can be named however you need. There's no requirement
to have "ecs" in the index name.

## Instructions

Load the template from your shell
If you want to play with a specific version of ECS, check out the proper branch first.

```
git checkout 1.6
```

Load the template in Elasticsearch from your shell.

```bash
# Elasticsearch 7
curl -XPOST 'localhost:9200/_template/ecs-test' --header "Content-Type: application/json" \
curl -XPOST 'localhost:9200/_template/try-ecs' \
--header "Content-Type: application/json" \
-d @'generated/elasticsearch/7/template.json'

# or Elasticsearch 6
curl -XPOST 'localhost:9200/_template/ecs-test' --header "Content-Type: application/json" \
curl -XPOST 'localhost:9200/_template/try-ecs' \
--header "Content-Type: application/json" \
-d @'generated/elasticsearch/6/template.json'
```

Play from Kibana Dev Tools

```
# 👀
GET _template/ecs-test
# Look at the template you just uploaded 👀
GET _template/try-ecs
# index
PUT ecs-test
GET ecs-test
POST ecs-test/_doc
{ "@timestamp": "2019-02-26T22:38:39.000Z", "message": "Hello ECS World", "host": { "ip": "10.42.42.42"} }
# index a document
PUT try-ecs-test
GET try-ecs-test
POST try-ecs-test/_doc
{ "@timestamp": "2020-10-26T22:38:39.000Z", "message": "Hello ECS World", "host": { "ip": "10.42.42.42"} }
# enjoy
GET ecs-test/_search
GET try-ecs-test/_search
{ "query": { "term": { "host.ip": "10.0.0.0/8" } } }
```
2 changes: 1 addition & 1 deletion scripts/generators/es_template.py
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ def save_json(file, data):

def default_template_settings():
return {
"index_patterns": ["ecs-*"],
"index_patterns": ["try-ecs-*"],
"order": 1,
"settings": {
"index": {
Expand Down

0 comments on commit e78a1b0

Please sign in to comment.