Skip to content

Instantly share code, notes, and snippets.

@rylnd

rylnd/demo.sh

Last active September 8, 2022 22:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rylnd/36666befebd11070a4382f0d0a414690 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rylnd/36666befebd11070a4382f0d0a414690 to your computer and use it in GitHub Desktop.
Download ZIP
Reindex Worker Demo
Raw
demo.sh
## REINDEX DEMO
DELETE events-1
DELETE security-events-1
PUT events-1
{
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"host.name": {
"type": "keyword"
},
"user.name": {
"type": "keyword"
}
}
}
}
POST events-1/_bulk
{"index":{}}
{"@timestamp":"2022-09-08T03:30:04.873Z","host":{"name":"foo"},"user.name":"ryland"}
{"index":{}}
{"@timestamp":"2022-09-08T03:30:04.873Z","host":{"name":"bar"},"user.name":"alex"}
{"index":{}}
{"@timestamp":"2022-09-08T03:30:04.873Z","host":{"name":"baz"},"user.name":"ryland"}
PUT security-events-1
{
"mappings": {
"dynamic": false,
"properties": {
"@timestamp": {
"type": "date"
},
"user.name": {
"type": "keyword"
},
"risk.score": {
"type": "long"
}
}
}
}
PUT _ingest/pipeline/rule-1-pipeline
{
"description": "Example of augmenting user docs with an ingest pipeline",
"processors": [
{
"set": {
"description": "Adds risk score for this particular situation",
"field": "risk.score",
"value": 10
}
},
{
"rename": {
"field": "@timestamp",
"target_field": "original_timestamp"
}
},
{
"set": {
"field": "@timestamp",
"value": "{{_ingest.timestamp}}"
}
},
{
"remove": {
"field": "host"
}
}
]
}
POST _reindex
{
"source": {
"index": "events-1",
"query": {
"match": {
"user.name": "ryland"
}
}
},
"dest": {
"index": "security-events-1",
"pipeline": "rule-1-pipeline"
}
}
GET security-events-1/_search
GET events-1/_search
## /REINDEX DEMO
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment