elk

问题 I'm writing a kibana plugin and a logstash pipeline. For my tests, I just wrote a logstash input like that: input { beats { port => 9600 ssl => false ssl_verify_mode => "none" } } But when I try to open a connection with node (code above): invoke = (parameters, id, port, host) => { var fs = require('fs'); console.log(`Sending message in beats, host= ${host}, port= ${port}, message= ${parameters.message}`); var connectionOptions = { host: host, port: port }; var client = lumberjack.client

问题 Need help constructing an ES query. Here's an example of the raw JSON of the documents: { "user_uuid": 1234, "keywords": "apple", "@timestamp": "2020-01-15", }, { "uuid": 1234, "keywords": "google", "@timestamp": "2020-01-21", }, { "uuid": 9876, "keywords": "youtube", "@timestamp": "2020-01-25", } Here is an example requirement: { "search_groups":[ { "keywords": [ "google", "microsoft", "tesla" ], "time_range": 2020-01-17 - 2020-01-22 }, { "keywords": [ "apple", "youtube", "spotify" ], "time

问题 I have installed ELK stack version 7.0.0 on my CentOS7 VM and I faced with an issue during Logstash service start: [ERROR] 2019-05-13 08:21:37.359 [Converge PipelineAction::Create] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"MultiJson::ParseError", :message=>"JrJackson::ParseError", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/multi_json-1.13.1/lib/multi_json/adapter.rb:20:in load'", "/usr/share/logstash/vendor

问题 I have index mapping like below: { "mapping": { "properties": { "MyMapProperty": { "type": "nested", "properties": { "first": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "second": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, } }, "SecondProperty": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ThirdProperty": { "type": "text", "fields": { "keyword": { "type":

问题 I got alert stating elasticsearch has 2 unassigned shards. I made below api calls to gather more details. curl -s http://localhost:9200/_cluster/allocation/explain | python -m json.tool Output below "allocate_explanation": "cannot allocate because allocation is not permitted to any of the nodes", "can_allocate": "no", "current_state": "unassigned", "index": "docs_0_1603929645264", "node_allocation_decisions": [ { "deciders": [ { "decider": "max_retry", "decision": "NO", "explanation": "shard

问题 I got alert stating elasticsearch has 2 unassigned shards. I made below api calls to gather more details. curl -s http://localhost:9200/_cluster/allocation/explain | python -m json.tool Output below "allocate_explanation": "cannot allocate because allocation is not permitted to any of the nodes", "can_allocate": "no", "current_state": "unassigned", "index": "docs_0_1603929645264", "node_allocation_decisions": [ { "deciders": [ { "decider": "max_retry", "decision": "NO", "explanation": "shard

问题 How can I do Bucket Sort in composite Aggregation? I need to do Composite Aggregation with Bucket sort. I have tried Sort with aggregation. I have tried composite aggregation. 回答1: I think this question, is in continuation to your previous question, so considered the same use case You need to use Bucket sort aggregation that is a parent pipeline aggregation which sorts the buckets of its parent multi-bucket aggregation. And please refer to this documentation on composite aggregation to know

问题 How can I do Bucket Sort in composite Aggregation? I need to do Composite Aggregation with Bucket sort. I have tried Sort with aggregation. I have tried composite aggregation. 回答1: I think this question, is in continuation to your previous question, so considered the same use case You need to use Bucket sort aggregation that is a parent pipeline aggregation which sorts the buckets of its parent multi-bucket aggregation. And please refer to this documentation on composite aggregation to know

问题 I have use case where I need to get all unique user ids from Elasticsearch and it should be sorted by timestamp. What I'm using currently is composite term aggregation with sub aggregation which will return the latest timestamp. (I can't sort it in client side as it slow down the script) Sample data in elastic search { "_index": "logstash-2020.10.29", "_type": "doc", "_id": "L0Urc3UBttS_uoEtubDk", "_version": 1, "_score": null, "_source": { "@version": "1", "@timestamp": "2020-10-29T06:56:00

问题 I have use case where I need to get all unique user ids from Elasticsearch and it should be sorted by timestamp. What I'm using currently is composite term aggregation with sub aggregation which will return the latest timestamp. (I can't sort it in client side as it slow down the script) Sample data in elastic search { "_index": "logstash-2020.10.29", "_type": "doc", "_id": "L0Urc3UBttS_uoEtubDk", "_version": 1, "_score": null, "_source": { "@version": "1", "@timestamp": "2020-10-29T06:56:00