RichardBronosky · November 19, 2011 06:28
diff --git a/backfill.sh b/backfill.sh
 # A few oneliners to backfill the logstash with logs from all the apache servers
 # (there server is running in a screen session in my home directory on "django apache admin 1" aka: djaapaadm1)
 # Try searching for error at http://djaapaadm1.ddtc.cmgdigital.com:9292/

 # backfill access logs to the listen on port 9293
 for n in {1..10}; do ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no djaapaprd$n.ddtc.cmgdigital.com 'tail -n 10000 /localfs/httpd/logs/*-access_log' | sed '/^$/d;/^==> /d'; done | pv | nc djaapaadm1.ddtc.cmgdigital.com 9293

 # backfill error logs to the listen on port 9294
 for n in {1..10}; do ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no djaapaprd$n.ddtc.cmgdigital.com 'tail -n 10000 /localfs/httpd/logs/*-error_log' | sed '/^$/d;/^==> /d'; done | pv | nc djaapaadm1.ddtc.cmgdigital.com 9294
diff --git a/logstash-setup.sh b/logstash-setup.sh
 # Perform this setup with a simple oneliner:
 # curl -O https://raw.github.com/gist/1378536/logstash-setup.sh ; . logstash-setup.sh

 curl -O http://semicomplete.com/files/logstash/logstash-1.0.17-monolithic.jar
 curl -O https://raw.github.com/gist/1378536/logstash.conf
 curl -O https://raw.github.com/gist/1378536/logstash.sh
 chmod +x logstash.sh
 curl -O https://raw.github.com/gist/1378536/backfill.sh
 chmod +x backfill.sh

 cat << EOF
 You can start the logstash server with:
    ./logstash.sh

 You can backfill the logstash with:
    ./backfill.sh
 EOF
diff --git a/logstash.conf b/logstash.conf
 input {
  tcp {
    type => "apache-access"
    port => 9293
  }

  tcp {
    type => "apache-error"
    port => 9294
  }
 }

 output {
  # Emit events to stdout for easy debugging of what is going through
  # logstash.
  stdout { }

  # This will use elasticsearch to store your logs.
  # The 'embedded' option will cause logstash to run the elasticsearch
  # server in the same process, so you don't have to worry about
  # how to download, configure, or run elasticsearch!
  elasticsearch { embedded => true }
 }
diff --git a/logstash.sh b/logstash.sh
 cat << EOF
 Starting server at...
 http://$(hostname):9292/

 EOF

 java -jar logstash-1.0.17-monolithic.jar agent -f logstash.conf -- web --backend elasticsearch:///?local
	# A few oneliners to backfill the logstash with logs from all the apache servers
	# (there server is running in a screen session in my home directory on "django apache admin 1" aka: djaapaadm1)
	# Try searching for error at http://djaapaadm1.ddtc.cmgdigital.com:9292/

	# backfill access logs to the listen on port 9293
	for n in {1..10}; do ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no djaapaprd$n.ddtc.cmgdigital.com 'tail -n 10000 /localfs/httpd/logs/*-access_log' \| sed '/^$/d;/^==> /d'; done \| pv \| nc djaapaadm1.ddtc.cmgdigital.com 9293

	# backfill error logs to the listen on port 9294
	for n in {1..10}; do ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no djaapaprd$n.ddtc.cmgdigital.com 'tail -n 10000 /localfs/httpd/logs/*-error_log' \| sed '/^$/d;/^==> /d'; done \| pv \| nc djaapaadm1.ddtc.cmgdigital.com 9294
	# Perform this setup with a simple oneliner:
	# curl -O https://raw.github.com/gist/1378536/logstash-setup.sh ; . logstash-setup.sh

	curl -O http://semicomplete.com/files/logstash/logstash-1.0.17-monolithic.jar
	curl -O https://raw.github.com/gist/1378536/logstash.conf
	curl -O https://raw.github.com/gist/1378536/logstash.sh
	chmod +x logstash.sh
	curl -O https://raw.github.com/gist/1378536/backfill.sh
	chmod +x backfill.sh

	cat << EOF
	You can start the logstash server with:
	./logstash.sh

	You can backfill the logstash with:
	./backfill.sh
	EOF
	input {
	tcp {
	type => "apache-access"
	port => 9293
	}

	tcp {
	type => "apache-error"
	port => 9294
	}
	}

	output {
	# Emit events to stdout for easy debugging of what is going through
	# logstash.
	stdout { }

	# This will use elasticsearch to store your logs.
	# The 'embedded' option will cause logstash to run the elasticsearch
	# server in the same process, so you don't have to worry about
	# how to download, configure, or run elasticsearch!
	elasticsearch { embedded => true }
	}
	cat << EOF
	Starting server at...
	http://$(hostname):9292/

	EOF

	java -jar logstash-1.0.17-monolithic.jar agent -f logstash.conf -- web --backend elasticsearch:///?local