BlackMaria
/ Makefile.sh
Created
May 7, 2013 15:16
This is an example of the Makefile that I am using. I have git bits, auto dl of logstash if required version. AND this can build packages too. But you need a spec file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################################## | |
| # DEFAULTS FOR TESTING | |
| ########################################## | |
| # | |
| # First we set our defaults for our config tests | |
| # We have been testing with logstash monolithic 1.1.9 | |
| # When testing the default is "-v" but you can try "make indexer LSFLAGS=--v" etc... | |
| # We are using monolithic, unless we can work with the flatjar then use "make indexer LSTYPE=flatjar " | |
| # | |
| LSVERS=1.1.9 |
BlackMaria
/ logstash_debug_input.cf
Created
May 7, 2013 14:07
Beast practice :) Since it takes so long for the monolithic logstash jar to start, I have started to add a back door in to all of my log stash configs. The following example shows me using a file in temp as a backdoor. If tcp 6501 seems off, I can dump data into the temp file to prove that the processing is still working, then we can diagnose th…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input{ | |
| file { | |
| type => "custom_logger" | |
| format => plain | |
| path => "/tmp/debug_ls_input" | |
| tags => [ "debug","no_alert" ] | |
| } | |
| tcp { | |
| type => "custom_logger" | |
| format => "plain" |
BlackMaria
/ logstash2sql.sh
Last active
December 17, 2015 01:59
The following is an example of how one could send logs to mysql. If you have specific logs that you want to save in an SQL for some odd reason ( eg: you work for an old company that goes about things in archaic ways ).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- NB '%{@type}' must be the same as table_name | |
| -- create database logstash; | |
| CREATE TABLE table_name ( | |
| table_name_id int(8) unsigned NOT NULL AUTO_INCREMENT, | |
| logtime datetime DEFAULT NULL, | |
| tags varchar(255) DEFAULT NULL, | |
| message varchar(255) DEFAULT NULL, | |
| PRIMARY KEY (table_name_id) | |
| ); |
BlackMaria
/ xmmp_logstash_example.cf
Last active
November 25, 2021 17:38
An example of using the jabber/xmpp output of Logstash. 1) Here I send messages that are trapped by grep and tagged "warn_me" to the the sorry sod that is on call. 2) If I get an alert from my monitoring system, I dump a list of all urls/systems that have gone from good to !good in the last 15 minutes. ( limit 20 and order by importance ). This …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| output { | |
| # <SNIP> other outputs <SNIP> | |
| # | |
| # Ping me if anything is about to explode, or if any important massage pass by | |
| # | |
| xmpp { | |
| tags => 'warn_me' | |
| host => "ejabberd.example.io" | |
| message => "time='%{@timestamp}', host='%{@source_host}', tags='%{@tags}',path='%{@source_path}', type='%{@type}', field='%{@fields}' message='%{@message}'," |
NewerOlder