with logstash and elasticsearch, how do i test if the logs i am sending to logstash are making their way in to elastic search?
_maes_ has quit
kevind has quit
kevind_ is now known as kevind
eper has quit
spulec has quit
Lorax
asc_: turn on the built in web interface from the logstash jar, or use curl to make a query. check the getting started guides on the logstash site under docs.
ehthayer has quit
reloaded has quit
bah, my first attempt to rid myself of warnings failed.
kjstone00 joined the channel
ehthayer joined the channel
nemish
`rpm
logstashbot
nemish: Error: "rpm" is not a valid command.
nemish
`packages
logstashbot
nemish: Error: "packages" is not a valid command.
nemish
`help
logstashbot
nemish: help [<plugin>] [<command>]
koendc has quit
gbrown has quit
jaimeg5002 has quit
kaspergrubbe has quit
kjstone00 has quit
secti has quit
dpippen1 joined the channel
dpippen has quit
DaveANI has quit
artbikes joined the channel
jaimeg5002 joined the channel
kmscherer_ is now known as kmscherer
jaimeg5002 has quit
ehthayer has quit
semiosis
nemish: what are you trying to do?
with logstashbot
nemish
semiosis: i figured it out... was trying to find instructions for how to build rpm from source... but figured it out
whitefinch: I did logstash behind haproxy with traditional rsyslog in tcp instead
kevind has quit
kevind joined the channel
ehthayer has quit
stonHu- has quit
ehthayer joined the channel
stonHu joined the channel
freezey has quit
wolstena joined the channel
adepasquale has quit
pablo__ has quit
ksclarke1 joined the channel
ksclarke1 has quit
ksclarke1 joined the channel
ksclarke has quit
DaveANI joined the channel
ksclarke1 is now known as ksclarke
datenbrille1 has quit
_lechuck_ has quit
AlBundy
mfn: oh sorry to hear that. Luckily it works for me with 1.2.0, I got the malformed UTF-8 since I upgraded to 1.2.1
nemish
can anyone do a conditional for \?
matanya has quit
if [user] =~ /\\// { }
i can't get it to work
nmische has quit
rashidkpc: i know we spoke about splitting up username from DOMAIN\user... what's the easiest way to do this? using split makes an array rather than domain and user field?
chrisgilmerproj1 joined the channel
smr42 joined the channel
DaveANI has quit
freezey joined the channel
torqu3e joined the channel
smr42 has left the channel
eper joined the channel
rashidkpc
nemish: you could probably then use mutate to put them in individual fields
dpippen joined the channel
kjstone00 has quit
law_ is now known as law
nemish
rashidkpc: okay but how do you call array parts? so user gets converted to user[0] and user[1] where user[0] is domain from what you are saying... how do you use mutate to say add_field => ["domain", %{user[0]}" ]
gowen
Is there a good guide to upgrade logstash server from 1.1.13 to 1.2.1?
_kubes has quit
I am using kibana3, and I lost all my data once I started 1.2.1
ehaselwanter has quit
khushildep has quit
Irioth
gown: what do you mean, you lost all your data? your data in elasticsearch was lost?
dartsman1 has quit
rashidkpc
nemish: good question, you could also use grok instead of split
Irioth
gowen: sorry, spell checker keeps correcting your name