summaryrefslogtreecommitdiffstats
path: root/scripts/elasticsearch/commands.txt
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/elasticsearch/commands.txt')
-rw-r--r--scripts/elasticsearch/commands.txt205
1 files changed, 205 insertions, 0 deletions
diff --git a/scripts/elasticsearch/commands.txt b/scripts/elasticsearch/commands.txt
new file mode 100644
index 0000000..2e2284a
--- /dev/null
+++ b/scripts/elasticsearch/commands.txt
@@ -0,0 +1,205 @@
+
+ElasticSearch Configuration:
+============================
+
+1. Verify that your ElasticSearch instance configuation contains the following cors parameters in the elasticsearch.yaml file. The CORS
+ workaround has proven to work for Firefox, Chrome, and Opera.
+
+http.cors.enabled: true
+http.cors.allow-origin: "/.*/"
+http.cors.allow-headers: ["X-Requested-With", "Content-Type", "Content-Length"]
+http.cors.allow-credentials: true
+
+2. Start up Elastic Search by running running the elasticsearch.bat in the elasticsearch 2.3.1 bin folder.
+
+If you want to do a cleanup before running these instructions, then you can execute this
+optional command which will destroy the index settings and data.
+
+curl -XDELETE "http://localhost:9200/auditdata?pretty"
+
+Expected Result:
+{
+ "acknowledged" : true
+}
+
+
+ElasticSearch Index Setup and Bulk Load Instructions:
+=====================================================
+
+1. Configure Elastic Search Index
+
+curl -XPUT localhost:9200/auditdata?pretty --data-binary @auditdataConfigSettings.json
+
+Expected Result:
+{
+ "acknowledged" : true
+}
+
+2. Prepare elastic search bulk import:
+
+prepareElasticSearchBulkImport.pl sampleAuditLog5.csv auditBulkLoad.json
+
+curl -XPUT localhost:9200/_bulk?pretty --data-binary @auditBulkLoad.json
+
+At the top of the output verify if there any import errors by looking at the errors field.
+
+Expected Result:
+{
+ "took" : 103,
+ "errors" : false, <-------- this field is important. if true you need to look at the output, otherwise you can ignore it
+ "items" : [ {
+ "create" : {
+ "_index" : "auditdata",
+ "_type" : "everything",
+ "_id" : "AVXN0g6Ve6sNoEtMKGxy",
+ "_version" : 1,
+ "_shards" : {
+ "total" : 2,
+ "successful" : 1,
+ "failed" : 0
+ },
+ "status" : 201
+ }
+
+
+
+3. Verify that auditdata index contains data
+
+curl -XGET http://localhost:9200/_cat/indices?v
+
+Expected Result:
+
+health status index pri rep docs.count docs.deleted store.size pri.store.size
+yellow open auditdata 5 1 250 0 85.2kb 85.2kb
+
+4. Verify configuration of elastic search index parameter settings:
+
+curl -XGET http://localhost:9200/auditdata?pretty
+
+Expected Result:
+{
+ "auditdata" : {
+ "aliases" : { },
+ "mappings" : {
+ "everything" : {
+ "properties" : {
+ "date" : {
+ "type" : "date",
+ "format" : "MMM d y HH:m:s||dd-MM-yyyy HH:mm:ss||yyyy-MM-dd'T'HH:mm:ss.SSSZZ||MM/dd/yyyy"
+ },
+ "entityKey" : {
+ "type" : "string"
+ },
+ "entityType" : {
+ "type" : "string"
+ },
+ "message" : {
+ "type" : "string"
+ },
+ "severity" : {
+ "type" : "string"
+ },
+ "status" : {
+ "type" : "string"
+ }
+ }
+ },
+ "auditdata" : {
+ "properties" : {
+ "date" : {
+ "type" : "date",
+ "format" : "MMM d y HH:m:s||dd-MM-yyyy HH:mm:ss||yyyy-MM-dd'T'HH:mm:ss.SSSZZ||MM/dd/yyyy"
+ },
+ "entityKey" : {
+ "type" : "string"
+ },
+ "entityType" : {
+ "type" : "string"
+ },
+ "message" : {
+ "type" : "string"
+ },
+ "severity" : {
+ "type" : "string"
+ },
+ "status" : {
+ "type" : "string"
+ }
+ }
+ }
+ },
+ "settings" : {
+ "index" : {
+ "creation_date" : "1468250773569",
+ "number_of_shards" : "5",
+ "number_of_replicas" : "1",
+ "uuid" : "IgJe5PZyQmSfCLzuxm3Ulw",
+ "version" : {
+ "created" : "2030199"
+ }
+ }
+ },
+ "warmers" : { }
+ }
+}
+
+5. Test that you can retrieve data:
+
+curl -XGET "http://localhost:9200/auditdata/_search/?size=3&pretty"
+
+Expected Result:
+{
+ "took" : 8,
+ "timed_out" : false,
+ "_shards" : {
+ "total" : 5,
+ "successful" : 5,
+ "failed" : 0
+ },
+ "hits" : {
+ "total" : 250,
+ "max_score" : 1.0,
+ "hits" : [ {
+ "_index" : "auditdata",
+ "_type" : "everything",
+ "_id" : "AVXakQNNe6sNoEtMKG1y",
+ "_score" : 1.0,
+ "_source" : {
+ "date" : "May 26 2016 15:24:13",
+ "severity" : "CRITICAL",
+ "entityType" : "vpls-pe",
+ "entityKey" : "sfcca303vr1",
+ "status" : "prov-status=[ACTIVE]",
+ "message" : "Invalid prov-status value. Must have a value not equal to ACTIVE/active."
+ }
+ },{
+ "_index" : "auditdata",
+ "_type" : "everything",
+ "_id" : "AVXakQNNe6sNoEtMKG13",
+ "_score" : 1.0,
+ "_source" : {
+ "date" : "May 26 2016 15:24:13",
+ "severity" : "CRITICAL",
+ "entityType" : "vpe",
+ "entityKey" : "VPESAT-ashah401me6",
+ "status" : "prov-status=[NULL]",
+ "message" : "Invalid prov-status value. Must have a value not equal to ACTIVE/active."
+ }
+ },{
+ "_index" : "auditdata",
+ "_type" : "everything",
+ "_id" : "AVXakQNNe6sNoEtMKG17",
+ "_score" : 1.0,
+ "_source" : {
+ "date" : "May 26 2016 15:24:13",
+ "severity" : "CRITICAL",
+ "entityType" : "vpe",
+ "entityKey" : "VPESAT-eshah401me6",
+ "status" : "prov-status=[]",
+ "message" : "Invalid prov-status value. Must have a value not equal to ACTIVE/active."
+ }
+ } ]
+ }
+}
+
+