先建立index-pattern,匯出index-pattern json檔,然後刪除建立index-pattern後,再由rest api匯入。

1、顯示 index-pattern 列表  (先用web建立一個index-pattern)

curl http://localhost:5601/api/saved_objects/_find?type=index-pattern

2、匯出saved_objects index-pattern

curl http://localhost:5601/api/saved_objects/index-pattern/c0c02200-e6e0-11e8-b183-ebb59b02f871 > export.json

c0c02200-e6e0-11e8-b183-ebb59b02f871 是 1找到的id

json檔匯出後不可以直接用,必需頭尾補上
header補上:

{
“objects”: [

end補上:

]}

3、匯入saved_objects index-pattern  (記得先砍了kibana-*)

curl -v -XPOST localhost:5601/api/kibana/dashboards/import?force=true -H ‘kbn-xsrf:true’ -H ‘Content-type:application/json’ -d @./export.json

json放在執行curl 同目錄就可以了

4、強制設定預設值 Kibana -> Managment -> Advanced Settings  defaultIndex

curl -XPOST http://localhost:5601/api/kibana/settings/defaultIndex -H “kbn-xsrf: true” -H “Content-Type: application/json” -d ‘{“value”: “id”}’

id from export.json inside have id value

If already open kibana website, use Fresh (F5) page again.

======docker-compose===============

  
Kibanaconfig:  
    image: alpine  
    volumes:  
      - ./kibana/config/:/usr/share/kibana/config:ro  
    command:   
      - /bin/sh   
      - -c   
      - |  
        echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories  
        echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories  
        echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories  
        apk --no-cache upgrade  
        apk --no-cache add curl   
        id="c0c02200-e6e0-11e8-b183-ebb59b02f871"  
          
        echo "=====Kibana default index-pattern ========"  
        echo "=====Wait Kibana======="  
        until echo | nc -z -v kibana 5601; do  
          echo "Waiting for Kibana to start..."  
          sleep 1  
        done  
          
        echo "=====kibana import json======"  
        code=""  
        until [ $$code != 400 ]; do  
          echo "=====kibana importing json ======="  
          curl -v -XPOST kibana:5601/api/kibana/dashboards/import?force=true -H "kbn-xsrf:true" -H "Content-type:application/json" -d @/usr/share/kibana/config/export.json 2>/dev/null | head -n 1 | cut -d ':' -f2|cut -d ',' -f1 > code.txt  
          code=`cat code.txt`  
          echo "=====status code:$$code====="  
          sleep 3  
        done  
  
        echo "=====kibana setting default index-pattern====="  
        code=""  
        until [ $$code != 400 ]; do  
          echo "=====kibana setting ==================================="  
          curl -v -XPOST kibana:5601/api/kibana/settings/defaultIndex -H "kbn-xsrf:true"  -H "Content-Type: application/json" -d '{"value": "$$id"}'  2>/dev/null | head -n 1 | cut -d ':' -f2|cut -d ',' -f1 > code.txt  
          code=`cat code.txt`  
          echo "=====status code:$$code====="  
          sleep 3  
        done  
    networks:  
      - elk  
    depends_on:  
      - elasticsearch  

ELK

  
elasticsearch:  
    build:  
      context: elasticsearch/  
    volumes:  
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro  
    ports:  
      - "9200:9200"  
      - "9300:9300"  
    environment:  
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"  
    networks:  
      - elk  
  
  logstash:  
    build:  
      context: logstash/  
    volumes:  
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro  
      - ./logstash/pipeline:/usr/share/logstash/pipeline:ro  
    ports:  
      - "5000:5000"  
    environment:  
      LS_JAVA_OPTS: "-Xmx256m -Xms256m"  
    networks:  
      - elk  
    depends_on:  
      - elasticsearch  
  
  kibana:  
    build:  
      context: kibana/  
    volumes:  
      - ./kibana/config/:/usr/share/kibana/config:ro  
    ports:  
      - "5601:5601"  
    networks:  
      - elk  
    depends_on:  
      - elasticsearch