elastic-stack

问题 I wish to update my ES version from 2.3 to 5.0.0-alpha4 to be able to use Ingest nodes and remove Logstash out of the question. But it seems ES 5.x version won't start without me setting vm.max_map_count to 262144. I don't want to set that value..I am okay with default value 65530. Can anyone guide me how to get ES 5.x started without tampering memory settings at all. I don't have access to root user on the host on which i wish to install ES. Error: java.lang.UnsupportedOperationException:

问题 Logstash doesn't seem to read path with wildcard here is my config file input { file { path => "C:\logs\app*.log" type => "MyType" } } filter { } output { elasticsearch { } } 回答1: I was able to resolve this issue by replacing the backslash with slash. C:/logs/app*.log 回答2: Just in case someone needs it, when using wildcard (*) with logstash in windows operating system, use forward slash (/) instead of back slash (\). Following is the detail of the issue https://github.com/cityindex-attic

问题 I have set up ELK stack and following type of JSON is getting stored in elasticsearch(following JSON is copied from Kibana UI). Now I want to display Vertical bar chart which will have Top 5 "hostname" when "action" is equal to "passthrough" { "_index": "logstash-2016.06.16", "_type": "utm", "_id": "AVVaFcaB7mNsx5uOb1-_", "_score": null, "_source": { "message": "<190>date=2016-06-16 time=22:10:26 hostname=\"googleads.g.doubleclick.net\" profile=\"Software_Dept\" action=passthrough", "@version

问题 I have log lines loaded in ElasticSearch which has the data scattered in multiple events, say event_id is in event (line) number 5 and event_action is available in event number 88, further event_port information is available in event number 455. How can i extract this data so that my output looks like following. For this case multiline codec will not work. { event_id: 1223 event_action: "socket_open" event_port: 76654 } Currently I have the log files persisted so i can get the file path from

问题 I am current trying to do a JavaScript post to Logstash by using a tcp input. JavaScript Post xhr = new XMLHttpRequest(); var url = "http://localhost:5043"; xhr.open("POST", url, true); xhr.setRequestHeader("Content-type", "application/json"); var data = JSON.stringify({"test" : hello}); xhr.send(data); Logstash config file input { tcp { port => 5043 } } filter{ } output { stdout { codec => rubydebug } } Output in console { "message" => "OPTIONS / HTTP/1.1\r", "@version" => "1", "@timestamp"

问题 like in this question, I am trying to index some data to elasticsearch using redis and logstash. I'm positive I am writing the data coreectly to redis, and have successfully written to ES using a mock hardcoded index. using the question linked above, I've tried the following output config: output { elasticsearch { hosts => "localhost:9200" index => "${index}" type => "${type}" } } when index is a field in my redis data. it seems the example I found uses type defined in logstash input stage

问题 I'm new to the ELK stack so I'm not sure what the problem is. I have a configuration file (see screenshot, it's based on the elasticsearch tutorial): Configuration File Logstash is able to read the logs (it says Pipeline main started) but when the configuration file is run, elasticsearch doesn't react. I can search through the files However, when I open Kibana, it says no results found. I checked and made sure that my range is the full day. Any help would be appreciated! 来源： https:/

问题 I set up ELK stack and filebeat with my ELK node as a RedHat server following the digitalocean tutorial. Kibana is up and running, but I dont see any logstash indexes when I go to configure an index pattern as logstash-*: Unable to fetch mapping. Do you have any indices matching the pattern? When I do a curl to see the indexes I have, they are only filebeat indexes. Filebeat should be pushing data to logstash which is listening on 5044 $curl 'localhost:9200/_cat/indices?v' health status index

问题 I have a Lambda function in AWS which reports logs to an ELK instance. Each invocation of the lambda function generates a unique invocation_id that is sent with every log event, so the events from a single invocation can be identified in ELK. At the end of the operation, I send a "Done" event. A Lambda function can fail, or timeout, and then the "Done" event is not sent. I want to use the logstash aggregate filter to identify the failed invocations. Meaning - each invocation_id will be a task

问题 I've gone through this particular ticket, which pretty much talks about adding a threshold line, to a line graph . In my case, I'm having a bar graph like this where I need to have a threshold, lets say for example in the above graph itself I should be able to show the difference in each and every bar. In other words as per the above graph, it's displaying the sum of chargeamount according to the filter I've given. What I need to do is, to show the difference using a color in the same bar