2 ElasticSearch Configuration:
3 ============================
5 1. Verify that your ElasticSearch instance configuation contains the following cors parameters in the elasticsearch.yaml file. The CORS
6 workaround has proven to work for Firefox, Chrome, and Opera.
8 http.cors.enabled: true
9 http.cors.allow-origin: "/.*/"
10 http.cors.allow-headers: ["X-Requested-With", "Content-Type", "Content-Length"]
11 http.cors.allow-credentials: true
13 2. Start up Elastic Search by running running the elasticsearch.bat in the elasticsearch 2.3.1 bin folder.
15 If you want to do a cleanup before running these instructions, then you can execute this
16 optional command which will destroy the index settings and data.
18 curl -XDELETE "http://localhost:9200/auditdata?pretty"
26 ElasticSearch Index Setup and Bulk Load Instructions:
27 =====================================================
29 1. Configure Elastic Search Index
31 curl -XPUT localhost:9200/auditdata?pretty --data-binary @auditdataConfigSettings.json
38 2. Prepare elastic search bulk import:
40 prepareElasticSearchBulkImport.pl sampleAuditLog5.csv auditBulkLoad.json
42 curl -XPUT localhost:9200/_bulk?pretty --data-binary @auditBulkLoad.json
44 At the top of the output verify if there any import errors by looking at the errors field.
49 "errors" : false, <-------- this field is important. if true you need to look at the output, otherwise you can ignore it
52 "_index" : "auditdata",
53 "_type" : "everything",
54 "_id" : "AVXN0g6Ve6sNoEtMKGxy",
66 3. Verify that auditdata index contains data
68 curl -XGET http://localhost:9200/_cat/indices?v
72 health status index pri rep docs.count docs.deleted store.size pri.store.size
73 yellow open auditdata 5 1 250 0 85.2kb 85.2kb
75 4. Verify configuration of elastic search index parameter settings:
77 curl -XGET http://localhost:9200/auditdata?pretty
88 "format" : "MMM d y HH:m:s||dd-MM-yyyy HH:mm:ss||yyyy-MM-dd'T'HH:mm:ss.SSSZZ||MM/dd/yyyy"
111 "format" : "MMM d y HH:m:s||dd-MM-yyyy HH:mm:ss||yyyy-MM-dd'T'HH:mm:ss.SSSZZ||MM/dd/yyyy"
133 "creation_date" : "1468250773569",
134 "number_of_shards" : "5",
135 "number_of_replicas" : "1",
136 "uuid" : "IgJe5PZyQmSfCLzuxm3Ulw",
138 "created" : "2030199"
146 5. Test that you can retrieve data:
148 curl -XGET "http://localhost:9200/auditdata/_search/?size=3&pretty"
163 "_index" : "auditdata",
164 "_type" : "everything",
165 "_id" : "AVXakQNNe6sNoEtMKG1y",
168 "date" : "May 26 2016 15:24:13",
169 "severity" : "CRITICAL",
170 "entityType" : "vpls-pe",
171 "entityKey" : "sfcca303vr1",
172 "status" : "prov-status=[ACTIVE]",
173 "message" : "Invalid prov-status value. Must have a value not equal to ACTIVE/active."
176 "_index" : "auditdata",
177 "_type" : "everything",
178 "_id" : "AVXakQNNe6sNoEtMKG13",
181 "date" : "May 26 2016 15:24:13",
182 "severity" : "CRITICAL",
183 "entityType" : "vpe",
184 "entityKey" : "VPESAT-ashah401me6",
185 "status" : "prov-status=[NULL]",
186 "message" : "Invalid prov-status value. Must have a value not equal to ACTIVE/active."
189 "_index" : "auditdata",
190 "_type" : "everything",
191 "_id" : "AVXakQNNe6sNoEtMKG17",
194 "date" : "May 26 2016 15:24:13",
195 "severity" : "CRITICAL",
196 "entityType" : "vpe",
197 "entityKey" : "VPESAT-eshah401me6",
198 "status" : "prov-status=[]",
199 "message" : "Invalid prov-status value. Must have a value not equal to ACTIVE/active."