#logstash

dont have a flowchart tool readily available. I have two logstash nodes. Both have their own elasticsearch. One of them is a new deployment, and the other is the one we have had in prod since the beginning of time. On the old one i have a traffic that sits in front of logstash that load balances between the three gelf ports and also forwards all the packets coming in over to the new logstash.

*i have a traffic script*

ddoberloh: ok, i think i get the picture now

and the one that crash is the new one, right?

yes

but also the versions on the old one is REALLY old.

logstash 1.4.0

looks like this is a stop gap pull request that you need https://github.com/logstash-plugins/logstash-in...

how would i get that installed?

you should be able to build from source from https://github.com/cassianoleal/logstash-input-...

the instruction should be there

until the pull request got merge into master branch on the official repo

ok

ill try that and let you know if it works.

that worked! thanks

hoover_damm: like a heatmap of raw values like this: http://epochjs.github.io/epoch/real-time/#heatmap

that whole lib is great, actually

maybe something with timelion can do it

When running logstash in stdin/stdout mode, how can I print out the rule set the input is being parsed against, or the set of files that were examined to make that decision?

Is there a rule of thumb on how many QPS I should be able to get with LS ? I'm producing json logs sending them to LS via filebeat and I'm not able to ingest in real time my logs but I can't tell if the issue is LS ES or something else

is there a way to make a whole event a field to update/upsert ?

like add_field => { "doc1" => "%{event}" }

would it be like "%{}" ?

why do you need to do that jazo, just store the other document?

i need to store the new event as part of a field in an existing document

i might need to do this in ruby

just not sure