Previously in 5.1.2 we used to use the following cURL commands to programmatically create the default index and other indexes within Kibana:
curl -XPUT http://localhost:9200/.kibana/index-pattern/* -d '{"title":"", "timeFieldName":"time"}'
curl -XPUT http://localhost:9200/.kibana/config/5.1.2 -d '{"defaultIndex":""}'
curl -XPUT http://localhost:9200/.kibana/index-pattern/mantiswf -d '{"title":"mantiswf", "timeFieldName":"time"}'
How can I do that within 6.2.X?
As of sometime around 5.6 Kibana has its own API for saved objects, including Index Patterns. It is not yet documented, so you have to scrape the how-to from the GitHub tickets that discuss the API.
The following examples are for an Index Pattern with an ID of elastiflow-*.
To fetch an index pattern...
curl -XGET -u USERNAME:PASSWORD http://KIBANASERVER:5601/api/saved_objects/index-pattern/elastiflow-*
The output will look something like this...
{
"id": "elastiflow-*",
"type": "index-pattern",
"updated_at": "2018-02-11T07:23:29.146Z",
"version": 2,
"attributes": {
"title": "elastiflow-*",
"timeFieldName": "@timestamp",
"notExpandable": true,
"fields": "[{\"name\":\"flow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
"fieldFormatMap": "{\"flow.dst_port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"flow.src_port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"flow.bytes\":{\"id\":\"bytes\"}}"
}
}
To import you need only the attributes section (you will get an error otherwise). So strip out the unneeded bits so you have this...
{
"attributes": {
"title": "elastiflow-*",
"timeFieldName": "@timestamp",
"notExpandable": true,
"fields": "[{\"name\":\"flow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.dst_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
"fieldFormatMap": "{\"flow.dst_port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"flow.src_port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"flow.bytes\":{\"id\":\"bytes\"}}"
}
}
Save this to a file (for the example it is saved to elastiflow.index_pattern.json) and run the following command to import the index pattern.
curl -XPOST -u USERNAME:PASSWORD http://KIBANASERVER:5601/api/saved_objects/index-pattern/elastiflow-* -H "Content-Type: application/json" -H "kbn-xsrf: true" -d @/PATH/TO/elastiflow.index_pattern.json
I hope that helps.
Rob
Thank Robert! I tried your command and I had to put the actual index ID as opposed to the name (elastiflow-*). Once I did that, it works.
One additional question, how do I make an index a default index?
Thanks,
Craig
Sorry, that was what I meant when I said my example was elastiflow-. I should have mentioned that you need to replace that with your own ID.
I don't know whether it is possible to specify the default index via the API. I haven't dug around for that yet. Hopefully some docs will be created soon that will remove some of the mystery.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.