Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Elastic Stack 8.x Cookbook
  • Toc
  • feedback
Elastic Stack 8.x Cookbook

Elastic Stack 8.x Cookbook

By : Huage Chen, Yazid Akadiri
5 (3)
close
Elastic Stack 8.x Cookbook

Elastic Stack 8.x Cookbook

5 (3)
By: Huage Chen, Yazid Akadiri

Overview of this book

Learn how to make the most of the Elastic Stack (ELK Stack) products—including Elasticsearch, Kibana, Elastic Agent, and Logstash—to take data reliably and securely from any source, in any format, and then search, analyze, and visualize it in real-time. This cookbook takes a practical approach to unlocking the full potential of Elastic Stack through detailed recipes step by step. Starting with installing and ingesting data using Elastic Agent and Beats, this book guides you through data transformation and enrichment with various Elastic components and explores the latest advancements in search applications, including semantic search and Generative AI. You'll then visualize and explore your data and create dashboards using Kibana. As you progress, you'll advance your skills with machine learning for data science, get to grips with natural language processing, and discover the power of vector search. The book covers Elastic Observability use cases for log, infrastructure, and synthetics monitoring, along with essential strategies for securing the Elastic Stack. Finally, you'll gain expertise in Elastic Stack operations to effectively monitor and manage your system.
Table of Contents (16 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Sections
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Chapter 1: Getting Started – Installing the Elastic Stack
Chapter 1: Getting Started – Installing the Elastic Stack
Deploying the Elastic Stack on Elastic Cloud
Installing the Elastic Stack with ECK
Installing a self-managed Elastic Stack
Creating and setting up data tiering
Creating and setting up additional Elasticsearch nodes
Creating and setting up Fleet Server
Setting up snapshot repository
Free Chapter
2
Chapter 2: Ingesting General Content Data
chevron up
Chapter 2: Ingesting General Content Data
Introducing the Wikipedia Movie Plots dataset
Technical requirements
Adding data from the Elasticsearch client
Updating data in Elasticsearch
Deleting data in Elasticsearch
Using an analyzer
Defining index mapping
Using dynamic templates in document mapping
Creating an index template
Indexing multiple documents using Bulk API
3
Chapter 3: Building Search Applications
Chapter 3: Building Search Applications
Technical requirements
Searching with Query DSL
Building advanced search queries with Query DSL
Using search templates to pre-render search requests
Getting started with Search Applications for your Elasticsearch index
Building a search experience with the Search Application client
Measuring the performance of your Search Applications with Behavioral Analytics
4
Chapter 4: Timestamped Data Ingestion
Chapter 4: Timestamped Data Ingestion
Technical requirements
Deploying Elastic Agent with Fleet
Monitoring Apache HTTP logs and metrics using the Apache integration
Deploying standalone Elastic Agent
Adding data using Beats
Setting up a data stream manually
Setting up a time series data stream manually
5
Chapter 5: Transform Data
Chapter 5: Transform Data
Technical requirements
Creating an ingest pipeline
Enriching data with a custom ingest pipeline for an existing Elastic Agent integration
Using a processor to enrich your data before ingesting with Elastic Agent
Installing self-managed Logstash
Creating a Logstash pipeline
Setting up pivot data transform
Setting up the latest data transform
Downsampling your time series data
6
Chapter 6: Visualize and Explore Data
Chapter 6: Visualize and Explore Data
Technical requirements
Exploring your data in Discover
Exploring your data with ES|QL
Creating visualizations with Kibana Lens
Creating visualizations from runtime fields
Creating Kibana maps
Creating and using Kibana dashboards
Creating Canvas workpads
7
Chapter 7: Alerting and Anomaly Detection
Chapter 7: Alerting and Anomaly Detection
Technical requirements
Creating alerts in Kibana
Monitoring alert rules
Investigating data with log rate analysis
Investigating data with log pattern analysis
Investigating data with change point detection
Detecting anomalies in your data with unsupervised machine learning jobs
Creating anomaly detection jobs from a Lens visualization
8
Chapter 8: Advanced Data Analysis and Processing
Chapter 8: Advanced Data Analysis and Processing
Technical requirements
Finding deviations in your data with outlier detection
Building a model to perform regression analysis
Building a model for classification
Using a trained model for inference
Deploying third-party NLP models and testing via the UI
Running advanced data processing with trained models
9
Chapter 9: Vector Search and Generative AI Integration
Chapter 9: Vector Search and Generative AI Integration
Technical requirements
Implementing semantic search with dense vectors
Implementing semantic search with sparse vectors
Using hybrid search to build advanced search applications
Developing question-answering applications with Generative AI
Using advanced techniques for RAG applications
10
Chapter 10: Elastic Observability Solution
Chapter 10: Elastic Observability Solution
Technical requirements
Instrumenting your application with Elastic APM
Setting up RUM
Instrumenting and monitoring with OpenTelemetry
Monitoring Kubernetes environments with Elastic Agent
Managing synthetics monitoring
Gaining comprehensive system visibility with Elastic Universal Profiling
Detecting incidents with alerting and machine learning
Gaining insights with the AI Assistant
11
Chapter 11: Managing Access Control
Chapter 11: Managing Access Control
Technical requirements
Using built-in roles
Defining custom roles
Granting additional privileges
Managing and securing access to Kibana spaces
Managing access with API keys
Configuring single sign-on
Mapping users and groups to roles
12
Chapter 12: Elastic Stack Operation
Chapter 12: Elastic Stack Operation
Technical requirements
Setting up an index lifecycle policy
Optimizing time series data streams with downsampling
Managing the snapshot lifecycle
Configuring Elastic Stack components with Terraform
Enabling and configuring cross-cluster search
13
Chapter 13: Elastic Stack Monitoring
Chapter 13: Elastic Stack Monitoring
Technical requirements
Setting up Stack Monitoring
Building custom visualizations for monitoring data
Monitoring cluster health via an API
Enabling audit logging
14
Index
Index
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Adding data from the Elasticsearch client

To ingest general content such as catalogs, HTML pages, and files from your application, Elastic provides a wide range of Elastic language clients to easily ingest data via Elasticsearch REST APIs. In this recipe, we will learn how to add sample data to Elasticsearch hosted on Elastic Cloud using a Python client.

To use Elasticsearch’s REST APIs through various programming languages, a client application chooses a suitable client library. The client initializes and sends HTTP requests, directing them to the Elasticsearch cluster for data operations. Elasticsearch processes the requests and returns HTTP responses containing results or errors. The client application parses these responses and acts on the data accordingly. Figure 2.2 shows the summarized data flow:

Figure 2.2 – Elasticsearch’s client request and response flow

Figure 2.2 – Elasticsearch’s client request and response flow

Getting ready

To simplify the package management, we recommend you install pip(https://pypi.org/project/pip/).

The snippets of this recipe are available here: https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/snippets.md#adding-data-from-the-elasticsearch-client.

How to do it…

First, we will install the Elasticsearch Python client:

  1. Add elasticsearch, elasticsearch-async, and load_dotenv to the requirements.txt file of your Python project (the sample requirements.txt file can be found at this address: https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/python-client-sample/requirements.txt).
  2. Run the following command to install the Elasticsearch Python client library:
    $ pip install -r requirements.txt

    Now, let’s set up a connection to Elasticsearch.

  3. Prepare a .env file to store the access information, Cloud ID("ES_CID"), user name("ES_USER"), and password("ES_PWD"), for the basic authentication. You can find the sample .env file at this address: https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/python-client-sample/.env.

    Remember that we saved the password for our default user, elastic, in the Deploying Elastic Stack on Elastic Cloud recipe in Chapter 1, and the instructions to find the cloud ID can be found in the same recipe.

