Configuring Elasticsearch

Elasticsearch is a system that allows storing data of various formats and performing full-text search for the data. This article contains a description of a way to configure Elasticsearch for SAYMON.

The suggested manual uses Logstash for gathering and filtering data and Kibana as a graphical interface for Elasticsearch. The three mentioned tools form the so-called ELK (Elasticsearch, Logstash, Kibana) stack.

All of the instructions mentioned below have to be applied on the SAYMON installation server.

Configuring and running ELK

If Docker Compose has not been installed on your system, it is necessary to install it, following the instruction.

In order to run ELK the following steps must be performed:

  1. Download and unzip the elk.tar.gz archive.

  2. Go to the directory elk and execute the following command:

    $ sudo chmod 777 elasticsearch/data/
  3. Run ELK:

    $ sudo docker-compose up -d

After the running, Logstash automatically creates an index named my_index for storing data. Then the index needs to be configured.

To configure the index it is necessary to open the console in Kibana (https://YOUR_HOST_IP:5601/app/kibana#/dev_tools/console?_g=()) and run the following command:

PUT _template/my_index
{
    "index_patterns": [
        "my_index*"
    ],
    "settings": {
        "index": {
            "lifecycle": {
                "name": "my_index-policy",
                "rollover_alias": "my_index"
            }
        }
    },
    "mappings": {
        "dynamic": false,
        "properties": {
            "payload": {
                "dynamic": true,
                "type": "object"
            },
            "entityId": {
                "norms": false,
                "type": "text",
                "fields": {
                    "keyword": {
                        "ignore_above": 256,
                        "type": "keyword"
                    }
                }
            },
            "timestamp": {
                "format": "epoch_millis",
                "type": "date"
            }
        }
    },
    "aliases": {}
}

If the request is successful, the following response will be displayed in the right part of the screen:

{
    "acknowledged" : true
}

Configuring SAYMON to interact with ELK

In order to configure ELK the following steps must be performed:

  1. Add the following parameters to the server configuration file /etc/saymon/saymon-server.conf :

    "elasticsearch": {
        "node": "http://127.0.0.1:9200",
        "index_pattern": "my_index*"
    }
  2. Restart SAYMON:

    $ sudo service saymon-server restart

Fetching data from Elasticsearch

Currently, SAYMON users can get data from Elasticsearch only via API (see the Get Stat History method).