elasticsearch | rename an index
You can’t rename indices, but you can clone them:
Tag: elasticsearch
Elasticsearch | Kibana | Discover | quick sort on some fields/columns greyed out
You can’t use the quick sort feature on your fields/colums cs it’s disabled/greyed out? Most likely you did add your documents to your index without doing explicit mapping on index creation. Of course it’s possible to drop your data into the index without defining an explicit mappin, but the quick sort option will be disabled […]
elasticsearch | import eml or files from maildir
Install maildir-utils and use to parse the files and write a json. Use to eliminate bad characters who do not fit into your charset. Some (windows) mail clients (outlook?) put an CRLF at the end of to, cc, bcc or subject , so do something like an Elasticsearch will not accept json files encapsulated in […]
Elasticsearch + Debian 11 | tweak the server
Set ulimit -n: Edit /etc/profile and add ulimit -n 65535 Disable swapping by removing all swap lines from your fstab. As an alternative add the following line to your elasticsearch.yml: bootstrap.memory_lock: true Then test it using the famous Kibana (DevTools) Console: GET _nodes?filter_path=**.mlockall It should return true. Do not tune the java dns timeouts.
Elasticsearch 8.1.0 data handling
Dear experts, please don’t roast me, this is a rookies view. If i wrote bs, any hints are highly appreciated via elasticdata@xxaxxelxx Mechanical stuff: You can handle all this data handling via the so called console. The console is a tool you find inside of the Kibana WebUI: Log in as elastic superuser (or something […]
Elasticsearch + Kibana 8.1.0 on Debian 11
Credits, kudos and thanx to the guys making https://kifarunix.com/install-elk-stack-8-x-on-ubuntu/ Elasticsearch is the database and Kibana the WebUI to access the database. Elasticsearch provides a RESTapi, accessable via curl and/or via a so called console, that is a part of kibana. Yallah: After this you should the following to your .profile file: PATH=”/usr/share/elasticsearch/bin:/usr/share/kibana/bin:$PATH” The installation of […]
Elasticsearch | updating certificates
New CA stuff: Import ca.crt into truststore: New Transport certs: New http cert: Tune elasticsearch.yml: xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.truststore.path: certs/elastic-stack-ca.p12 xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: certs/http.p12 CSR? NO CA? YES ONE CERT PER NODE? YES NODE NAME? CHECK elasticsearch.yml FOR node.name REPEAT FOR EACH NODE
SELKS | suricata | Scirius | Elasticsearch | Hints
1. Manual update SELKS performs a daily suricata update (via /etc/crontab). To execute it manually call as www-data (!!!) NEVER RUN AS ROOT!!! # /bin/sh -c /bin/bash ‘cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py updatesuricata && deactivate’ www-data 2. fast.log rotation You MUST restart suricata to create a functional fast.log after logrotate. SIGHUP and/or […]
bytes and bones 