Versions Compared

Old Version 6

changes.mady.by.user AlexI

Saved on

compared with

New Version 7

changes.mady.by.user andrew johnston

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

A new type of object available for Infinit.e versions >= v0.3 provided they are running elasticsearch versions >= 1.0.

...

Code Block
{
	"_index": "string", // The index name in which the record is saved, eg "recs_51a60d9ee4b05fca332279a1" (stashed) or "recs_t_51a60d9ee4b05fca332279a1_2014.04.14" (live)
	"_type": "string", // The type within the above index (normally set manually via logstash), eg "netflow"
	"_id": "string", // the unique key assigned by elasticsearch to each record
	"_source": {
		"@timestamp": "string format:YYYY-MM-DDTHH:mm:SS.sssZ", // Not mandatory but will always be present when harvested from logstash
		"@version": 1,
		"sourceKey": "string", // The Infinit.e source key responsible for ingesting this record
		// Any other fields in the JSON object that is ingested or transformed via logstash. Can be either objects or atomic
	}	
}

Field Guide

Note that logstash performs the following transform on certain field names or data types:

...

Info

The elasticsearch proxy used by the Kibana widget ("<ROOT URL>/infinit.e.records/") is currently an open but undocumented interface. It will eventually be productionized and brought into the default Infinit.e API, as "Knowledge - Record", eg "/api/knowledge/record/query"