Professional Level

Streaming Data in Elasticsearch 7.13

Pricing
1 hour
  • 3 Learning Objectives

About this Hands-on Lab

In previous versions of Elasticsearch, you had to use a series of APIs to continuously stream data to a “hot” index alias and roll that alias over to new indices as they filled up. Now, in recent versions of Elasticsearch, we can leverage data streams to handle this operation for us. In this hands-on lab, you will create data streams for time-series data in Elasticsearch so that we can continuously write data to indices that automatically rollover when they reach a specified size or age.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the apache_policy ILM Policy
  1. Create the new apache_policy index lifecycle management (ILM) policy.
  2. Configure the rollover action for the hot phase to trigger at a max primary shard size of 5gb.
  3. Configure the hot phase to forcemerge rolled over indices into a single segment.
  4. Configure the hot phase to set rolled over indices to readonly.
  5. Configure the delete phase to delete all indices with a minimum age of 90 days.
Create the apache_template Index Template
  1. Create the new apache_template index template.
  2. Configure the index template to use the apache_stream data stream.
  3. Configure the index template to create indices with 1 primary and 0 replica shards.
  4. Configure the index template to create indices that use the apache_policy ILM policy.
Start and Verify the apache_stream Data Stream
  1. Start the apache_stream data stream.
  2. Verify that the apache_stream data stream was created with the apache_template template and has the apache_policy ILM policy.
Contact SalesSee Pricing

Additional Resources

Logging In to the Elastic Environment

  1. Open a new browser tab and navigate to the public IP address of the es1 node provided on the lab page (e.g., http://<PUBLIC_IP>).
  2. Log in using the following credentials:
    • Username: elastic
    • Password: elastic_acg

Lab Scenario

You are a systems administrator who is tasked with aggregating Apache webserver access logs. For this, you have an Elasticsearch instance on which you will need to create the apache_stream data stream to prepare the cluster to continuously index and rollover the Apache log indices. However, before you can create a data stream, you first need to define the apache_policy index lifecycle management (ILM) policy and the apache_template index template as follows:

ILM Policy: apache_policy

  • rollover at a maximum primary shard size of 5gb.
  • forcemerge rolled over indices into 1 segment.
  • Set rolled over indices to readonly.
  • delete indices with a minimum age of 90 days.

Index Template: apache_template

  • Uses the apache_stream data stream.
  • Uses the apache_policy ILM policy.
  • Creates indices with 1 primary and 0 replica shards.

Once the apache_policy ILM policy and the apache_template index template are created, start and verify the apache_stream data stream.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization