#logstash

/

      • fatdragon has quit
      • random666 joined the channel
      • random666
        can someone please tell me how do I get a percentage per bucket in kibana? i have a table view with rows split by a certain term I then have a column that represents a specific value (in numbers) I want to add an extra column that shows the percentage of each row related to that specific value the specific value could be hits to simplify, and I then want to know the percentage of hits per row (imagine rows are apache servers) how
      • tomaz_b joined the channel
      • notebox joined the channel
      • b8sell joined the channel
      • hugh_jass has quit
      • msg joined the channel
      • hugh_jass joined the channel
      • msg is now known as Guest45919
      • matejz has quit
      • phaser joined the channel
      • Guest45919 has quit
      • koollman joined the channel
      • phaser
        hello i have a question regarding the geo_point type. how do i inject this type in all my indexes? i'm having an elk stack setup here. filebeat shippers do ship my logs...
      • ssplatt joined the channel
      • random666
        geoip { source => "originalIP" target => "geoip" database => "/elastic/logstash/db/GeoLite2-City.mmdb" }
      • phaser
        this works fine
      • done this
      • but
      • No Compatible Fields: The "filebeat-*" index pattern does not contain any of the following field types: geo_point
      • seems like i need to add this field type
      • bit lost at this point
      • random666
        thats why the target is geoip
      • I had that problem as well
      • phaser
        let me try
      • random666
        the original IP should be your IP to be resolved
      • and you have to set the databate to the location in your setup
      • phaser
      • logstashbot
        Title: [Bash] filter{ if [client_ip] =~ /.+/{ geoip { source => "client_ip" - Pastebin.com (at pastebin.com)
      • phaser
        okay database needs to be setup manualy as well. im using 5.x here and the docs do say that the database is build in by default.
      • markizano
        so what do I do if syslog{} input isn't working - it won't bind to the port I configured...
      • random666
        oh I see your problem
      • go to kibana
      • phaser
        in there
      • random666
        management
      • phaser
        k
      • random666
        index patterns and then select the index in question and click the refresh yellow button
      • to refresh your types
      • that's whats missing
      • markizano
        it's like logstash is completely ignoring what's in /etc/logstash/conf.d/
      • random666
        you need to pass the conf file
      • ./logstash -f your/conf/file
      • markizano
        for logstash.yml, right ?
      • random666
        the better way to do it is to ser your conf folder in logstash.yml like so: path.config: /elastic/logstash/config/conf/
      • markizano
        not each and every input defined in /etc/logstash/conf.d/ right ?
      • random666
        then you create the folder in question and create a conf file in there
      • you have logstash root folder right? then you have a config folder in there with a couple of files, being one of them logstash.yml
      • markizano
        yeah /opt/logstash is the main folder, /etc/logstash is the config folder.
      • random666
        in THAT file you configure where will your conf files will reside like so: path.config: /opt/logstash/config/conf/
      • markizano
        k
      • random666
        "path.config: /opt/logstash/config/conf/"
      • THEN you have to have that folder created
      • and IN THERE you will create your conf files
      • markizano
        ah, path.config
      • looks like the default is /etc/logstash/conf.d
      • random666
        you can have only one (the simpler case) or you can create a couple of them to separate inputs, filters and outputs
      • if you choose the later you MUST name your file like "000-input.conf" "500-filter.conf" "900-output.conf" because logstash will compile those files into one big file uppon start by alphabetical order! (thats why the numbers are there)
      • THENNNNNNNNNN you start logstash by simply ./logstash
      • no flags
      • phaser
        ./logstash --path.config /etc/logstash/conf.d (will also work if im right)
      • markizano
        yay - finally I get something different...
      • so when it upgraded, config file definition became a requirement
      • I had been under the assumption it would find its configs on its own.
      • random666
        It ins't a requirement you could start logstash the good old way by passing -f /my/path/to/configfile
      • hugh_jass joined the channel
      • phaser
        random666: one more quick q: where in kibana do it tell it what username and password to use against elasticsearch? (when security is enabled - x-pack)
      • any idea maybe? :)
      • random666
        I don't have xpack
      • but google should help with that
      • phaser
        yeah
      • random666
        sorry
      • phaser
        no worries
      • just a bit lazy today
      • still no luck btw with that geo_point field type
      • random666
        aren't we all?
      • phaser
        i read something like by default its not in the filebeat mappings
      • its wednesday. i asume su
      • so
      • random666
        what does filebeat has to do with autentication?
      • phaser
        well thats another topic. ;) i quickly switched back to my file type issue regarding geo_point stuff
      • random666
        isn't it solved now?
      • LOL
      • markizano
        thank you random666 - finally got it!
      • random666
        Congrats!
      • phaser
        it isnt
      • rjm has quit
      • yardenbar joined the channel
      • horus joined the channel
      • N-Mi_ joined the channel
      • msg joined the channel
      • msg is now known as Guest33828
      • Guest33828 has quit
      • wraithm joined the channel
      • hugh_jass joined the channel
      • kcas_ joined the channel
      • publio joined the channel
      • rjm joined the channel
      • Lexa joined the channel
      • Lexa is now known as Guest60330
      • Guest60330
        I am getting the following error when attempting to ship logs via filebeats
      • tracepath 10.251.33.130/5044
      • read: connection reset by peer
      • Guest60330 has quit