Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Elastic Stack 8.x Cookbook
  • Toc
  • feedback
Elastic Stack 8.x Cookbook

Elastic Stack 8.x Cookbook

By : Huage Chen, Yazid Akadiri
5 (3)
close
Elastic Stack 8.x Cookbook

Elastic Stack 8.x Cookbook

5 (3)
By: Huage Chen, Yazid Akadiri

Overview of this book

Learn how to make the most of the Elastic Stack (ELK Stack) products—including Elasticsearch, Kibana, Elastic Agent, and Logstash—to take data reliably and securely from any source, in any format, and then search, analyze, and visualize it in real-time. This cookbook takes a practical approach to unlocking the full potential of Elastic Stack through detailed recipes step by step. Starting with installing and ingesting data using Elastic Agent and Beats, this book guides you through data transformation and enrichment with various Elastic components and explores the latest advancements in search applications, including semantic search and Generative AI. You'll then visualize and explore your data and create dashboards using Kibana. As you progress, you'll advance your skills with machine learning for data science, get to grips with natural language processing, and discover the power of vector search. The book covers Elastic Observability use cases for log, infrastructure, and synthetics monitoring, along with essential strategies for securing the Elastic Stack. Finally, you'll gain expertise in Elastic Stack operations to effectively monitor and manage your system.
Table of Contents (16 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Sections
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Chapter 1: Getting Started – Installing the Elastic Stack
Chapter 1: Getting Started – Installing the Elastic Stack
Deploying the Elastic Stack on Elastic Cloud
Installing the Elastic Stack with ECK
Installing a self-managed Elastic Stack
Creating and setting up data tiering
Creating and setting up additional Elasticsearch nodes
Creating and setting up Fleet Server
Setting up snapshot repository
Free Chapter
2
Chapter 2: Ingesting General Content Data
chevron up
Chapter 2: Ingesting General Content Data
Introducing the Wikipedia Movie Plots dataset
Technical requirements
Adding data from the Elasticsearch client
Updating data in Elasticsearch
Deleting data in Elasticsearch
Using an analyzer
Defining index mapping
Using dynamic templates in document mapping
Creating an index template
Indexing multiple documents using Bulk API
3
Chapter 3: Building Search Applications
Chapter 3: Building Search Applications
Technical requirements
Searching with Query DSL
Building advanced search queries with Query DSL
Using search templates to pre-render search requests
Getting started with Search Applications for your Elasticsearch index
Building a search experience with the Search Application client
Measuring the performance of your Search Applications with Behavioral Analytics
4
Chapter 4: Timestamped Data Ingestion
Chapter 4: Timestamped Data Ingestion
Technical requirements
Deploying Elastic Agent with Fleet
Monitoring Apache HTTP logs and metrics using the Apache integration
Deploying standalone Elastic Agent
Adding data using Beats
Setting up a data stream manually
Setting up a time series data stream manually
5
Chapter 5: Transform Data
Chapter 5: Transform Data
Technical requirements
Creating an ingest pipeline
Enriching data with a custom ingest pipeline for an existing Elastic Agent integration
Using a processor to enrich your data before ingesting with Elastic Agent
Installing self-managed Logstash
Creating a Logstash pipeline
Setting up pivot data transform
Setting up the latest data transform
Downsampling your time series data
6
Chapter 6: Visualize and Explore Data
Chapter 6: Visualize and Explore Data
Technical requirements
Exploring your data in Discover
Exploring your data with ES|QL
Creating visualizations with Kibana Lens
Creating visualizations from runtime fields
Creating Kibana maps
Creating and using Kibana dashboards
Creating Canvas workpads
7
Chapter 7: Alerting and Anomaly Detection
Chapter 7: Alerting and Anomaly Detection
Technical requirements
Creating alerts in Kibana
Monitoring alert rules
Investigating data with log rate analysis
Investigating data with log pattern analysis
Investigating data with change point detection
Detecting anomalies in your data with unsupervised machine learning jobs
Creating anomaly detection jobs from a Lens visualization
8
Chapter 8: Advanced Data Analysis and Processing
Chapter 8: Advanced Data Analysis and Processing
Technical requirements
Finding deviations in your data with outlier detection
Building a model to perform regression analysis
Building a model for classification
Using a trained model for inference
Deploying third-party NLP models and testing via the UI
Running advanced data processing with trained models
9
Chapter 9: Vector Search and Generative AI Integration
Chapter 9: Vector Search and Generative AI Integration
Technical requirements
Implementing semantic search with dense vectors
Implementing semantic search with sparse vectors
Using hybrid search to build advanced search applications
Developing question-answering applications with Generative AI
Using advanced techniques for RAG applications
10
Chapter 10: Elastic Observability Solution
Chapter 10: Elastic Observability Solution
Technical requirements
Instrumenting your application with Elastic APM
Setting up RUM
Instrumenting and monitoring with OpenTelemetry
Monitoring Kubernetes environments with Elastic Agent
Managing synthetics monitoring
Gaining comprehensive system visibility with Elastic Universal Profiling
Detecting incidents with alerting and machine learning
Gaining insights with the AI Assistant
11
Chapter 11: Managing Access Control
Chapter 11: Managing Access Control
Technical requirements
Using built-in roles
Defining custom roles
Granting additional privileges
Managing and securing access to Kibana spaces
Managing access with API keys
Configuring single sign-on
Mapping users and groups to roles
12
Chapter 12: Elastic Stack Operation
Chapter 12: Elastic Stack Operation
Technical requirements
Setting up an index lifecycle policy
Optimizing time series data streams with downsampling
Managing the snapshot lifecycle
Configuring Elastic Stack components with Terraform
Enabling and configuring cross-cluster search
13
Chapter 13: Elastic Stack Monitoring
Chapter 13: Elastic Stack Monitoring
Technical requirements
Setting up Stack Monitoring
Building custom visualizations for monitoring data
Monitoring cluster health via an API
Enabling audit logging
14
Index
Index
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Indexing multiple documents using Bulk API