  4. Import the libraries in a Python file (sampledata_index.py), which we will use for this recipe:
    import os
from elasticsearch import Elasticsearch
from dotenv import load_dotenv
  5. Load the environment variables and initiate an Elasticsearch connection:
    load_dotenv()
ES_CID = os.getenv('ES_CID')
ES_USER = os.getenv('ES_USER')
ES_PWD = os.getenv('ES_PWD')
es = Elasticsearch(
    cloud_id=ES_CID,
    basic_auth=(ES_USER, ES_PWD)
)
print(es.info())
  6. Now, you can run the script to check whether the connection is successful. Run the following command:
    $ python sampledata_index.py

    You should see an output that looks like the following screenshot:

Figure 2.3 – Connected Elasticsearch information

Figure 2.3 – Connected Elasticsearch information

  1. We can now extend the script to ingest a document. Prepare a sample JSON document from the movie dataset:
    mymovie = {
    'release_year': '1908',
    'title': 'It is not this day.',
    'origin': 'American',
    'director': 'D.W. Griffith',
    'cast': 'Harry Solter, Linda Arvidson',
    'genre': 'comedy',
    'wiki_page':'https://en.wikipedia.org/wiki/A_Calamitous_Elopement',
    'plot': 'A young couple decides to elope after being caught in the midst of a romantic moment by the woman.'
}
  2. Index the sample data in Elasticsearch. Here, we will choose the index name 'movies' and print the index results. Finally, we will store the document ID in a tmp file that we will reuse for the following recipes:
    response = es.index(index='movies', document=mymovie)
print(response)
# Write the '_id' to a file named tmp.txt
with open('tmp.txt', 'w') as file:
    file.write(response['_id'])
# Print the contents of the file to confirm it's written correctly
with open('tmp.txt', 'r') as file:
    print(f"document id saved to tmp.txt: {file.read()}")
time.sleep(2)
  3. Verify the data in Elasticsearch to ensure that it has been successfully indexed; wait two seconds after the indexing, query Elasticsearch using the _search API, and then print the results:
    response = es.search(index='movies', query={"match_all": {}})
print("Sample movie data in Elasticsearch:")
for hit in response['hits']['hits']:
print(hit['_source'])
  4. Execute the script again with the following script:
    $ python sampledata_index.py

    You should have the following result in the console output:

Figure 2.4 – The output of the sampledata_index.py script

Figure 2.4 – The output of the sampledata_index.py script

The full code sample can be found at https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/python-client-sample/sampledata_index.py.

How it works...

In this recipe, we learned how to use the Elastic Python client to securely connect to a hosted deployment on Elastic Cloud.

Elasticsearch created the movies index by default during the first ingestion, and the fields were created with default mapping.

Later in this chapter, we will learn how to define static and dynamic mapping to customize field types with the help of concrete recipes.

It’s also important to note that as we did not provide a document ID, Elasticsearch automatically generated an ID during the indexing phase as well.

The following diagram (Figure 2.5) shows the index processing flow:

Figure 2.5 – The ingestion flow

Figure 2.5 – The ingestion flow

There’s more…

In this recipe, we used the HTTP basic authentication method. The Elastic Python client provides authentication methods such as HTTP Bearer authentication and API key authentication. Detailed documentation can be found at the following link: https://www.elastic.co/guide/en/elasticsearch/client/python-api/current/connecting.html#auth-bearer.

We chose to illustrate the simplicity of general content data ingestion by using the Python client. Detailed documentation for other client libraries can be found at the following link: https://www.elastic.co/guide/en/elasticsearch/client/index.html

During the development and testing phase, it’s also very useful to use the Elastic REST API and test either with an HTTP client, such as CURL/Postman, or with the Kibana Dev Tools console (https://www.elastic.co/guide/en/kibana/current/console-kibana.html).

End of Section 4
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete