Professional Level

Asynchronously Searching in Elasticsearch 7.13

Pricing
1 hour
  • 4 Learning Objectives

About this Hands-on Lab

Occasionally, we need to ask data questions that may take some time to answer. In these situations, it is beneficial to have the option of executing said query asynchronously. In this hands-on lab, you will get to execute and manage asynchronous search queries in Elasticsearch.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the Asynchronous Search
  • From the Kibana console, craft an async search query on the filebeat-7.13.4 dataset to search log messages for any mention of SSH.
  • The async search should have the wait_for_completion_timeout parameter set to 0.
  • The async search should return a hits array size of 100.
Check the Status of the Asynchronous Search

From the Kibana console, use the async search ID to get the status of the request.

Note: If you did not get an async search ID, then make sure you set the wait_for_completion_timeout parameter to 0 when creating the async search.

Get the Results of the Asynchronous Search

From the Kibana console, use the async search ID to get the results of the request.

Note: If you did not get an async search ID, then make sure you set the wait_for_completion_timeout parameter to 0 when creating the async search.

Delete the Asynchronous Search

From the Kibana console, use the async search ID to delete the request.

Note: If you did not get an async search ID, then make sure you set the wait_for_completion_timeout parameter to 0 when creating the async search.

Contact SalesSee Pricing

Additional Resources

Logging In to the Elastic Environment

  1. Open a new browser tab and navigate to the public IP address of the es1 node provided on the lab page (e.g., http://public_ip).
  2. Log in using the username elastic and password elastic_acg.

Lab Scenario

You work as a system administrator who is tasked with collecting all system log events pertaining to SSH. For this, you will need to create an asynchronous search request to run in the background to search against the filebeat-7.13.4 dataset for log messages that mention SSH. The asynchronous search should be configured to not wait for completion by setting the wait_for_completion_timeout parameter to 0 and should return a hits array size of 100. You will need to check the status of the async search request to check for completion. Once it is completed, get the results, and then delete the async search.

Your es1 node has a Kibana instance which can be accessed in your local web browser by navigating to the public IP address of the es1 node (example: http://public_ip). To log in, use the elastic user with the password elastic_acg.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization