Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Elastic Stack 8.x Cookbook
  • Toc
  • feedback
Elastic Stack 8.x Cookbook

Elastic Stack 8.x Cookbook

By : Huage Chen, Yazid Akadiri
5 (3)
close
Elastic Stack 8.x Cookbook

Elastic Stack 8.x Cookbook

5 (3)
By: Huage Chen, Yazid Akadiri

Overview of this book

Learn how to make the most of the Elastic Stack (ELK Stack) products—including Elasticsearch, Kibana, Elastic Agent, and Logstash—to take data reliably and securely from any source, in any format, and then search, analyze, and visualize it in real-time. This cookbook takes a practical approach to unlocking the full potential of Elastic Stack through detailed recipes step by step. Starting with installing and ingesting data using Elastic Agent and Beats, this book guides you through data transformation and enrichment with various Elastic components and explores the latest advancements in search applications, including semantic search and Generative AI. You'll then visualize and explore your data and create dashboards using Kibana. As you progress, you'll advance your skills with machine learning for data science, get to grips with natural language processing, and discover the power of vector search. The book covers Elastic Observability use cases for log, infrastructure, and synthetics monitoring, along with essential strategies for securing the Elastic Stack. Finally, you'll gain expertise in Elastic Stack operations to effectively monitor and manage your system.
Table of Contents (16 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Sections
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Chapter 1: Getting Started – Installing the Elastic Stack
Chapter 1: Getting Started – Installing the Elastic Stack
Deploying the Elastic Stack on Elastic Cloud
Installing the Elastic Stack with ECK
Installing a self-managed Elastic Stack
Creating and setting up data tiering
Creating and setting up additional Elasticsearch nodes
Creating and setting up Fleet Server
Setting up snapshot repository
Free Chapter
2
Chapter 2: Ingesting General Content Data
chevron up
Chapter 2: Ingesting General Content Data
Introducing the Wikipedia Movie Plots dataset
Technical requirements
Adding data from the Elasticsearch client
Updating data in Elasticsearch
Deleting data in Elasticsearch
Using an analyzer
Defining index mapping
Using dynamic templates in document mapping
Creating an index template
Indexing multiple documents using Bulk API
3
Chapter 3: Building Search Applications
Chapter 3: Building Search Applications
Technical requirements
Searching with Query DSL
Building advanced search queries with Query DSL
Using search templates to pre-render search requests
Getting started with Search Applications for your Elasticsearch index
Building a search experience with the Search Application client
Measuring the performance of your Search Applications with Behavioral Analytics
4
Chapter 4: Timestamped Data Ingestion
Chapter 4: Timestamped Data Ingestion
Technical requirements
Deploying Elastic Agent with Fleet
Monitoring Apache HTTP logs and metrics using the Apache integration
Deploying standalone Elastic Agent
Adding data using Beats
Setting up a data stream manually
Setting up a time series data stream manually
5
Chapter 5: Transform Data
Chapter 5: Transform Data
Technical requirements
Creating an ingest pipeline
Enriching data with a custom ingest pipeline for an existing Elastic Agent integration
Using a processor to enrich your data before ingesting with Elastic Agent
Installing self-managed Logstash
Creating a Logstash pipeline
Setting up pivot data transform
Setting up the latest data transform
Downsampling your time series data
6
Chapter 6: Visualize and Explore Data
Chapter 6: Visualize and Explore Data
Technical requirements
Exploring your data in Discover
Exploring your data with ES|QL
Creating visualizations with Kibana Lens
Creating visualizations from runtime fields
Creating Kibana maps
Creating and using Kibana dashboards
Creating Canvas workpads
7
Chapter 7: Alerting and Anomaly Detection
Chapter 7: Alerting and Anomaly Detection
Technical requirements
Creating alerts in Kibana
Monitoring alert rules
Investigating data with log rate analysis
Investigating data with log pattern analysis
Investigating data with change point detection
Detecting anomalies in your data with unsupervised machine learning jobs
Creating anomaly detection jobs from a Lens visualization
8
Chapter 8: Advanced Data Analysis and Processing
Chapter 8: Advanced Data Analysis and Processing
Technical requirements
Finding deviations in your data with outlier detection
Building a model to perform regression analysis
Building a model for classification
Using a trained model for inference
Deploying third-party NLP models and testing via the UI
Running advanced data processing with trained models
9
Chapter 9: Vector Search and Generative AI Integration
Chapter 9: Vector Search and Generative AI Integration
Technical requirements
Implementing semantic search with dense vectors
Implementing semantic search with sparse vectors
Using hybrid search to build advanced search applications
Developing question-answering applications with Generative AI
Using advanced techniques for RAG applications
10
Chapter 10: Elastic Observability Solution
Chapter 10: Elastic Observability Solution
Technical requirements
Instrumenting your application with Elastic APM
Setting up RUM
Instrumenting and monitoring with OpenTelemetry
Monitoring Kubernetes environments with Elastic Agent
Managing synthetics monitoring
Gaining comprehensive system visibility with Elastic Universal Profiling
Detecting incidents with alerting and machine learning
Gaining insights with the AI Assistant
11
Chapter 11: Managing Access Control
Chapter 11: Managing Access Control
Technical requirements
Using built-in roles
Defining custom roles
Granting additional privileges
Managing and securing access to Kibana spaces
Managing access with API keys
Configuring single sign-on
Mapping users and groups to roles
12
Chapter 12: Elastic Stack Operation
Chapter 12: Elastic Stack Operation
Technical requirements
Setting up an index lifecycle policy
Optimizing time series data streams with downsampling
Managing the snapshot lifecycle
Configuring Elastic Stack components with Terraform
Enabling and configuring cross-cluster search
13
Chapter 13: Elastic Stack Monitoring
Chapter 13: Elastic Stack Monitoring
Technical requirements
Setting up Stack Monitoring
Building custom visualizations for monitoring data
Monitoring cluster health via an API
Enabling audit logging
14
Index
Index
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Deleting data in Elasticsearch

