#logstash

savant: thanks

thanks savant: hey the XDELETE fails when i try to clear out old indexes, any tips

stop the cluster, delete the files on disk, start the cluster

why does the delete fail

sounds like a question for #elasticsearch

savant: 'curl: (56) Recv failure: Connection reset by peer'

anyone facing - "Failed to tls handshake with xxxxxx x509: certificate signed by unknown authority" ?

in logstash-forwarder nodes logs

savant: i also have 2 dir /var/lib/elasticsearch/elasticsearch/nodes/0 and /var/lib/elasticsearch/logstash/ should i clear out both?

hey, my logstash has stopped receiving logs, i restarted logstash, elasticsearch, and redis. so far nothing has helped. logstash logs are clean, redis is spitting out "Can't save in background: fork: Cannot allocate memory"

theharshest: haven't fixed that yet, but should have something soon.

theharshest: re: cert issues, you might need to tell lsf about your CA

whack: what param for that?

ssl ca?

whack: I'm getting that issue after setting "ssl ca"

VanderH0ff: redis is your problem then. Have you enabled vm overcommit?

yeah, just did, that solved part of the problem

now im trying to get my ids logs back

if i run logstash from the commandline it works fine

but i dont see the new logs in kibana

theharshest: no idea, could be a bug, does your ssl ca file have all the chains for your CA?

hi friendly loggers

question

does https://github.com/elasticsearch/logstash-forwa... support delayed egress?

<http://tinyurl.com/odobhay>; (at github.com)

ie, if the remote logstash is down, will it wait until it comes back up and send everything properly?

yes

abestanw_: yes, that's one of the goals of the project (reliable transport)

Im still having an issue trouble shooting my problem, i have a security onion ids, it sends the logs to my elk box via logstash in a redis list, it is sending, but i dont see them in kibana

is there any logs i need to check

hi folks, how can i compile logstash-forwarder for arm-architecture?

glotzerhotze2014: https://code.google.com/p/go-wiki/wiki/GoArm

Title: GoArm - go-wiki - Using Go on ARM powered machines - Go Language Community Wiki - Google Project Hosting (at code.google.com)

do you want to cross-compile or just compile?

i just want to compile

on a sheevaplug running archlinux

the link looks promising

will try to get that going ;)

have not tried it myself but looks like ARM is supported

alright

stupid question i guess

installed go via pacman

got source via git

issued go build

works

thnx guys and shouts to those devs of this tool

havin’ much fun with it

argh

is there a way to make sure redis is getting data from logstash

POST,POST,POST,POST,POST,POST,POST,POST,POST,POST,POST,POST,POST

I gotta loop in here somehow

thematthewgreen: I think I just confirmed that the looping is the source of my runaway elasticsearch

VanderH0ff: "make sure" ? Logstash won't intentionally drop data if redis is down

VanderH0ff: so if you are wondering if data is making it into Redis, you can simply ask redis.

whack, thank you

Hi all, does anybody uses other charset than utf8?