THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
yellow open yaf_index_2016.04.25.17 5 1 30750 0 17.4mb 17.4mb
In order to verify that the messages were indexed correctly first install elastic search Head plugin:
/usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head/1.x
And navigate to http://node1:9200/_plugin/head/
There you will see parsed message + performance timestamps. We will discuss the performance timestamps in another blog entry.
By convention the index where the new messages will be indexed is called squid_index_[timestamp] and the document type is squid_doc.
Now that we have the messages parsed and indexed we need to setup a Kibana dashboard. To do so access the dashboard on http://node1:5000/#/dashboard/file/default.json
To create a new ingest histogram we first need to setup a pinned query. Click on the query + button and pin a query for _type:squid_doc. This would look like:
Once the query is pinned it will show up in the pinned queries bar like so:
