This tutorial will walk you through the ins and outs of Elasticsearch index templates that allow you to define templates or blueprints for common indices. For example, if you are constantly logging data from external sources, you can define a blueprint for all logging indices.
NOTE: Before we begin, it is good to note that the tutorial focuses on the latest version of Elasticsearch—7.8 at the time of writing—and it may vary from other versions. We also assume that you have Elasticsearch running on a system somewhere.
Let us get started working with Elasticsearch index templates.
What is An Elasticsearch Index Template?
An Elasticsearch index template is a method used to instruct Elasticsearch to configure indices upon creation. For example, an index template used on a data stream configures the stream’s backing indices upon creation. An index template is created manually before index creation. When creating an index, the template applies the configuration settings for the index.
The latest version of Elasticsearch has two types of usable templates. One is the index template, and the other is component templates. As we have already established, index templates help create Elasticsearch indices.
Component templates are reusable modules or blocks used to configure settings, mapping, and aliases. Component templates do not get applied directly to the created indices but can help create index templates.
Some default index templates used by Elasticsearch include: metrics-*-*, logs-*-* .
How to Create an Index Template
To create new index templates or update existing ones, we use the PUT template API. Using the _index_template endpoint, we can send an HTTP request to add a template.
The general syntax for creating a template is:
It is good to note that the template name is a required parameter. Consider the request below that creates an index template as template_1
{
/* Define the index pattern */
"index_patterns" : ["te*"],
"priority" : 1,
/* Define settings for the indices*/
"template": {
"settings" : {
"number_of_shards" : 2
}
}
}
For cURL users, the command is:
Elasticsearch uses a wildcard pattern to match index names where the templates are applied. Changing or updating an index template does not affect already created indices only the ones which will be created after using that template.
From above, you can comment on your templates using the C-Language commenting method. You can add as many comments as you want, anywhere in the body except the curly braces’ opening.
In the body of an index template, you can include various definition such as:
- Template: The template property (object) defines which template to be applied; it can include aliases, mappings, and settings—this an optional parameter.
- Composed_of: This property defines a list of names for component templates. Once defined, component templates get compounded in their specification order. That means the last component template defined takes the highest precedence.
- Priority: The priority property defines the precedence of the index template when creating an index. If any precedence has the highest value, it gets higher precedence compared to lower values. The priority value is not required and is of type integer. 0 is the default value for non-specified templates.
- Version: The version parameter specifies the index template version, which helps to manage the templates.
There are other properties you can include in the index template body. Consider the documentation to learn more.
https://www.elastic.co/guide/en/elasticsearch/reference/7.10/index-templates.html
Below is an example request to create a new template with version 1.0
{
"index_patterns" : ["remp*", "re*"],
"priority" : 1,
"template": {
"settings" : {
"number_of_shards" : 2,
"number_of_replicas": 0
}
},
"version": 1.0
}
You cannot have more than one index template with a matching pattern and the same priority. Hence, ensure to assign different priorities to match pattern templates.
How to Get Index Template
To view information about an index template, send a GET request to the _index_template API. For example, to view information about template_2, use the request:
The cURL command is:
This command should display information about template_2
"index_templates" : [
{
"name" : "template_2",
"index_template" : {
"index_patterns" : [
"remp*",
"re*"
],
"template" : {
"settings" : {
"index" : {
"number_of_shards" : "2",
"number_of_replicas" : "0"
}
}
},
"composed_of" : [ ],
"priority" : 1,
"version" : 1
}
}
]
}
You can also use wildcards to get matching templates. For example, consider the request below to view all templates in Elasticsearch.
The cURL command is.
This command should give you information about all templates in Elasticsearch
"index_templates" : [
{
"name" : "ilm-history",
"index_template" : {
"index_patterns" : [
"ilm-history-3*"
],
"template" : {
"settings" : {
"index" : {
"format" : "1",
"lifecycle" : {
"name" : "ilm-history-ilm-policy",
"rollover_alias" : "ilm-history-3"
},
"hidden" : "true",
"number_of_shards" : "1",
"auto_expand_replicas" : "0-1",
"number_of_replicas" : "0"
}
},
"mappings" : {
"dynamic" : false,
"properties" : {
"index_age" : {
"type" : "long"
},
"@timestamp" : {
"format" : "epoch_millis",
"type" : "date"
},
"error_details" : {
"type" : "text"
},
"success": {
"type" : "boolean"
},
"index" : {
"type" : "keyword"
},
"state" : {
"dynamic" : true,
"type" : "object",
--------------------------OUTPUT TRUNCATED-----------------------------------
How to Delete Templates
Deleting a template is just as simple as the GET template but using DELETE request as:
You can use the cURL command:
This command automatically deletes the specified template.
Conclusion
This tutorial covered what Elasticsearch index templates are, how they work, and how to create, view, and delete index templates. This basic information should help you get started on using Elasticsearch index templates.
from Linux Hint https://ift.tt/39z9Svw
0 Comments