Closed8
ElasticSearchでの操作
batchiシャードの確認
GET _cat/shards?v
インデックスの確認
GET _cat/indices?v
store.sizeキーで降順にソートしてインデックスの確認
GET _cat/indices?v=true&s=store.size:desc
特定のインデックス名でフィルタ
GET _cat/indices/*インデックス名のキーワード?v=true&s=store.size:desc
アサインなしのシャードの確認
GET _cat/shards?v&h=index,shard,prirep,state,unassigned.reason&s=state:asc
インデックスの削除
# DELETE インデックス名
DELETE log-aws-waf-2021-06-*
{
"acknowledged" : true
}
テンプレートの確認
GET _cat/templates?v
name index_patterns order version composed_of
log-aws-securityhub_aws [log-aws-securityhub-*] 0
log-aws-s3accesslog_aws [log-aws-s3accesslog-*] 0
alert-history-indices_aws [.opendistro-alerting-alert-history-*] 0
log_aws [log-*] 0
log-aws-guardduty_aws [log-aws-guardduty-*] 0
log-aws-elb_aws [log-aws-elb-*] 0
log-aws-waf_aws [log-aws-waf-*] 0
log-aws-cloudfront_aws [log-aws-cloudfront-*] 0
log-aws-vpcflowlogs_aws [log-aws-vpcflowlogs-*] 0
log-aws-rds_aws [log-aws-rds-*] 0
log-aws-cloudtrail_aws [log-aws-cloudtrail-*] 0
log-aws-msk_aws [log-aws-msk-*] 0
log-aws-r53resolver_aws [log-aws-r53resolver-*] 0
ism-history-indices_aws [.opendistro-ism-managed-index-history-*] 0
log-linux_aws [log-linux-*] 0
log-aws_aws [log-aws-*] 0
tenant_template [.kibana_-*_*, .kibana_0*_*, .kibana_1*_*, .kibana_2*_*, .kibana_3*_*, .kibana_4*_*, .kibana_5*_*, .kibana_6*_*, .kibana_7*_*, .kibana_8*_*, .kibana_9*_*] 0
log-aws-networkfirewall_aws [log-aws-networkfirewall-*] 0
PUT _template/sample_template
{
"template": "logs*",
"settings": {
"index" : {
"number_of_shards": 1,
"number_of_replicas": 0
}
}
}
設定の確認
GET /ターゲット/_settings
ターゲットとして
- インデックス
が使えることは確認
batchiテンプレートの内容確認
GET _template/sample_template
{
"sample_template" : {
"order" : 0,
"index_patterns" : [
"log*"
],
"settings" : {
"index" : {
"number_of_shards" : "1",
"number_of_replicas" : "0"
}
},
"mappings" : { },
"aliases" : { }
}
}
GET _template/log_aws
{
"log_aws" : {
"order" : 0,
"index_patterns" : [
"log-*"
],
"settings" : {
"index" : {
"number_of_shards" : "3",
"mapping" : {
"ignore_malformed" : "true"
}
}
},
"mappings" : {
"dynamic_templates" : [
{
"strings" : {
"mapping" : {
"type" : "keyword"
},
"match_mapping_type" : "string"
}
}
],
"properties" : {
"rule.id" : {
"type" : "keyword"
},
"destination.port" : {
"type" : "integer"
},
"user.name" : {
"type" : "keyword"
},
"source.geo.location" : {
"type" : "geo_point"
},
"host.hostname" : {
"type" : "keyword"
},
"process.pid" : {
"type" : "integer"
},
"destination.geo.location" : {
"type" : "geo_point"
},
"destination.packets" : {
"type" : "long"
},
"http.request.bytes" : {
"type" : "long"
},
"http.response.bytes" : {
"type" : "long"
},
"log.level" : {
"type" : "keyword"
},
"source.ip" : {
"type" : "ip"
},
"network.bytes" : {
"type" : "integer"
},
"http.response.status_code" : {
"type" : "short"
},
"http.version" : {
"type" : "keyword"
},
"url.full" : {
"type" : "keyword",
"fields" : {
"text" : {
"type" : "text"
}
}
},
"source.bytes" : {
"type" : "long"
},
"user_agent.original" : {
"type" : "keyword",
"fields" : {
"text" : {
"type" : "text"
}
}
},
"event.severity" : {
"type" : "long"
},
"source.packets" : {
"type" : "long"
},
"network.packets" : {
"type" : "integer"
},
"destination.as.number" : {
"type" : "integer"
},
"destination.ip" : {
"type" : "ip"
},
"rule.version" : {
"type" : "keyword"
},
"@message" : {
"type" : "text"
},
"event.ingested" : {
"type" : "date"
},
"url.original" : {
"type" : "keyword",
"fields" : {
"text" : {
"type" : "text"
}
}
},
"@timestamp" : {
"type" : "date"
},
"source.port" : {
"type" : "integer"
},
"error.message" : {
"type" : "text"
},
"network.iana_number" : {
"type" : "short"
},
"destination.bytes" : {
"type" : "long"
},
"source.as.number" : {
"type" : "integer"
}
}
},
"aliases" : { }
}
}
このスクラップは2023/11/30にクローズされました