Install requried modules with `pip`.

```
python3 -m pip install --user --upgrade elasticsearch
```

In [1]:
from elasticsearch import Elasticsearch

Connect to local instance

In [2]:
conn = Elasticsearch(hosts=["localhost:9200"])

Object creation does not verify that server is up. Validate it!

In [3]:
conn.ping()

True

Elasticsearch uses HTTP and transport protocol, so indexing individual documents is fairly expensive. Especially when talking about IDS logs. Proper way is to use bulk API.

See:

https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html

Bulk format requires metadata line before each document to indicate what action should be taken, which index used, etc. **Index name must be lowercase**.

In [4]:
bulk = []
i = 0
for i in range(100):
    meta = {
        "index": {
            "_index": "mynewindex",
            "_id": i
        }
    }
    doc = {
        "message": "this is message {}".format(i),
        "count": i
    }
    
    bulk.append(meta)
    bulk.append(doc)

In [5]:
print(len(bulk))

200


Then ship it!

In [6]:
resp = conn.bulk(bulk)
print(resp.keys())

dict_keys(['took', 'errors', 'items'])


And verify on CLI.

```
curl localhost:9200/myNewIndex/_search
```