We can't even use debian/ubuntu. It's pure madness.
kizzale_
should logstash hold open log files that haven't been written to in a while? it's holding open logs from days ago...
semiosis
hopefully you wont find anyone here seriously trying to prove some other software is shitty. usefullness depends on the use case, and different people have different criteria
marcelo_ has quit
cjs226 has quit
jameshyde
in kibana, by default, it shows up 'Time' and '@message', is it possible for it to also show 'syslog_hostname' by default?
Sgoettschkes has quit
mortini_
jameshyde: edit the KibanaConfigrb
+.
there's a default fields setting in theere
tombar
whack: i'm running redis on a VM with 3cores and 6gb ram, with redis fsync and all persistence disabled.. no packets where dropped over the network
jameshyde
mortini_: thanks, it works!
mortini_
cool
ehthayer joined the channel
tombar
whack: is there any extra setting/tunning i should apply ?
jameshyde
I am not sure why kibana works for chrome browser, but not for IE8 browser here.
kizzale_
hrm logstash isnt closing files because im using discovery on a glob, and i'm putting logs in the same dir, just datestamped. is there a way i can force the file input to match a regex for the filename?
Title: Improve IE8/9 support in Kibana · Issue #10 · monitorama/hackathon · GitHub (at github.com)
chrisp666 has quit
chrisp666 joined the channel
jameshyde
semiosis: nice!
anthroprose1 has quit
jrgifford__ has quit
freezey has quit
metcalfc has quit
TFU has quit
metcalfc joined the channel
jaimeg5002 has quit
jaimeg5002 joined the channel
jlambert121
attempting to get tomcat brought into our logstash config - what a wonderful mess of weird patterns in the catalina.out. One of the log entries is "date class method\nlevel: text". Should be easy enough, match the first line and automatically include the next.
that being said, multiline for me seems to require pattern - here's what i'm attempting to use: http://pastie.org/7272627
on the todo list, not an option today - internal stuff
semiosis
yep thats pretty common
jlambert121
if i don't supply pattern for multiline i get "Exception in thread "LogStash::Runner" org.jruby.exceptions.RaiseException: (TypeError) can't clone NilClass"
the docs has it listed as optional though - trying to just match a tag
ehthayer has quit
sad that better solutions have to go through the game, isn't it?
semiosis
are you using flatjar or monolithic?
jlambert121
monolithic
semiosis
sounds like a bug... if pattern isn't required and there's no default, then it's nil which causes an exception
:(
i think pattern should be required, dont you?
techminer
Can you grok multiple filters out of a single log? For debugging purposes, can you log grok failures so you can fix or add more grok filters?
jlambert121
right now my answer is now, but maybe i don't know "the better way". if you look at the sample messages on my paste do you have a better idea for how to include the next line with a grok match?
s/now/no
techminer
I should say….grok multiple patterns...
semiosis
jlambert121: what => "previous" pattern => "^[A-Z]+:\s+"
zimbatm_ has quit
spryfox has quit
mxt joined the channel
mxt
Evening.
semiosis
afternoon
jlambert121
semiosis: sure - was just trying to avoid the bit of overhead of processing a pattern - i'll give that a shot though
semiosis: should i enter a bug for multiline on jira?
semiosis
techminer: you can give grok an array of patterns, it will try them left to right until one matches, see ,,(modsecurity) for example
So I am taking a stab at using Logstash as an alternative to services like Splunk because Logstash doesn't cost my first born. Just launching the Logstash monolithic JAR file with ES embedded server, it takes a minute or two to load up with a fresh install - how come? IS there anyway of me seeing what's going on?
jlambert121
semiosis: thanks for your help - i'll file a bug on this and test this pattern when logstash restarts again :)
semiosis
never heard of anyone using mutliline without pattern
if there's a legit use case for that i'd like to know what it is :)
yw, hope it works
mxt
The VM (backed by KVM) only has two vCPUs I guess.
jlambert121
semiosis: i assumed adding a tag at a previous step than just matching on it later would be the fastest processing time
ticean has quit
semiosis
premature optimization at best, not going to work at all at worst
daenney has quit
make it work, make it right, make it fast
in that order
jlambert121
fair enough
techminer
semiosis: thanks….so create a file in my patterns dir with all the matches I want to make from a log….and include that patterns_dir in the filter….
semiosis
in my opinion anyway
jlambert121
trying to think too much about it. i don't diagree
jameshyde has quit
junix659 joined the channel
zdunn1 has quit
metcalfc has quit
metcalfc joined the channel
losh has left the channel
ticean joined the channel
phantasm66 has quit
jfluhmann has quit
dblessing has quit
juicer2 has quit
BlackMaria has quit
czervik has quit
masterzen has quit
jessemda1is has quit
masterzen joined the channel
OG_ has quit
r0tha has quit
h0cin has quit
r0tha joined the channel
mallen joined the channel
mallen
Is it possible to run Kibana on https only? Or some other recommended way of securing it?
it appears logstashbot has a lot of good references. is there a listing of it's sources and tags one can browse?
semiosis
you can "/msg logstashbot factoids search #logstash *" to get a list of factoids, then issue each one as a separete message to see the values
jlambert121
thanks
semiosis
`factoids
logstashbot
semiosis: Error: "factoids" is not a valid command.
jlambert121
i'll give that a shot later tonight - wondering how many questions it can answer for me
maybe :)
semiosis
`learn factoids as you can "/msg logstashbot factoids search #logstash *" to get a list of factoids, then issue each one as a separete message to see the values
logstashbot
semiosis: OK.
mbutcher has quit
semiosis
a meta factoid
jlambert121: there are not many factoids yet, the bot is still relatively new
