is _grokparsefailure added when *any* grok fails to match, or only when they all fail to match?
whack
avleen: when all, in theory, except in some cases where there's a known-ish bug
gyre007 joined the channel
but the intent is when all of them fail
avleen
ok :) cool, that's what i was hoping.
dblessing joined the channel
avleen doing a little rearchitecting and adding in lumberjack
oh that leads me to another question: if i specify a type on an input, and the incoming data from lumberjack has a different type specified... what happens?
because all inputs need types
whack
you're using lumberjack input w/ format set?
avleen: it's a misdesign that inputs require 'type' to be set
avleen
i'm hpoing to
json all the logs, etc
:)
whack
avleen: so what happens is that if you have format => json_event, the 'type' in your event itself will remain
avleen
eeeeexcellent
whack
at that point the 'type' on the input setting becomes more of a default-if-not-present
avleen
ok :)
yeah my logs aren't JSON at all yet
ohlol has quit
jonconley joined the channel
whack
json is stupid, unformatted plain text for all!
NATURAL LANGUAGE WILL SOLVE THIS
stackedsax1 joined the channel
avleen
:-D
jkitchen
yaml.
yaml's starting to grow on me ever so slightly.
like a fungus.
stackedsax1 has quit
it's definitely not for a streaming format though :)
stackedsax joined the channel
kevino joined the channel
kjstone00 joined the channel
mb3
whack: would you mind scrolling up a bit for my coordinate array question? :)
I can't get it to not be a string in ES
madAndroid joined the channel
whack
well, you're setting it as a string
but it probably wants "coordinates": "-122...,37..."
avleen
msgpack!
whack
instead of an array with 1 string, have it a string
you want to have 'coordinates' be an array of two numbers?
nmische__ joined the channel
like "coordinates": [ "-122
braoru joined the channel
erm
b_ joined the channel
like "coordinates": [ "-122", "37" ]
?
nmische has quit
antares_
whack: hey
whack
antares_: howdy!
antares_
whack: I have a couple of questions about developing plugins for 1.1.x
(backporting the new rabbitmq plugin as we speak)
kjstone00 has quit
nmische_ has quit
I'm getting :exception=>#<NameError: uninitialized constant LogStash::Pipeline when I try to reference LogStash::Pipeline::ShutdownSignal
whack
blerg, lemme see what I did there
antares_
In master it's just LogStash::ShutdownSignal, I think
whack
yeah it's just that
I'm trying to move exceptions to a single namespace
antares_
whack: is there a way to run irb with all logstash dependencies on $LOAD_PATH?
whack
bin/logstash irb
or pry if you prefer pry
irb/pry launched with bin/logstash (or java -jar logstash.jar pry) doesn't have *everything* loaded, but you can require "logstash/whatever" and it'll work
basically just sets up the right gem/lib paths
ypli joined the channel
antares_
whack: yup, cannot access LogStash::Pipeline there either
whack
require "logstash/pipeline"
antares_
hm, if I explicitly require "logstash/pipeline", I can
whack
I should update the pry/irb stuff to load common things
antares_
should I do that from the plugin?
that seems a little odd
whack
what do you need from the pipeline class?
maybe I am confused
are you working on the 1.1.14 amqp/rabbitmq stuff?
JoeyI_ is now known as JoeyI
ypli
Hi, guys, I am using the embedded elasticsearch output, how can I reset the elasticsearch index quickly?
mb3
whack: sorry, I'm back. Will this actually work? add_field => [ "coordinates", %{geoip.longitude},%{geoip.latitude}]
I thought the quotes were mandatory around parameters
antares_
whack: yup
whack: I need the ShutdownSignal exception
otherwise I cannot cancel a blocking consumer on HotBunnies
whack: ok, added a require and that helped. Now I see that @codec is nil but I also get "Unknown setting 'codec' for rabbitmq" if I try to set params["codec"] like I do in master
whack
mm
that's odd
mb3: show me an example of what ou want "coordinates" to be set to?
antares_: like LogStash::Input::Rabbitmq.new("codec" => ...) fails?