June 29, 2017


Amazon User Activity Log

Here is a good article about how to integrate cloud trail to elastic search.

Once I follow all these steps, I can log all Amazon activities into Elastic. This is super useful to know what changes are taking place in my account.

June 23, 2017


validate your json string

jsonschema has validate method to make sure the data is satisfying the correct types. For e.g. in the following code, I will get an error asking me to correct street_address from 353 to string.

import jsonschema

schema = {
  "type": "object",
  "properties": {
    "street_address": {"type": "string"},
    "city": {"type": "string"},
    "state": {"type": "string"},
  "required": ["street_address", "city", "state"]

    "street_address": 353,
    "city": "bar",
    "state": "foobar"
}, schema)



# itertools module has permutations and combinations methods

numbers = ['1','3','4', '6', '5', '9']
for nums in itertools.permutations(numbers):

for ops1 in itertools.combinations_with_replacement(numbers, 2):
    print (ops1)

# use format method of string object to replace place-holders


nums = ('6', '4', '3', '1')

ops2=('*', '/','+')




June 15, 2017


formatting dates using logstash

Let's assume we need this csv file to be imported in Elastic-search.

vi /tmp/path_to_my_csv.csv

1234365,2016-12-02 19:00:52
1234368,2016-12-02 15:02:02
1234369,2016-12-02 15:02:07

I will need this config file to process it.

vi /tmp/logstash.conf
input {
  file {
    path => "/config-dir/path_to_my_csv.csv"
    start_position => "beginning"
    sincedb_path => "/dev/null"
filter {
  csv {
        separator => ","
        columns => ["col1","col2"]
  mutate {convert => [ "col1", "float" ]}
  date {
        locale => "en"
        match => ["col2",  "yyyy-MM-dd HH:mm:ss"]
        target => "col2"
output {
   elasticsearch {
     hosts => ""
     index => "my_collection"
  stdout {}

# delete the index first
curl -XDELETE localhost:9200/my_collection

# change to /tmp/ folder
cd /tmp/

# use docker image to import data
docker run -it --rm -v "$PWD":/config-dir logstash -f /config-dir/logstash.conf

# check the mapping
curl -XGET 'http://localhost:9200/_mapping?pretty=true' | grep -A2 col2

If this command returns something like the following then the date is parsed correctly.

          "col2" : {
            "type" : "date"


If elasticsearch container is not listening on localhost then....

docker run -d -p 9200:9200 -p 5601:5601 nshou/elasticsearch-kibana

or use shantanuo/mykibana

June 04, 2017


Packetbeat dashboards

In order to import sample kibana dashboards, we need to install packetbeat first. And then install the sample dashboards to elastic server.

curl -L -O

sudo rpm -vi packetbeat-5.4.1-x86_64.rpm

cd /usr/share/packetbeat/

./scripts/import_dashboards -es http://localhost:9200

June 03, 2017


Frequently used docker containers

Here are 3 containers those I need most of the times.

1) elastic and kibana

a) elastic, kibana and packetbeat

docker run --disable-content-trust -p 9200:9200 -p 5601:5601 -d nshou/elasticsearch-kibana

docker run --cap-add=NET_ADMIN --net=host -e KIBANA="" -e HOST="" shantanuo/packetbeat-agent-unsecure

b) Connect to elastic hub:

docker run --cap-add=NET_ADMIN --network=host -e KIBANA="" -e HOST="" -e PASS="pwkbZXIB3VMPtr4wOnpLNi8c"  shantanuo/packetbeat-agent

c) get the IP of elastic using command hostname -i and then install metric-beat dashboard using docker

docker run ./scripts/import_dashboards  -es

2) python pandas using miniconda

docker run -i -t -p 8888:8888 -v /tmp:/tmp continuumio/miniconda3 /bin/bash -c "/opt/conda/bin/conda install jupyter -y && cd /tmp/ && /opt/conda/bin/jupyter notebook --NotebookApp.token='india' --notebook-dir=/tmp --ip='' --port=8888 --no-browser --allow-root"

3) mysql fixed bug and added IST timezone

docker run -p 3399:3306 -e MYSQL_ROOT_PASSWORD=india3399 -v /my/custom3399:/etc/mysql/conf.d  -v /storage/mysql/datadir3399:/var/lib/mysql -d shantanuo/mysql:5.7

This container uses the config file as shown below:

# vi /my/custom3399/my.cnf


### enable master
# log-bin=/var/log/mysql/mysql-bin.log

### myisam only
# skip-innodb
# default-storage-engine=MyISAM
# default_tmp_storage_engine=MyISAM
# key-buffer-size=1G
# myisam_max_sort_file_size=40G
# myisam_sort_buffer_size=512M
# bulk_insert_buffer_size=1G
### disable strict sql mode
# sql-mode=''
# secure-file-priv = ""

### innodb setting
# innodb_buffer_pool_size=1G
# innodb_log_file_size=512M

# innodb_flush_method=O_DIRECT
# innodb_file_per_table
# innodb-flush-log-at-trx-commit = 2

# make sure temp directory has sufficient space
# tmpdir=/

4) Adminer container to manage mysql

docker run -p 80:80  -d  shantanuo/adminer /bin/bash -c "/usr/sbin/apache2ctl -D FOREGROUND "

