Crates.io | fakebeat |
lib.rs | fakebeat |
version | 0.1.2 |
source | src |
created_at | 2022-11-28 09:19:21.317283 |
updated_at | 2022-11-28 09:36:21.045816 |
description | Fake documents generator for Elasticsearch |
homepage | |
repository | |
max_upload_size | |
id | 724294 |
size | 60,556 |
Fakebeat allows you to generate fake data with ease using Tera templates.
This is similar to already existing elastic/makelog
, but offers far more flexibility.
Define custom document templates (as text files), consisting of index
configuration and values
for each field, like this:
{
"values": {
"@timestamp": "{{date()}}",
"threat": {
"indicator": {
"type": "file",
"first_seen": "{{date(sub_rnd_days=30)}}",
"file": {
"hash": {
"md5": "{{hash()}}"
}
},
"marking": {
"tlp": "RED"
}
},
"feed": {
"name": "fakebeat_{{random_value(options='file|host')}}"
}
},
"event": {
"type": "indicator",
"category": "threat",
"dataset": "ti_*",
"kind": "enrichment"
}
},
"index": {
"mappings": {
"properties": {
"@timestamp": { "type": "date" },
"threat": {
"properties": {
"indicator": {
"properties": {
"type": { "type": "keyword" },
"first_seen": { "type": "date" },
"file": {
"properties": {
"hash": {
"properties": {
"md5": {
"type": "keyword"
}
}
}
}
},
"marking": {
"properties": {
"tlp": { "type": "keyword" }
}
}
}
},
"feed": {
"properties": {
"name": {
"type": "keyword"
}
}
}
}
},
"event": {
"properties": {
"type": { "type": "keyword" },
"category": { "type": "keyword" },
"dataset": { "type": "keyword" },
"kind": { "type": "keyword" }
}
}
}
}
}
}
Note: you can copy the index
section straight from Kibana, it accepts anything permitted with create index api
Each of the values can be constructed using random value generators. You can check the available generators using
fakebeat -g
. Generated values can be combined and used in conditional statements as well - see the Tera manual for reference on what is possible with the templating.
Once your template is ready, save it in a file and run filebeat you_file.json --index index-name --count 100
to
create 100 documents within your local ES instance. It is also possible to use different hosts or cloud deployments,
consult fakebeat -h
for how to do that.
See the examples for reference on how a template might look like.
Usage example (assuming the default url
, password
and username
options):
Single document template:
fakebeat examples/event_file.json -i filebeat-file -c 10000
Multiple examples:
fakebeat examples/event_file.json -i filebeat-file -c 10000 examples/threat_url.json -i filebeat-url -c 10000
Append to indices instead of recreating:
fakebeat -a examples/event_file.json -i filebeat-file -c 10000 examples/threat_url.json -i filebeat-url -c 10000