Packt+ | Advance your knowledge in tech

You're reading from Elasticsearch 5.x Cookbook - Third Edition

Product typeBook

Published inFeb 2017

Publisher

ISBN-139781786465580

Edition3rd Edition

Tools

Elasticsearch

Concepts

Enterprise Search

Author (1)

Alberto Paro

Chapter 13. Ingest

In this chapter, we will cover the following recipes:

Pipeline definition
Put an ingest pipeline
Get an ingest pipeline
Delete an ingest pipeline
Simulate a pipeline
Built-in processors
The grok processor
Using the ingest attachment plugin
Using the ingest GeoIP plugin

Introduction

Elasticsearch 5.x introduces a set of powerful functionalities, targeting the problems that arise during ingestion of documents via the ingest node.

An Elasticsearch node can be master, data, or ingest.

The idea to split the ingest component from the others, is to create a more stable cluster due to problems that can arise during pre-processing documents.

To create a more stable cluster, the ingest nodes should be isolated by the master or data nodes, in the event that some problems may occur, such as a crash due to an attachment plugin and high loads due to complex type manipulation.

Note

The ingestion node can replace a Logstash installation in simple scenarios.

Pipeline definition

The job of ingest nodes is to pre-process the documents before sending them to the data nodes. This process is called a pipeline definition and every single step of this pipeline is a processor definition.

Getting ready

You need an up-and-running Elasticsearch installation as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

How to do it...

To define an ingestion pipeline, you need to provide a description and some processors, as follows:

We will define a pipeline that adds a field user with the value, john:

        { 
          "description" : "Add user john field", 
          "processors" : [  
             { 
              "set" : { 
                "field": "user", 
                "value": "john" 
              } 
            } 
          ] 
        }

How it works...

The generic template representation is the following one:

{ 
  "description" : "...", 
  "processors" : [ ... ], 
  "version": 1, 
  "on_failure" : [ ...

Put an ingest pipeline

The power of the pipeline definition is the ability for to be updated and created without a node restart (compared to Logstash). The definition is stored in a cluster state via the put pipeline API.

After having defined a pipeline, we need to provide it to the Elasticsearch cluster.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command line, you need to install curl for your operative system.

How to do it...

To store or update an ingestion pipeline in Elasticsearch, we will perform the following steps:

We can store the ingest pipeline via a PUT call:

        curl -XPUT 'http://127.0.0.1:9200/_ingest/pipeline/add-user- 
        john' -d '{ 
          "description" : "Add user john field", 
          "processors" : [  
             { 
              "set" : { 
                "field": "user", 
                "value": "john...

Get an ingest pipeline

After having stored your pipeline, it is common to retrieve its content, for checking its definition. This action can be done via the get pipeline API.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command line, you need to install curl for your operative system.

How to do it...

To retrieve an ingestion pipeline in Elasticsearch, we will perform the following steps:

We can retrieve the ingest pipeline via a GET call:

        curl -XGET 'http://127.0.0.1:9200/_ingest/pipeline/add-user-
        john'

The result returned by Elasticsearch, if everything is okay, should be as follows:

        {
          "add-user-john" : {
            "description" : "Add user john field",
            "processors" : [
              {
                "set" : {
                  "field" : "user",
                  "value" : "john"
           ...

Delete an ingest pipeline

To clean up our Elasticsearch cluster for obsolete or unwanted pipelines, we need to call the delete pipeline API with the ID of the pipeline.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command line, you need to install curl for your operative system.

How to do it...

To delete an ingestion pipeline in Elasticsearch, we will perform the following steps:

We can delete the ingest pipeline via a DELETE call:

        curl -XDELETE 'http://127.0.0.1:9200/_ingest/pipeline/add-user-
        john'

The result returned by Elasticsearch, if everything is okay, should be:
```
        {"acknowledged":true}
```

How it works...

The delete pipeline API removes the named pipeline from Elasticsearch.

As the pipelines are kept in memory in every node due to their cluster level storage and the pipelines are always up and running in the ingest node...

Simulate an ingest pipeline

The ingest part of every architecture is very sensitive, so the Elasticsearch team has created the possibility of simulating your pipelines without the need to store them in Elasticsearch.

The simulate pipeline API allows a user to test/improve and check functionalities of your pipeline without deployment in the Elasticsearch cluster.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command-line, you need to install curl for your operative system.

How to do it...

To simulate an ingestion pipeline in Elasticsearch, we will perform the following steps:

We can need to execute a call passing both the pipeline and a sample subset of a document to test the pipeline against:

        curl -XPOST 'http://127.0.0.1:9200/_ingest/pipeline/_simulate' 
        -d '{
          "pipeline": {
            "description": "Add user john field...

Built-in processors

Elasticsearch provides by default a large set of ingest processors. Their number and functionalities can also change from minor versions to extended versions for new scenarios.

In this recipe, we will see the most commonly used ones.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command-line, you need to install curl for your operative system.

How to do it...

