Skip to content

Elasticsearch

When the platform deployment is completed, some post-install configuration update are required. The PunchPlatform team created a set of resource that you must set up to be production ready. Here are the dedicated actions to Elasticsearch.

Load Templates

From the root folder of the unzipped deployer (e.g. 'punchplatform-deployment-5.4.0'), the Elasticsearch related resources are located at:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
punchplatform-deployment-5.4.0
└── resources
    └── elasticsearch
        └── templates
            ├── cyber
            │   ├── mapping_aggregations.json
            │   ├── mapping_events.json
            │   └── mapping_pml.json
            ├── platform
            │   ├── mapping_metrics.json
            │   ├── mapping_objects_storage.json
            │   ├── mapping_platform_monitoring.json
            │   └── mapping_punchplatform_api.json
            └── ...

The template mapping that you must load are the ones under the "platform" directory. They are needed to correctly insert the monitoring events generated by the PunchPlatform itself.

To do so, you can do it by hand using this command for each file:

1
$ curl -H "Content-Type: application/json" -XPUT localhost:9200/_template/mapping_metrics -d @mapping_metrics.json

Or you can load them all at once using the dedicated punchplatform-push-es-templates.sh command:

1
$ punchplatform-push-es-templates.sh --directory resources/elasticsearch/templates/platform --url http://localhost:9200 --verbose