In this recipe, we will explore how to use the Elasticsearch client to ingest an entire movie dataset using the bulk API. We will also integrate various concepts we have covered in previous recipes, specifically related to mappings, to ensure that the correct mappings are applied to our index.

Getting ready

For this recipe, we will work with the sample Wikipedia Movie Plots dataset introduced at the beginning of the chapter. The file is accessible in the GitHub repository via this URL: https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/dataset/wiki_movie_plots_deduped.csv.

Make sure that you have completed the previous recipes:

  • Using an analyzer
  • Creating index template

How to do it…

Head to the GitHub repository to download the Python script at https://github.com/PacktPublishing/Elastic-Stack-8.x-Cookbook/blob/main/Chapter2/python-client-sample/sampledata_bulk.py and then follow these steps:

  1. Update the .env file with the MOVIE_DATASET variable, which specifies the path to the downloaded movie dataset CSV file:
    MOVIE_DATASET=<the-path-of-the-csv-file>
  2. Once the .env file is correctly configured, run the sampledata_bulk.py Python script. During execution, you should see output similar to the following (note that, for readability, the output image has been truncated):
Figure 2.19 – The output of the sampledata_bulk.py script

Figure 2.19 – The output of the sampledata_bulk.py script

  1. To verify that the new movies index has the appropriate mappings, head to Kibana | Dev Tools and execute the following command:
    GET /movies/_mapping
Figure 2.20 – The movies index with a new mapping

Figure 2.20 – The movies index with a new mapping

  1. As illustrated in Figure 2.20, dynamic mapping on the release_year field was applied to the newly created movies index, despite a mapping being explicitly specified in the script. This occurred because an index template was defined in the Using dynamic templates in document mapping recipe, with the index pattern set to movies*. As a result, any index that matches this pattern will automatically inherit the settings from the template, including its dynamic mapping configuration.
  2. Next, to verify that the entire dataset has been indexed, execute the following command:
    GET /movies/_count

    The command should produce the output illustrated in Figure 2.21. According to this output, your movies index should contain 34,886 documents:

Figure 2.21 – A count of the documents in bulk-indexed movies

Figure 2.21 – A count of the documents in bulk-indexed movies

We have just set up an index with the right explicit mapping and loaded an entire dataset by using the Elasticsearch Python client.

How it works...

The script we’ve provided contains several sections. First, we delete any existing movies indexes to make sure we start from a clean slate. This is the reason you did not see the award_year and review_year fields in the new mapping shown in Figure 2.20. We then use the create_index method to create the movies index and specify the settings and the mappings we wish to apply to the documents that will be stored in this index.

Then, there is the generate_actions function that yields a document for each row in our CSV dataset. This function is then used by the streaming_bulk helper method.

The streaming_bulk helper function in the Elasticsearch Python client is used to perform bulk indexing of documents in Elasticsearch. It is like the bulk helper function, but it is designed to handle large datasets.

The streaming_bulk function accepts an iterable of documents and sends them to Elasticsearch in small batches. This strategy allows you to efficiently process substantial datasets without exhausting system memory.

There’s more…

The Elasticsearch Python Client provides several helper functions for the bulk API, which can be challenging to use directly because of its specific formatting requirements and other considerations. These helpers accept an instance of the es class and an iterable action, which can be any iterable or generator.

The most common format for the iterable action is the same as that returned by the search() method. The bulk() API accepts the index, create, delete, and update actions. The _op_type field is used to specify an action, with _op_type defaulting to index. There are several bulk helpers available, including bulk(), parallel_bulk(), streaming_bulk(), and bulk_index(). The following table outlines these helpers and their preferred use cases:

Bulk helper functions

Use cases

bulk()

This helper is used to perform bulk operations on a single thread. It is ideal for small- to medium-sized datasets and is the simplest of the bulk helpers.

parallel_bulk()

This helper is used to perform bulk operations on multiple threads. It is ideal for large datasets and can significantly improve indexing performance.

streaming_bulk()

This helper is used to perform bulk operations on a large dataset that cannot fit into memory. It is ideal for large datasets and can be used to stream data from a file or other source.

bulk_index()

This helper is used to perform bulk indexing operations on a large dataset that cannot fit into memory. It is ideal for large datasets and can be used to stream data from a file or other source.

Table 2.1 – Bulk helper functions and their associated use cases

See also

If you are interested in more examples of bulk ingest using the Python client, check out the official Python client repository: https://github.com/elastic/elasticsearch-py/tree/main/examples/bulk-ingest.

End of Chapter 2
Next Chapter
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete