Home for Elasticsearch examples available to everyone. It's a great way to get started.

Related tags

Search examples
Overview

Introduction

This is a collection of examples to help you get familiar with the Elastic Stack. Each example folder includes a README with detailed instructions for getting up and running with the particular example. The following information pertains to the examples repo as a whole.

Contents

Quick start

You have a few options to get started with the examples:

  • If you want to try them all, you can download the entire repo . Or, if you are familiar with Git, you can clone the repo. Then, simply follow the instructions in the individual README of the examples you're interested in to get started.

  • If you are only interested in a specific example or two, you can download the contents of just those examples - follow instructions in the individual READMEs OR you can use some of the options mentioned here.

Contributing

See here

Example catalog

Below is the list of examples available in this repo:

Common Data Formats

Exploring Public Datasets

Examples using the Elastic Stack for analyzing public dataset.

Getting Started with Graph exploration

Alerting on Elastic Stack

Alerting lets you set up watches (or rules) to detect and alert on changes in your Elasticsearch data. Below is a list of examples watches that configured to detect and alert on a few common scenarios:

Machine learning

Search & API Examples

Security Analytics

Miscellaneous

Comments
  • NYC collision data example

    NYC collision data example

    Hi, I'm a newbie, I'm running the nyc collision data example, and have elasic and kibana up and running, data and examples files are downloaded.

    I'm getting an error with step 1. ingest data into elasticsearch using logstash: cat nyc_collision_data.csv | d:/downloads/logstash-2.3.0/bin/logstash -f nyc_collision_logstash.conf

    I'm using windows command prompt, and the message I receive is: 'cat' is not recognized as an internal or external command, operable program or batch file.

    how do i get past this error? thx, rains

    image

    opened by rains555 22
  • Can't uncompress snapshot with DonorsChoose.org data

    Can't uncompress snapshot with DonorsChoose.org data

    Hi,

    Thank you very much for the example with DonorsChoose data, it's awesome!

    I wanted to run the example on my local pc, unfortunately I have problem with downloaded snapshot - I can't unpack it. I tried with winrar and 7-zip, but both failed. Error is always the same:

    image

    What is quite interesting to me, is fact that when I'm downloading file, the size is 7.5GB:

    image

    File downloads fine, but its size is different than expected:

    image

    Only 4.95GB.

    OS: windows 10 File System: NTFS Free space before unpacking: 10 GB

    Any help much appreciated. Thank you.

    opened by robertlyson 16
  • twitter_elk_example

    twitter_elk_example

    Hi, did not hear back on the nyc_collision example so tried the twitter_elk_example. logstash pipeline was started by 4 workers but then received this error in teh screen shot. any idea on how to resolve this error and get this example working?

    image

    opened by rains555 14
  • Problem loading sample dashboard

    Problem loading sample dashboard

    Hello, I'm a newbie and got kibana and elasticsearch running. I managed to ingest the data & do get a count response of approximately 473039

    But I cannot complete the next step to load the dashboard. Folllowing this in Kibana: Click the Settings tab >> Objects tab >> Import, and select restaurants_kibana.json

    I do get: Saved Objects: Cannot read property 'listeners' of undefined

    Can someone help walk me through? What am I missing?

    docs 
    opened by Sputniza 13
  • Installation setup docker

    Installation setup docker

    Hi,

    As discussed in issue https://github.com/elastic/examples/issues/18 here's an initial draft of an ELK stack Docker setup.

    Please review and edit anywhere you deem appropriate.

    Thanks.

    opened by rudijs 6
  • Error: Could not parse application options: invalid option: --manifestdir

    Error: Could not parse application options: invalid option: --manifestdir

    I tried downloading both v1 and v2 demo's, but when I install the NYC traffic demo i get the error:

    Error: Could not parse application options: invalid option: --manifestdir

    at the point where puppet is doing the provisioning. Looking around it seems this was deprecated in the 4.x puppet versions. https://github.com/mitchellh/vagrant/issues/3740

    Not really clear where to take it from here though. Any help to get the demo working would be appreciated.

    opened by ms82119 6
  • Configs for metricbeat and filebeat on EKS

    Configs for metricbeat and filebeat on EKS

    This example adds Kubernetes configuration files to run Metricbeat and Filebeat on Amazon EKS. EKS is slightly different in what comes OOTB compared to vanilla k8s that we reference in our documentation.

    I will also be referencing this example in a blog post on Monitoring EKS.

    Appreciate a quick review. Thanks!

    opened by asjadathick 5
  • Could not locate that visualization (id: BRFSS:-Respondents)

    Could not locate that visualization (id: BRFSS:-Respondents)

    screenshot from 2017-10-30 15-32-57 After uploading the data into elasticsearch, I'm unable to see the visualization in the kibana dashboard. For every element in the dashboard I get this error with different id not being located. screenshot from 2017-10-30 15-15-48

    Can't Reproduce 
    opened by osat 5
  • CPU - Change in IOWait is not suitable for the metricbeat

    CPU - Change in IOWait is not suitable for the metricbeat

    The Sample "CPU - Change in IOWait" is not suitable for the metricbeat, which is the replacement for topbeat. Error informaiton: SearchPhaseExecutionException[all shards failed]; nested: RemoteTransportException[elk5-es-poc-node-3][10.193.105.128:9301][indices:data/read/search[phase/query]]]; nested: IllegalArgumentException[Fielddata is disabled on text fields by default. Set fielddata=true on [beat.hostname] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory.];

    opened by sitanxin 5
  • Canvas AMA Json Templates Fail

    Canvas AMA Json Templates Fail

    The Canvas AMA templates fail. The instructions and bulk load show the index as amaresponses.

    The Canvas widgets reference "responses" which of course fails:

    {escount index="responses" q="business_group:Engineering"}
    

    Changing all references from "responses" to "amaresponses" fixes the issue:

    {escount index="amaresponses" q="business_group:Engineering"}
    
    opened by packet-rat 4
  • Machine Learning example Lab 3 type field inconcisteny

    Machine Learning example Lab 3 type field inconcisteny

    The mapping for the index for Machine Learning example Lab 3 (user activity) defines metric as the type here: https://github.com/elastic/examples/blob/master/Machine%20Learning/Getting%20Started%20Examples/user_activity/ingest-data.sh#L23

    However, the JSON data referenced in the README file (https://github.com/elastic/examples/blob/master/Machine%20Learning/Getting%20Started%20Examples/user_activity/README.md) for the wget command uses log as the type.

    So the metric mapping will not be used when ingesting the data. Furthermore, with upcoming versions of Elasticsearch, this example will not work anymore, because support for multiple mapping types within an index will be deprecated.

    To fix this, the type fields need to match both in the ingest script as well as the JSON data.

    opened by walterra 4
  • Bump certifi from 2019.11.28 to 2022.12.7 in /Machine Learning/Analytics Jupyter Notebooks

    Bump certifi from 2019.11.28 to 2022.12.7 in /Machine Learning/Analytics Jupyter Notebooks

    Bumps certifi from 2019.11.28 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
  • Bump certifi from 2017.7.27.1 to 2022.12.7 in /Exploring Public Datasets/nyc_restaurants/scripts

    Bump certifi from 2017.7.27.1 to 2022.12.7 in /Exploring Public Datasets/nyc_restaurants/scripts

    Bumps certifi from 2017.7.27.1 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
  • Bump protobuf from 3.1.0.post1 to 3.18.3 in /Alerting/Sample Watches

    Bump protobuf from 3.1.0.post1 to 3.18.3 in /Alerting/Sample Watches

    Bumps protobuf from 3.1.0.post1 to 3.18.3.

    Release notes

    Sourced from protobuf's releases.

    Protocol Buffers v3.18.3

    C++

    Protocol Buffers v3.16.1

    Java

    • Improve performance characteristics of UnknownFieldSet parsing (#9371)

    Protocol Buffers v3.18.2

    Java

    • Improve performance characteristics of UnknownFieldSet parsing (#9371)

    Protocol Buffers v3.18.1

    Python

    • Update setup.py to reflect that we now require at least Python 3.5 (#8989)
    • Performance fix for DynamicMessage: force GetRaw() to be inlined (#9023)

    Ruby

    • Update ruby_generator.cc to allow proto2 imports in proto3 (#9003)

    Protocol Buffers v3.18.0

    C++

    • Fix warnings raised by clang 11 (#8664)
    • Make StringPiece constructible from std::string_view (#8707)
    • Add missing capability attributes for LLVM 12 (#8714)
    • Stop using std::iterator (deprecated in C++17). (#8741)
    • Move field_access_listener from libprotobuf-lite to libprotobuf (#8775)
    • Fix #7047 Safely handle setlocale (#8735)
    • Remove deprecated version of SetTotalBytesLimit() (#8794)
    • Support arena allocation of google::protobuf::AnyMetadata (#8758)
    • Fix undefined symbol error around SharedCtor() (#8827)
    • Fix default value of enum(int) in json_util with proto2 (#8835)
    • Better Smaller ByteSizeLong
    • Introduce event filters for inject_field_listener_events
    • Reduce memory usage of DescriptorPool
    • For lazy fields copy serialized form when allowed.
    • Re-introduce the InlinedStringField class
    • v2 access listener
    • Reduce padding in the proto's ExtensionRegistry map.
    • GetExtension performance optimizations
    • Make tracker a static variable rather than call static functions
    • Support extensions in field access listener
    • Annotate MergeFrom for field access listener
    • Fix incomplete types for field access listener
    • Add map_entry/new_map_entry to SpecificField in MessageDifferencer. They record the map items which are different in MessageDifferencer's reporter.
    • Reduce binary size due to fieldless proto messages
    • TextFormat: ParseInfoTree supports getting field end location in addition to start.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
  • Example for Malware Analysis Winlog beat wana_cry is 5 years old.

    Example for Malware Analysis Winlog beat wana_cry is 5 years old.

    Will there ever be an update so that these images (wana_cry) can be used with a current version of elasticsearch? The snapshots cannot be used since there is a version miss match. See https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html

    opened by DackJempsey 1
  • Bump nbconvert from 5.6.1 to 6.5.1 in /Machine Learning/Analytics Jupyter Notebooks

    Bump nbconvert from 5.6.1 to 6.5.1 in /Machine Learning/Analytics Jupyter Notebooks

    Bumps nbconvert from 5.6.1 to 6.5.1.

    Release notes

    Sourced from nbconvert's releases.

    Release 6.5.1

    No release notes provided.

    6.5.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/jupyter/nbconvert/compare/6.4.5...6.5

    6.4.3

    What's Changed

    New Contributors

    Full Changelog: https://github.com/jupyter/nbconvert/compare/6.4.2...6.4.3

    6.4.0

    What's Changed

    New Contributors

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
Releases(v2.1)
Owner
elastic
elastic
High level Python client for Elasticsearch

Elasticsearch DSL Elasticsearch DSL is a high-level library whose aim is to help with writing and running queries against Elasticsearch. It is built o

elastic 3.6k Dec 30, 2022
esguard provides a Python decorator that waits for processing while monitoring the load of Elasticsearch.

esguard esguard provides a Python decorator that waits for processing while monitoring the load of Elasticsearch. Quick Start You need to launch elast

po3rin 5 Dec 8, 2021
A library for fast import of Windows NT Registry(REGF) into Elasticsearch.

A library for fast import of Windows NT Registry(REGF) into Elasticsearch.

S.Nakano 3 Apr 1, 2022
A real-time tech course finder, created using Elasticsearch, Python, React+Redux, Docker, and Kubernetes.

A real-time tech course finder, created using Elasticsearch, Python, React+Redux, Docker, and Kubernetes.

Dinesh Sonachalam 130 Dec 20, 2022
A library for fast parse & import of Windows Prefetch into Elasticsearch.

prefetch2es Fast import of Windows Prefetch(.pf) into Elasticsearch. prefetch2es uses C library libscca. Usage When using from the commandline interfa

S.Nakano 5 Nov 24, 2022
Es-schema - Common Data Schemas for Elasticsearch

Common Data Schemas for Elasticsearch The Common Data Schema for Elasticsearch i

Tim Schnell 2 Jan 25, 2022
This Project is based on NLTK It generates a RANDOM WORD from a predefined list of words, From that random word it read out the word, its meaning with parts of speech , its antonyms, its synonyms

This Project is based on NLTK(Natural Language Toolkit) It generates a RANDOM WORD from a predefined list of words, From that random word it read out the word, its meaning with parts of speech , its antonyms, its synonyms

SaiVenkatDhulipudi 2 Nov 17, 2021
A sentence search engine that fetches examples from trusted news/media organisations. Great for writing better English.

A sentence search engine that fetches examples from trusted news/media websites. Great for improving writing & speaking better English.

Stephen Appiah 1 Apr 4, 2022
Anime Streams Scrapper for Telegram Publicly Available for everyone to use

AniRocks Project Structure: ╭─ bot ├──── plugins: directory stored all the plugins ├──── utils: a directory of Utilities to help bot Client to create

ポキ 11 Oct 28, 2022
This was my test project when i started to learn Python Tkinter. Its the simplest interface possible.

Rock-Paper-Scissors-Game- Project Description: This was my test project when i started to learn Python Tkinter. Its the simplest interface possible. R

Hassan Shahzad 2 Jan 17, 2022
Get input from OLED Joystick, Runs command, Displays output on OLED Screen (Great for P4wnP1)

p4wnsolo-joyterm Gets text input from OLED Joystick Runs the command you typed Displays output on OLED Screen (Great for P4wnP1 - even better on Raspb

PawnSolo 7 Dec 19, 2022
A programming language built on top of Python to easily allow Swahili speakers to get started with programming without ever knowing English

pyswahili A programming language built over Python to easily allow swahili speakers to get started with programming without ever knowing english pyswa

Jordan Kalebu 72 Dec 15, 2022
5 Flask Projects To Get Started

5 Flask Projects Projects Made By Using Flask Projects List Rock Paper Scissor Game - A Simple Game Weather App - A OpenWeatherMap Scraper Task List -

Root_Arch 59 Dec 18, 2022
A project to get you started with Docker and Django.

Docker Django tl;dr $ git clone [email protected]:erroneousboat/docker-django.git $ docker-compose up Now you can access the application at https://local

JP Bruins Slot 176 Dec 29, 2022
A CLI tools to get you started on any project in any language

Any Template A faster easier to Quick start any programming project. Installation pip3 install any-template Features No third party dependencies. Tem

Adwaith Rajesh 2 Jan 11, 2022
The project is an open-source and low-cost kit to get started with underactuated robotics.

Torque Limited Simple Pendulum Introduction The project is an open-source and low-cost kit to get started with underactuated robotics. The kit targets

null 34 Dec 14, 2022
It really seems like Trump is trying to get his own social media started. Not a huge fan tbh.

FuckTruthSocial It really seems like Trump is trying to get his own social media started. Not a huge fan tbh. (When TruthSocial actually releases, I'l

null 0 Jul 18, 2022
A simple tutorial to get you started with Discord and it's Python API

Hello there Feel free to fork and star, open issues if there are typos or you have a doubt. I decided to make this post because as a newbie I never fo

Sachit 1 Nov 1, 2021
Scripts and a shader to get you started on setting up an exported Koikatsu character in Blender.

KK Blender Shader Pack A plugin and a shader to get you started with setting up an exported Koikatsu character in Blender. The plugin is a Blender add

null 166 Jan 1, 2023
Algorand-app - This tutorial is designed to get you started with Algorand development in a step by step process

Getting Started This tutorial is designed to get you started with Algorand devel

Connor 1 Jan 6, 2022