先建立index-pattern,匯出index-pattern json檔,然後刪除建立index-pattern後,再由rest api匯入。
1、顯示 index-pattern 列表 (先用web建立一個index-pattern)
curl http://localhost:5601/api/saved_objects/_find?type=index-pattern
2、匯出saved_objects index-pattern
curl http://localhost:5601/api/saved_objects/index-pattern/c0c02200-e6e0-11e8-b183-ebb59b02f871 > export.json
c0c02200-e6e0-11e8-b183-ebb59b02f871 是 1找到的id
json檔匯出後不可以直接用,必需頭尾補上
header補上:
{
“objects”: [
end補上:
]}
3、匯入saved_objects index-pattern (記得先砍了kibana-*)
curl -v -XPOST localhost:5601/api/kibana/dashboards/import?force=true -H ‘kbn-xsrf:true’ -H ‘Content-type:application/json’ -d @./export.json
json放在執行curl 同目錄就可以了
4、強制設定預設值 Kibana -> Managment -> Advanced Settings defaultIndex
curl -XPOST http://localhost:5601/api/kibana/settings/defaultIndex -H “kbn-xsrf: true” -H “Content-Type: application/json” -d ‘{“value”: “id”}’
id from export.json inside have id value
If already open kibana website, use Fresh (F5) page again.
https://www.rosehosting.com/blog/install-and-configure-the-elk-stack-on-ubuntu-16-04/
https://www.elastic.co/guide/en/logstash/current/configuration.html
https://dotblogs.com.tw/supershowwei/2016/05/25/185741
install finish
1、/etc/logstash/conf.d/ put some logstash conf
2、ubuntu have logstash listen error, so nano /etc/logstash/startup.options
LS_USER = root
3、/usr/share/logstash/bin# ./system-install reuse LS_USER for config
注意:
mutate {
add_field => {
“logTime” => “%{+YYYY-MM-dd} %{time}”
}
