#logstash

http://pastebin.com/zqE33i5m I thought I had this problem solved a few hours ago, but my solution just stopped working for no apparent reason. This is a filter using ruby plugin that takes the incrementing values for network interface status and adds a field that shows the difference in packets/octets/errors between each event. I'd appreciate any feedback about how I can do this better - thanks!

Title: filter { if [type] == 'syslog' { grok { match => ["message","sysl - Pastebin.com (at pastebin.com)

any word on when 1.5 will move beyond RC?

Just watched your Logstash introduction, whack, very good!

PuppetConf '12 that is.

whack: are you about?

or anyone who can tell me about transport protocol with sniffing enabled?

Just watched the Logstash 0-60 webinar, just had a question on best practices for making logs accessible once in Elasticsearch via Kibana

Say I'm loading in logs for 300 web/console applications and want to make them more readily-available towards ~15-25 different teams that support those applications

Is the best way to identify the app when indexing and toss them into their own indexes within elasticsearch?

Knuit: IMO that depends on how big the indexes will be - keeping in mind that more indexes require more RAM

having an unnecessary number of indexes isn't a great idea

you could tag them appropriately, put them in one index and use filtered aliases

<http://tinyurl.com/q2wa5ud>; (at www.elastic.co)

BaM`: Thanks, hadn't come across that yet, that should work perfectly

np