Workshop Elasticsearch / Kibana 7.4

Workshop Elasticsearch @Ecole 42 David Pilato Elastic, @dadoonet

Elastic Stack SOLUTIONS Kibana Visualize & Manage Elasticsearch Store, Search, & Analyze Elastic Stack Beats APM Logstash SaaS Elastic Cloud SELF-MANAGED Elastic Cloud Enterprise Standalone Ingest

Deployment in the Enterprise Beats Elasticsearch Custom UI FILEBEAT WINGLOGBEAT HEARTBEAT METRICBEAT Master (3) Ingest (X) Logstash Coordinating (X) PACKETBEAT Elasticsearch Clients AUDITBEAT Data – Hot (X) Kafka Kibana Data – Warm (X) Data store Web APIs Redis Workers (2+) Alerting (X) Messaging Queue Social Machine Learning (2+) Sensors LDAP ES-Hadoop 3 AD Authentication SSO Notification

4 https://www.elastic.co/fr/subscriptions

Agenda • Elasticsearch overview • Workshop 0: getting started • Workshop 1: let’s index some documents • Workshop 2: let’s search them • Workshop 3: let’s pull some analytics • Workshop 4: let’s add a powerful live UI on top 5

think document! • Change your mindset: ‒ Forget SQL! ‒ Index what you want to find • A document ‒ A JSON object ‒ Core field types (string, numbers, booleans, dates) ‒ Complex field types (arrays, objects) ‒ Additional field types (dates, geo points, geo shapes) 7

A document { } 8 “name” : “elastic”, “website” : “http://www.elastic.co”, “category” : “software”, “founded_year” : 2012, “overview” : “The company behind elasticsearch”, “tags” : [“search”, “datastore”, “analytics”], “location” : { “city” : “Amsterdam”, “country_code” : “NL”, “geo” : { “lat” : 52.370176, “lon” : 4.895008 } }

workshop 0 setup 9

docker compose (elasticsearch) —version: ‘3’ services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:$ELASTIC_VERSION environment: - bootstrap.memory_lock=true - discovery.type=single-node - cluster.routing.allocation.disk.threshold_enabled=false ulimits: memlock: soft: -1 hard: -1 ports: - 9200:9200 networks: [‘stack’] 10 https://gist.github.com/dadoonet/f3c67bebf2cf604df02f78ac2cb2fbde

docker compose (kibana) kibana: image: docker.elastic.co/kibana/kibana:$ELASTIC_VERSION ports: [‘5601:5601’] networks: [‘stack’] links: [‘elasticsearch’] depends_on: [‘elasticsearch’] networks: stack: {} 11 https://gist.github.com/dadoonet/f3c67bebf2cf604df02f78ac2cb2fbde

start • run docker-compose up • open Kibana open http://0.0.0.0:5601/ 12

workshop 1 we index persons 13

workshop 1: index some documents • Load demo-console.txt file in Kibana dev console 14 https://gist.github.com/dadoonet/f3c67bebf2cf604df02f78ac2cb2fbde

workshop 1: 500 000 persons • use injector script java -jar injector-7.0.jar —debug —nb 500000 • see effect with _cat API GET _cat/indices/person?v https://ela.st/injector 15

workshop 2 we search for persons 16

workshop 3 we compute persons 17

workshop 4 clic and play! 18

Workshop Elasticsearch / Kibana 7.4

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18