Also available as:
loading table of contents...

Verifying That the Events Are Indexed

After you finish adding your new data source, you should verify that the data source events are indexed and the output matches any Stellar transformation functions you used.

By convention, the index where the new messages are indexed is called $DATASOURCE_index_[timestamp] and the document type is $DATASOURCE_doc.

Use the Elasticsearch Head plug-in to verify that the messages were indexed correctly:

  1. Log in to $SEARCH_HOST host:

    ssh into Host $SEARCH_HOST
  2. Install the head plug-in:

    /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head/1.x
  3. Navigate to Elasticsearch Head UI: http://$SEARCH_HOST:9200/_plugin/head/.

  4. Click the Browser tab and select $DATASOURCE document in the left panel; then select one of the sample docs.

    You should see something like the following:

    Figure 3.12. Elasticsearch With Index Information

  5. Review the output to ensure it reflects the Stellar transformation functions you used.