Loading the Index Template in Elasticsearch

edit

Loading the Index Template in Elasticsearch

edit

Before starting Topbeat, you need to load the index template, which lets Elasticsearch know which fields should be analyzed in which way.

The recommended template file is installed by the Topbeat packages. Load it with the following command:

deb or rpm:

curl -XPUT 'http://localhost:9200/_template/topbeat' -d@/etc/topbeat/topbeat.template.json

mac:

cd topbeat-1.0.1-darwin
curl -XPUT 'http://localhost:9200/_template/topbeat' -d@topbeat.template.json

where localhost:9200 is the IP and port where Elasticsearch is listening.

win:

PS C:\Program Files\Topbeat> Invoke-WebRequest -Method Put -InFile topbeat.template.json -Uri http://localhost:9200/_template/topbeat?pretty

where localhost:9200 is the IP and port where Elasticsearch is listening.

If you’ve already used Topbeat to index data into Elasticsearch, the index may contain old documents. After you load the index template, you can delete the old documents from topbeat-* to force Kibana to look at the newest documents. Use this command: curl -XDELETE 'http://localhost:9200/topbeat-*'.