F5 CSP Big Data Training 2.0

Current Page

Contents:

Previous topic

Lab 1.4: Install Logstash

Next topic

Lab 1.6: Send Logs to ELK Stack

Community Training Classes & Labs > F5 CSP Big Data Training Index

Lab 1.5: Configure elasticsearch templates

Templates are used to create mappings between logstash and elasticsearch. Without the mappings elasticsearch will create automatic mappings however these will be elasticsearch’s best guess as to the field. In most cases this will default to text. This means many of the fields such as IP address’s will be searchable but not able to be used in Visualisations.

Upload elasticsearch templates and mappings. There are multiple way this can be achieved. The most common ways are cURL and a REST based program such as POSTMAN. Feel free to use whichever method you are most comfortable with.

Note

RECOMMENDATION Use cURL for the uploading of the templates with json file. POSTMAN is useful for Elasticsearch management once the template are in place.

Task 1 Option1 - Install module templates in Elasticsearch via cURL

  1. Install Index Templates into Elastic Search for the required modules
cd <git clone directory>/json/ git clone directory from Lab 1
curl -XPUT http://localhost:9200/_template/pem?pretty -d @pem_mapping.json
curl -XPUT http://localhost:9200/_template/afm?pretty -d @afm_mapping.json
curl -XPUT http://localhost:9200/_template/dns?pretty -d @dns_mapping.json

Task 1 Option1 - Install module templates in Elasticsearch via POSTMAN

  1. Import ELK Postman Collection and Environment

  2. Click the ‘Import from Link’ tab. Paste the following URL into the text box and click ‘Import’

    https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/master/postman_collections/ELK Stack.postman_collection.json

  3. You should now see a collection named ‘F5 ELK’ in your Postman Collections sidebar:

    template1

  4. Import the Environment file by clicking ‘Import’ -> ‘Import from Link’ and pasting the following URL and clicking ‘Import’:

    https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/master/postman_collections/F5 ELK Env.postman_environment.json

    template2

  1. Click on GET Elasticsearch information, HIT SEND.

template3

You should see cluster information regarding elasticsearch

  1. Click on GET Elasticsearch indices, HIT SEND.

template4

You should see the current index’s and information regarding each index.

We will use this command to observe the creation of new indexes

  1. Click on GET Elasticsearch Template Searches, HIT SEND

template5

You should see any current templates listed.

Note

New Install will NOT contain any templates showing {}

  1. Click on Create Template AFM + PEM + DNS Install all templates

template6

Note

Create all templates from the POSTMAN collection

  1. Verify templates created and exist. Click on GET Elasticsearch Template Searches

template7

Note

Look through the template JSON outputted by POSTMAN. Verify and check that the three templates created are present.

Previous Next

Support Programs

Regionally located support centers enable F5 to provide support in a number of languages through native-speaking support engineers.

See more

Contact Support

North America: 1-888-882-7535
Outside North America: 800-11-275-435

Local Support Numbers

Feedback and Help

Have questions, suggestions, or just want to get something off your chest? Let us know.

Leave feedback

About F5

Education

F5 sites

Support Tasks

Connect with us

© Copyright 2017 by F5 Networks, Inc. | Policies | Trademarks