原文链接： Kibana 基础

Kibana 4 Templates for Suricata
Kibana 5.x 加强安全

/scripts/import_dashboards -es http://120.92.36.21:9200 -user elastic -pass changeme

# mapping
# 先建立一个索引

curl -XPUT localhost:9200/abc

# 然后定义映射，注意：只有刚刚新建、还没有任何数据的索引，才能定义映射。定义映射Mapping可以使用_mapping RESTAPI，符合下面的标准语法：

curl -XPUT localhost:9200/索引名称/类型名称/_mapping?pretty -d '{"类型名称":{"properties":{"字段名称":{"type":"字段类型","store":"是否存储","index":"索引方式、是否分析"}}}}'

# index-pattern
$CURL -XPOST "$ELASTICSEARCH/.kibana/index-pattern/$name" -d "@$file"
# search
$CURL -XPUT "$ELASTICSEARCH/.kibana/search/$name" -d "@$file" || exit 1
# visualization
$CURL -XPUT "$ELASTICSEARCH/.kibana/visualization/$name" -d "@$file" || exit 1
# dashboard
$CURL -XPUT "$ELASTICSEARCH/.kibana/dashboard/$name" -d "@$file" || exit 1
# config
$CURL -XPOST $ELASTICSEARCH/.kibana/config/4.3.1 -d @dashboards/config.json || exit 1

## 创建index并导入mapping
curl -s -XPUT -H "Content-Type: application/json" --data @twitter_mapping.json \
http://elasticsearch:9200/twitter/; echo

curl -s -XPUT -H "Content-Type: application/json" --data @kibana_mapping.json \
http://elasticsearch:9200/.kibana/; echo

curl -s -XPOST -H "Content-Type: application/json" --data @kibana_config.json \
http://elasticsearch:9200/.kibana/config/4.1.0; echo

curl -s -XPOST http://elasticsearch:9200/.kibana/index-pattern/twitter -d '{
	"title": "twitter",
	"timeFieldName": "created_at"
}'; echo

curl -s -H "Content-Type: application/json" --data @${RIVER_FILE} \
http://elasticsearch:9200/_river/twitter/_meta; echo

# 创建ingest
PUT _ingest/pipeline/my-pipeline-id

快照备份

curl -XPUT -u elastic:P@ssw0rd http://120.92.36.21:9200/_snapshot/backup/snapshot_`date +%Y.%m.%d?wait_for_completion=true && curl -XDELETE -u elastic:infra321 http://120.92.36.21:9200/access-date +%Y.%m.%d -d "-31 day" #curl -XDELETE http://120.92.36.21:9200/access-date +%Y.%m.%d -d "-1 day"`
#curator_cli --host 192.168.19.12 snapshot --repository backup

close the kibana index, restore it from snapshot, and reopen it

closeKibanaIndexCmd="curl -XPOST /.kibana/_close\""
restoreSnapshotCmd="curl -XPOST /_snapshot/elk_backup/$1/_restore\""
reopenKibanaIndexCmd="curl -XPOST /.kibana/_open\""
snapshotRepoCmd="curl -XPUT -s $authString \"$elk_base_url/_snapshot/elk_backup\" -d '{

  \"type\": \"fs\",
  \"settings\": {
      \"location\": \"/tmp/elkinstalldir/snapshots/\"
  }

}'"

echo "creating repo..."
eval $snapshotRepoCmd
echo "closing kibana index..."
echo "restoring snapshot..."

echo "reopening kibana index..."

#curl -XPOST -u esadmin:esadmin -s "http://120.92.36.21:9200/.kibana/_close"
#curl -XPOST -u esadmin:esadmin -s "http://120.92.36.21:9200/_snapshot/elk_backup/$1/_restore"
#curl -XPOST -u esadmin:esadmin -s "http://120.92.36.21:9200/.kibana/_open"