Configuration Steps: #
1. Enable Sample Data: #
In Argus, sample data is usually included by default. However, if you don’t see it, you may need to ensure that it’s enabled in your Elasticsearch and Argus configurations.
2. Creating Sample Data Indices: #
- Sample data can be created manually or through the Argus dashboard. You might need to define index patterns in Kibana that match the sample data indices.
- Use the following command to create sample indices in Elasticsearch (if they are not already present):
curl -X POST “localhost:9200/sample-data-index-000001” -H ‘Content-Type: application/json’ -d ‘{
“mappings”: {
“properties”: {
“host”: { “type”: “keyword” },
“event”: { “type”: “text” },
“timestamp”: { “type”: “date” }
}
}
}’
3. Index Template for Sample Data: #
- You can create an index template specifically for sample data to define its mappings and settings.
- Example:
PUT _template/sample_data_template
{
“index_patterns”: [“sample-data-*”],
“mappings”: {
“properties”: {
“host”: { “type”: “keyword” },
“event”: { “type”: “text” },
“timestamp”: { “type”: “date” }
}
}
}
4. Sample Data Loader: #
- If Argus provides a sample data loader (like the sample-data in Kibana), you can use it to automatically generate and load sample data into the specified indices. You can run a command similar to:
./argus-sample-data-loader
5. Visualizing Sample Data in Kibana: #
- Once the sample data indices are created, you can create index patterns in Kibana to visualize the data.
6. Configuring Alerts and Dashboards: #
- You can configure alerts based on the sample data by creating custom rules in Argus.
- Create dashboards in Kibana to visualize the sample data for analysis and demonstration purposes.
Managing Sample Data #
- Deleting Sample Data: If you want to remove sample data for any reason, you can delete the sample data indices using:
curl -X DELETE “localhost:9200/sample-data-*”
- Updating Sample Data: You can modify existing sample data indices by using the Elasticsearch API to add or update documents as needed.
