aleksgadgeek / elk Goto Github PK

# Install Elastic Search in Ubuntu 20.04

sudo apt update
sudo apt install openjdk-8-jdk
java -version
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee –a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt install elasticsearch
sudo cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.bak
sudo nano /etc/elasticsearch/elasticsearch.yml
     network.host: localhost
     http.port: 9200
sudo systemctl start elasticsearch.service
sudo systemctl enable elasticsearch.service
curl -X GET "localhost:9200"

ps aux | grep java

sudo systemctl restart elasticsearch.service
curl -X GET "localhost:9200"

# GET INDEX 
curl -X GET "localhost:9200/_cat/indices?v"
# CREATE INDEX 
curl -X PUT "localhost:9200/NAME"

curl -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
"user" : "JAI",
"message" : "Hello to Elasticsearch"
}' "http://localhost:9200/jai/_doc/"

curl -X GET "localhost:9200/jai/"


# Check logs 
less /var/log/elasticsearch/FILENAME.log

# Check node configuration 
curl localhost:9200/_cat/nodes?v

# SETUP ESLAB CLUSTER 
sudo apt update
sudo apt install openjdk-8-jdk
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee –a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt install elasticsearch
wget https://raw.githubusercontent.com/Jaibw/elk/main/eslab-data.yml
cat  eslab-data.yml
sed 's/NODENAME/USER0#/g' eslab-data.yml > elasticsearch.yml
cat elasticsearch.yml
sudo cp elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
sudo systemctl start elasticsearch.service
sudo systemctl enable elasticsearch.service
curl -X GET "localhost:9200"

# INSTALL KIBANA 
sudo apt update
sudo apt install openjdk-8-jdk
java -version
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee –a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt-get install kibana
wget https://raw.githubusercontent.com/Jaibw/elk/main/kibana.yml
cat kibana.yml
sudo cp kibana.yml /etc/kibana/kibana.yml
sudo systemctl start kibana
sudo systemctl enable kibana

# DEV Tools 
GET /
GET _license
GET _cat/health
GET _cat/health?v
GET _cat/nodes
GET _cat/nodes?v
PUT easy_index_by_NAME                          # create an index 
GET _cat/indices?help
GET _cat/indices
GET _cat/indices?v
GET _cat/indices?format=json
GET _cat/indices?format=text
GET _cat/indices?format=yaml
GET _cat/indices?format=smile
GET _cat/indices?format=cbor
GET _cat/indices?format=json&pretty                
GET _cat/indices?v&h=health,index&format=text         # select a header 
GET _cat/indices?s=index:asc                          # sort 
PUT demo_settings_index_by_jai
{
  "settings": {
    "number_of_replicas": 2,
    "number_of_shards": 1
  }
}
GET _cat/indices?v
PUT subjects_by_jai
{
  "mappings": {
    "properties": {
      "name": {
        "type": "text"
      },
      "total_marks": {
        "type": "float"
      },
      "passing_marks": {
        "type": "float"
      },
      "description": {
        "type": "text"
      }
    }
  }
}
GET subjects_by_jai
GET _cat/indices?v
PUT purchase_jan_2022_by_jai
{
  "aliases": {
    "purchase_last_2022_by_jai": {}
  }
}
GET purchase_jan_2022_by_jai
GET purchase_last_2022_by_jai
GET _cat/aliases

# LOAD BULK DATA IN ELASTIC SEARCH 
cd ~
curl -X PUT "localhost:9200/logs_by_NAME"
sed 's/logs/logs_by_NAME/g' logs.json > logs_by_NAME.json
curl -H 'Content-type: application/x-ndjson' http://localhost:9200/logs_by_NAME/_bulk --data-binary @logs_by_NAME.json
curl -X GET "localhost:9200/logs_by_NAME/_refresh"
curl -X GET "localhost:9200/_cat/indices?v" | grep logs_by_NAME
curl -X GET "localhost:9200/logs_by_NAME/_search?pretty=true&q=*:*&size=1"

# CURD IN ELASTIC SEARCH 
PUT data_by_NAME
GET data_by_NAME
POST data_by_NAME/_doc/1
{
  "Name" : "NAME",
  "User" : "user--",
  "Password" : "pass123"
}
GET data_by_NAME/_doc/1
PUT data_by_NAME/_doc/1 
{
  "Name" : "NAME",
  "User" : "user--",
  "Password" : "pass123456"
}
GET data_by_NAME/_doc/1
DELETE data_by_NAME/_doc/1
DELETE data_by_NAME


# INSTALL NGINX AND FILEBEATS 
sudo apt update
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee –a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt install filebeat
sudo apt install nginx 
sudo systemctl start nginx 
sudo systemctl enable nginx
Open Chrome and access nginx on http://PUBLICIP