#logstash

If I have two redis brokers and 3 es nodes, how do I configure the broker/indexers to "round robin" to the 3 ES nodes?

If I have two redis brokers and 3 es nodes, how do I configure the broker/indexers to "round robin" to the 3 ES nodes, since the elasticsearch output does not accept a list of host(s), do I have to run 3 instances of logstash? one for each node?

efontana - Multicast or Unicast?

i should also say i'm using the output: elasticsearch_http, the ES nodes are configured Unicast

specifically: http://pastebin.com/MLd1B0hh

Title: ### MANAGED BY PUPPET ### --- cluster: name: testcluster discovery: zen: - Pastebin.com (at pastebin.com)

are your redis brokers also your LS indexers?

yes

i have two redis brokers

each running a logstash indexer

I would make your redis brokers master nodes for ES and make your 3 current ES nodes data nodes only

hi

then configure your redis brokers as master nodes for ES cluster and point your ES output for LS to localhost

then let ES load balance everything for you

when i use syslog as input and elasticsearch as output, the timestamp and @timestamp keys are how correlated? timestamp is from syslog message and @timestamp is "time of arrival" ? or is it parsed from the timestamp key from syslog ?

or put an HAProxy load balancer out in front of everything

your saying run ES on the broker nodes? configure them both as "Masters" let the indexers write to the local ES, then use the current 3 nodes as "Data" nodes (also to serve Kibana)

you got it

wow; I actaully understood that. Thanks' I'm new

efontana - http://everythingshouldbevirtual.com/highly-ava...

<http://tinyurl.com/o2c9vvt>; (at everythingshouldbevirtual.com)

efontana - http://everythingshouldbevirtual.com/highly-ava...

<http://tinyurl.com/pt4r7rr>; (at everythingshouldbevirtual.com)

ooo blob posts i like blob posts

Hello, I am seeing kind of strange output trying to plot a histogram chart in Kibana

Oops! ClassCastException

I am trying to show a mean value on the field, which I recently marked float in grok, I am filtering by only recent issues.

ouch, sorry for grammar

where should I dig deeper?

where do i get YAML MIB maps, that are needed for the snmp input of logstash ?

Looks like you can't build a histogram over a field which has at least one element which has an impropert data type, even if it is filtered out

Hi

I trying to use patterns_dir...

but i got some problems

Is the @timestamp field able to be changed to the time listed in a log message?

tempName: try filter date

Any idea why this doesn't work? date { match => [ "timestamp", "yyyy-MM-dd HH:mm:ss,SSS" ] } On this: 2014-01-31 08:23:47,061 INFO ...

Any recommended resources explaining how to tune/optimize ELK? (here: logstash w/ input syslog -> redis -> logstash w/ filters -> elasticsearch)

date filter requires you have the timestamp text by itself in a string