#logstash

Is there a way to prepend a string to every field when running through a filter?

Currently on 2.2, but I'll be upgrading to 5.2 in the next month or so

Hi, I'm looking for help with creating a Logstash v2.4.1 plugin. Is anyone on that can help?

Hi, I'm looking for some help with crating my own Logstash plugin ...

Has anyone done this for Logstash v2.4.1 ??

is it required to use PKCS12 keys with the logstash beats input?

looking back at some work i did a while ago, it appears i had to do this, but docs don't indicate this

should logstash have a health page I can check?

Not really.

how can I verify that logstash is actually logging the data I want

impermanence: Perhaps https://www.elastic.co/blog/how-to-check-logsta... is something for you?

<http://tinyurl.com/pbyygc7>; (at www.elastic.co)

oh so the logs sit in es shards...?

impermanence: Normally, people check that in e.g. Kibana.

right.

hence why I'm here because no searching in kibana seems to produce anything and of course the dev team doesn't know what they're logging, lol.

it's obviously my fault.

I feel a devRant coming on.

Is there a way to prepend a string to every field when running through a filter? Currently on 2.2, but I'll be upgrading to 5.2 in the next month or so

impermanence: In the ELK stack, you find Elasticsearch, Logstash and Kibana. Logstash receives and makes sense of log data, Elastic stores them, and Kibana visualizes them.

If nothing appears in Kibana, something's wrong somewhere in that stack.

(Or you're not even receiving data)

impermanence: ES apis can tell you things like the document count in ES (equal to log events, assuming no horrible bugs on your processing tier)

Checking that that number is non-zero and increasing is a good first step

if it is nonzero and increasing, and you can't find the logs, they could be going into the wrong index due to @timestamp being off

torrancew: we have a bunch of apps being stored in ES. I'm trying to figure out how to lock down, for sure, that *this* app is doing so.

logqueued.log says: I've got a service, I'm forwarding events to this LB over this port, etc etc

impermanence: if you're putting them in separate indexes, have you verified that the index is created and has stuff in it?

tgm4883: how can I find what indexes this particular app's data should be going to? es api?

impermanence: what does your logstash config look like for es?

tgm4883: I'll start there.

tgm4883: will that be on es or logstash box?

logstash

kk

impermanence: you should have an output config

tgm4883: logstash.yml?

apparently not

No, probably a file in /etc/logstash/conf.d/

impermanence: I don't think so? it's /etc/logstash/conf.d/ for us

yup

I see it.