To use several processors in an ingestion pipeline in Elasticsearch, we will perform the following steps:

We execute a simulate pipeline API call using several processors with a sample subset of a document to test the pipeline against:

        curl -XPOST 'http://127.0.0.1:9200/_ingest/pipeline/_simulate?
        pretty' -d '{
          "pipeline": {
            "description": "Testing some build-processors",
            "processors": [
              {
               ...

Grok processor

Elasticsearch provides a large number of built-in processors that increases with every release. In the preceding examples, we have seen the set and the replace ones. In this recipe, we will cover one of the most used for log analysis: the grok processor, which is well known to Logstash users.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command line, you need to install curl for your operative system.

How to do it...

To test a grok pattern against some log lines, we will perform the following steps:

We will execute a call passing both the pipeline with our grok processor and a sample subset of a document to test the pipeline against:

        curl -XPOST 'http://127.0.0.1:9200/_ingest/pipeline/_simulate?
        pretty' -d '{
          "pipeline": {
            "description": "Testing grok pattern",
            "processors": [...

Using the ingest attachment plugin

It's easy to make a cluster irresponsive in Elasticsearch prior to 5.x, using the attachment mapper. The metadata extraction from a document requires a very high CPU operation and if you are ingesting a lot of documents, your cluster is under load.

To prevent this scenario, Elasticsearch introduces the ingest node. An ingest node can be held under very high pressure without causing problems to the rest of the Elasticsearch cluster.

The attachment processor allows us to use the document extraction capabilities of Tika in an ingest node.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command line, you need to install curl for your operative system.

How to do it...

To be able to use the ingest attachment processor, perform the following steps:

You need to install it as a plugin via:
```
        bin/elasticsearch-plugin...
```

Using the ingest GeoIP plugin

Another interesting processor is the GeoIP one that allows us to map an IP address to a GeoPoint and other location data.

Getting ready

You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.

To execute curl via the command line, you need to install curl for your operative system.

How to do it...

To be able to use the ingest GeoIP processor, perform the following steps:

You need to install it as a plugin via:

        bin/elasticsearch-plugin install ingest-geoip

The output will be something like the following one:

          -> Downloading ingest-geoip from elastic
          [=================================================] 100%??            
          @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
          @     WARNING: plugin requires additional permissions     @     
          @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
          * java.lang.RuntimePermission...

The rest of the chapter is locked

You have been reading a chapter from

Elasticsearch 5.x Cookbook - Third Edition

Published in: Feb 2017Publisher: ISBN-13: 9781786465580

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Author (1)

Alberto Paro

Alberto Paro is an engineer, manager, and software developer. He currently works as technology architecture delivery associate director of the Accenture Cloud First data and AI team in Italy. He loves to study emerging solutions and applications, mainly related to cloud and big data processing, NoSQL, Natural language processing (NLP), software development, and machine learning. In 2000, he graduated in computer science engineering from Politecnico di Milano. Then, he worked with many companies, mainly using Scala/Java and Python on knowledge management solutions and advanced data mining products, using state-of-the-art big data software. A lot of his time is spent teaching how to effectively use big data solutions, NoSQL data stores, and related technologies.
Read more about Alberto Paro

Other recommended products

Related to this chapter

Elasticsearch 7.0 Cookbook

This book is your one-stop guide to master Elasticsearch. It provides numerous problem-solution based recipes through which you can implement Elasticsearch in your enterprise applications in a very simple, hassle-free way.

BookApr 2019724 pages

Mastering Elasticsearch 5.x

This book will help you leverage Elasticsearch, guiding you through everything from writing and creating customized plugins to extend Elasticsearch to tackling challenges while handling relational data in Elasticsearch. You’ll learn with the help of practical examples in a step-by-step way.

BookFeb 2017428 pages

Elasticsearch 7 Quick Start Guide

Elasticsearch is one of the most popular tools for distributed search. This book will help you in understanding all about the new features of Elasticsearch 7, and how to use them efficiently for searching, aggregating and indexing data with speed and accuracy.

BookOct 2019186 pages

Learning Elasticsearch

Elasticsearch is a Lucene-based search and analytics engine for distributed search and analytics. This book will be your hands-on guide as you explore and put to use the features of Elasticsearch 5.x.

BookJun 2017404 pages

Advanced Elasticsearch 7.0

Advanced Elasticsearch 7.0, will help the readers to leverage new features and Core APIs of Elasticsearch to perform advanced search operations. This book covers data modeling, aggregations, pipeline processing, and data Analytics using Elasticsearch

BookAug 2019560 pages

Mastering Elastic Stack

BookFeb 2017526 pages

Learning Elastic Stack 6.0

This book will give you a fundamental understanding of what the stack is all about, and how to use it efficiently to build powerful real-time data processing applications. It provide in-depth coverage of the different components of the Elastic Stack, and how to use them all together.

BookDec 2017434 pages

Learning Elastic Stack 7.0

This book teaches you about every component of the Elastic Stack - including Elasticsearch, Kibana, Logstash, and X-pack - with new and the updated features that are released with the 7.0 version. With the help of this book, you will be able to develop enterprise-grade distributed search and analytics applications for your data without any hassle.

BookMay 2019474 pages

Learning Kibana 5.0

BookFeb 2017284 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages