Complete the code to create an index in Elasticsearch.
PUT /[1]-logs { "mappings": { "properties": { "timestamp": { "type": "date" }, "message": { "type": "text" } } } }
The index app-logs is commonly used to store application logs in ELK, which helps in observability.
Complete the code to query logs with a specific keyword.
GET /app-logs/_search
{
"query": {
"match": {
"message": "[1]"
}
}
}Searching for the keyword error helps find error logs, which is key for observability.
Fix the error in the aggregation to count logs by severity level.
GET /app-logs/_search
{
"size": 0,
"aggs": {
"levels": {
"terms": { "field": "[1]" }
}
}
}The field severity.keyword is used to aggregate logs by their severity level in ELK.
Fill both blanks to create a filter for logs between two timestamps.
GET /app-logs/_search
{
"query": {
"range": {
"timestamp": {
"gte": "[1]",
"lte": "[2]"
}
}
}
}Filtering logs from 2024-01-01T00:00:00Z to 2024-01-31T23:59:59Z helps observe logs in January 2024.
Fill all three blanks to create a dictionary comprehension that maps log levels to counts for levels above 'warning'.
counts = {level: count for level, count in [1].items() if level [2] 'warning' and count [3] 0}This comprehension filters log_counts dictionary to include only levels greater than 'warning' with counts above zero.