In this recipe, we will explore how to delete a document from an Elasticsearch index.

Getting ready

Refer to the requirements for the Updating data in Elasticsearch recipe.

Make sure to download the following Python script from the GitHub repository: https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/python-client-sample/sampledata_delete.py.

The snippets of the recipe are available at https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/snippets.md#deleting-data-in-elasticsearch.

How to do it…

  1. First, let us inspect the sampledata_delete.py Python script. Like the process in the previous recipe, we need to retrieve document_id from the tmp.txt file:
    with open('tmp.txt', 'r') as file:
          document_id = file.read()
  2. We can now check document_id, verify that the document exists in the index, and then perform the delete operation by using the previously obtained document_id:
    if document_id != '':
    if es.exists(index=index_name, id=document_id):
        # delete the document in Elasticsearch
        response = es.delete(index=index_name, id=document_id)
        print(f"delete status: {response['result']}")
  3. After reviewing the delete script, execute it with the following command:
    $ python sampledata_delete.py

    You should see the following output:

Figure 2.8 – The output of the sampledata_delete.py script

Figure 2.8 – The output of the sampledata_delete.py script

  1. For further verification, return to the Dev Tools in Kibana and execute the search request again on the movies index:
    GET movies/_search

    This time, the result should reflect the deletion:

Figure 2.9 – The search results in the movies index after deletion

Figure 2.9 – The search results in the movies index after deletion

The total hits will now be 0, confirming that the document has been successfully deleted.

How it works...

When a document is deleted in Elasticsearch, it is not immediately removed from the index. Instead, Elasticsearch marks the document as deleted. These documents remain in the index until a merging process occurs during routine optimization tasks, when Elasticsearch physically expunges the deleted documents from the index.

This mechanism allows Elasticsearch to handle deletions efficiently. By marking documents as deleted rather than expunging them outright, Elasticsearch avoids costly segment reorganizations within the index. The removal occurs during optimized, controlled background tasks.

There’s more…

While we have discussed deleting documents by document_id, this might not be the most efficient approach for deleting multiple documents. For such scenarios, the Delete By Query API is more suitable, such as the following:

Note

Before executing the upcoming query, it is necessary to re-index the document, since it was deleted earlier in the recipe. Ensure that you have re-added the document to the movies index by executing the sampledata_index.py Python script.

POST /movies/_delete_by_query
{
  "query": {
    "match": {
      "genre": "comedy"
    }
  }
}

The preceding query will delete all movies matching the comedy genre in our index.

Also, when deleting many documents, the best practice is to use the Delete By Query with the slices parameter to improve performance. The Delete by Query feature with the slices parameter in Elasticsearch offers considerable advantages, especially when dealing with the deletion of numerous documents. This best practice enhances performance by splitting a large deletion task into smaller, parallel operations. This method not only boosts the efficiency and reliability of the deletion process but also lessens the burden on the cluster. By dividing the task, you ensure a more balanced and effective approach to managing large-scale deletions in Elasticsearch.

See also

For more details on the Delete By Query feature, refer to the official documentation: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-delete-by-query.html.

End of Section 6
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete