Anyone know of options for indexing my logs different ways in MongoDB? I'm using the output plugin that ships with logstash, but I don't see any options for building different types of indexes.
ggoZ has quit
lostcuaz joined the channel
Hebo joined the channel
semiosis
_jc: why mongo? go with the flow (elasticsearch) imho
xBabyJesus has quit
snaker has quit
snaker joined the channel
scharf has quit
scharf joined the channel
kireevco has left the channel
scharf has quit
jrussell has quit
jrussell joined the channel
bradgignac joined the channel
_jc
semiosis: I agree ES is awesome, but I need a database, not just a distributed text search engine (ie lucene). I need to build some custom indexes in mongo to support queries for my application.
cakirke joined the channel
I'm consdering writing my own python etl scripts to load into mongo and build the indexes I need. Let logstash deliver the logs, and then process/insert them into the db using my scripts. Want to make sure there isn't a better way before I go down this road.
Bastux has quit
snaker has quit
Hebo has quit
tchiang has quit
semiosis
_jc: maybe i just dont see the distinction between "a distributed text search engine" and a database
_jc: wish i could be more help but i gave up on mongo about a day into it :/
michaelhart has quit
too hard to justify adding more moving parts to my infrastructure.
chrisgilmerproj joined the channel
Randm
also.. mongodb.
gestrella joined the channel
olli1 joined the channel
_jc
semiosis I would really like to leverage mongos aggregation/map-reduce capabilities to build indexes. I plan to use both mongo and ES. Interesting writeup on SO -- http://stackoverflow.com/questions/12723239/ela...
_jc: so are you going to be polling the DB for new events that match a query?
wbill has quit
hazzadous joined the channel
_jc: if you could try explaining your goal maybe someone will have an idea
asking about mongo indexes might be a bit too specific for this channel on a friday night
hazzadous has quit
manos
volter: It was the JDK after all. I uninstalled openjdk, installed the Oracle JDK (the new version 8) and logstash is now running and not exiting. I'll proceed from here trying to get a working configuration. Where's the best place to let the maintainers know there's a possible issue with openjdk and logstash-forwarder/lumberjack?
gster joined the channel
semiosis
manos: irc is always a good first stop for reporting bugs. the right answer though is ,,(jira)
manos: do you have error/output from the "exiting" on openjdk?
i'd like to take a look
_jc
seanhagen yeah, would like to use mongo as my "store" for all events, and build indexes (example aggregated reports for entities in logs, like an ip address). Would also use ES for text searches of the logs.
manos
yes, it's earlier in this channel
pastebins
semiosis scrolls back
_jc
semiosis yeah, sorry .. the mongo channel is dead. :)
semiosis
_jc: no worries, just sayin you might have better luck here during daylight in CA, US
manos
semiosis: Today's channel starting with my appearance contains pretty much the entire issue as I know it. I provided my config file, commands for generating certs, and the debug output when attempting to run logstash with lumberjack on openjdk
Title: Logs for #logstash | BotBot.me [o__o] (at botbot.me)
semiosis
thanks!
gster has quit
azneita joined the channel
spuder joined the channel
colinsurprenant has quit
manos: would've been better if you had used 'agent -v -v' to get debug output. if it's convenient could you do that now?
if not, no big deal
hazzadous joined the channel
manos
Sorry, I've already uninstalled openjdk and installed Oracle JDK. I only have an hour or so to spend before I need to call it quits and I've got to figure out the Windows side of sending logs.
semiosis
ok no sweat
colinsurprenant joined the channel
spuder has quit
manos: do you know/recall: what version of logstash? what version of JDK?
Title: [LOGSTASH-2069] logstash exits with signed fields invalid using openjdk and lumberjack with tls/ssl certs - logstash.jira.com (at logstash.jira.com)
scharf joined the channel
manos
Hmm. I think I have a false positive.
crud. I commented out the ssl lines.
semiosis
hah
manos
rather, I commented out all the lumberjack stuff
I was trying to get back to a simple config and build up from there.
semiosis
that'll fix it
manos
Guess I'll be amending my jira report :(
semiosis
just make a point about following the simple readme instructions & failing. whack hates it when that happens to newbies.
manos
Ok, I'm getting the same error.
I just edited my jira ticket to indicate I'm getting the same error.
Mariano has quit
semiosis: are you testing on CentOS?
semiosis
hell no
i mean, i'm all for centos, as long as other people are using it, not me