Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the index pattern in the sample template. #1048

Merged
merged 2 commits into from
Nov 2, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ All notable changes to this project will be documented in this file based on the

### Tooling and Artifact Changes

#### Breaking changes

* Changed the index pattern of the sample Elasticsearch template from `ecs-*` to
`try-ecs-*` to avoid conflicting with Logstash' `ecs-logstash-*`. #1048

#### Bugfixes

* Addressed issue where foreign reuses weren't using the user-supplied `as` value for their destination. #960
Expand Down
2 changes: 1 addition & 1 deletion experimental/generated/elasticsearch/7/template.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"index_patterns": [
"ecs-*"
"try-ecs-*"
],
"mappings": {
"_meta": {
Expand Down
2 changes: 1 addition & 1 deletion generated/elasticsearch/6/template.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"index_patterns": [
"ecs-*"
"try-ecs-*"
],
"mappings": {
"_doc": {
Expand Down
2 changes: 1 addition & 1 deletion generated/elasticsearch/7/template.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"index_patterns": [
"ecs-*"
"try-ecs-*"
],
"mappings": {
"_meta": {
Expand Down
41 changes: 30 additions & 11 deletions generated/elasticsearch/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,52 @@
Crafting the perfect Elasticsearch template is an art. But here's a good starting
point for experimentation.

When you're ready to customize this template to the precise needs of your use case,
please check out [USAGE.md](../../USAGE.md).

## Notes on index naming

This sample Elasticsearch template will apply to any index named `try-ecs-*`.
This is good for experimentation.

Note that an index following ECS can be named however you need. There's no requirement
to have "ecs" in the index name.

## Instructions

Load the template from your shell
If you want to play with a specific version of ECS, check out the proper branch first.

```
git checkout 1.6
```

Load the template in Elasticsearch from your shell.

```bash
# Elasticsearch 7
curl -XPOST 'localhost:9200/_template/ecs-test' --header "Content-Type: application/json" \
curl -XPOST 'localhost:9200/_template/try-ecs' \
--header "Content-Type: application/json" \
-d @'generated/elasticsearch/7/template.json'

# or Elasticsearch 6
curl -XPOST 'localhost:9200/_template/ecs-test' --header "Content-Type: application/json" \
curl -XPOST 'localhost:9200/_template/try-ecs' \
--header "Content-Type: application/json" \
-d @'generated/elasticsearch/6/template.json'
```

Play from Kibana Dev Tools

```
# 👀
GET _template/ecs-test
# Look at the template you just uploaded 👀
GET _template/try-ecs
# index
PUT ecs-test
GET ecs-test
POST ecs-test/_doc
{ "@timestamp": "2019-02-26T22:38:39.000Z", "message": "Hello ECS World", "host": { "ip": "10.42.42.42"} }
# index a document
PUT try-ecs-test
GET try-ecs-test
POST try-ecs-test/_doc
{ "@timestamp": "2020-10-26T22:38:39.000Z", "message": "Hello ECS World", "host": { "ip": "10.42.42.42"} }
# enjoy
GET ecs-test/_search
GET try-ecs-test/_search
{ "query": { "term": { "host.ip": "10.0.0.0/8" } } }
```
2 changes: 1 addition & 1 deletion scripts/generators/es_template.py
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ def save_json(file, data):

def default_template_settings():
return {
"index_patterns": ["ecs-*"],
"index_patterns": ["try-ecs-*"],
"order": 1,
"settings": {
"index": {
Expand Down