Skip to content

Instantly share code, notes, and snippets.

View inqueue's full-sized avatar

Jason Bryan inqueue

12 followers · 7 following
View GitHub Profile
@inqueue
inqueue / strip_passwords.json
Created February 9, 2017 18:55
Elasticsearch: Update by query example to strip passwords
DELETE security-logs
POST security-logs/event/_bulk
{"index":{}}
{ "event": "login", "user": "aardvark", "password": "squishy"}
{"index":{}}
{ "event": "login", "user": "squishy", "password": "aardvark"}
{"index":{}}
{ "event": "access", "application": "nginx", "ip": "10.1.1.1"}
@inqueue
inqueue / openssl_commands.sh
Created April 27, 2017 14:53
openssl commands that will help you in a pinch
### Checking and verification ###
# Check a certificate signing requested
openssl req -text -noout -verify -in node_sign_request.csr
# Check a private key
openssl rsa -in node.key -check
# Check a certificate
openssl x509 -in node.crt -text -noout
@inqueue
inqueue / purge_indices.json
Created August 3, 2017 21:22
Watcher (v5.5.1): Look for indices to purge every 24h with @timestamp older than 2 days
PUT _xpack/watcher/watch/purge_indices
{
"trigger": {
"schedule": {
"interval": "24h"
}
},
"input": {
"search": {
"request": {
@inqueue
inqueue / keybase.md
Created October 5, 2017 22:09

Keybase proof

I hereby claim:

  • I am inqueue on github.
  • I am inqueue (https://keybase.io/inqueue) on keybase.
  • I have a public key ASCyxhhPiLRhxf3PE5riVWdmlA82DFGNxDBt-AtVgdoDzQo

To claim this, I am signing this object:

@inqueue
inqueue / gist:cd6f43cc438dd0fa9758c05cda5e46fa
Created November 10, 2017 18:51
PUT names
{
"settings": {
"analysis": {
"analyzer": {
"my_analyzer": {
"tokenizer": "my_tokenizer"
}
},
"tokenizer": {
@inqueue
inqueue / elastic-pi.md
Last active January 15, 2018 02:17 — forked from andig/elastic-pi.md

Installing elastic beats on Raspberry Pi

At time of writing elastic.co does not provide ARM builds for raspberry. This tutorial describes how to compile e.g. filebeat and run in on Raspberry Pi3.

Prerequisites

You'll need Go (>1.8) and Pyhton with virtualenv.

Go 1.8

@inqueue
inqueue / purge_indices.md
Created February 6, 2018 16:42

PUT _xpack/watcher/watch/purge_indices

{
  "trigger": {
    "schedule": {
      "interval": "24h"
    }
  },
  "input": {
    "search": {
@inqueue
inqueue / count_buckets.http
Created May 8, 2018 15:42
Counting histogram buckets
POST metricbeat/_search
{
"size": 0,
"aggs": {
"date_histo": {
"date_histogram": {
"field": "@timestamp",
"interval": "day"
}
},
@inqueue
inqueue / fix_stuck_kibana.md
Last active November 15, 2018 20:48
Steps to recover Kibana with failed 6.5.0 upgrade

Fixes this error when starting Kibana 6.5.0 when Security is enabled and using the default kibana user.

log   [17:58:17.221] [error][status][plugin:[email protected]] Status changed from yellow to red - action [indices:data/read/get] is unauthorized for user [kibana]: [security_exception] action [indices:data/read/get] is unauthorized for user [kibana]
 error  [17:58:17.227] [fatal][root] [security_exception] action [indices:data/read/get] is unauthorized for user [kibana] :: {"path":"/_tasks/09ge3Z3xQliEfF18KTiZ5Q%3A305","query":{},"statusCode":403,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/get] is unauthorized for user [kibana]\"}],\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/get] is unauthorized for user [kibana]\"},\"status\":403}"}
    at respond (/Users/jbryan/stack/6.4/kibana-6.5.0-darwin-x86_64-kibana_issue/node_modules/elasticsearch/src/lib/transport.js:308:15)
    at checkRespForFailure (/Users/jbryan/sta
@inqueue
inqueue / elasticsearch.yml
Created March 26, 2019 19:34
X-Pack transport TLS sample configuration
xpack.security:
enabled: true
http:
ssl:
enabled: false
transport:
ssl:
enabled: true
key: /etc/elasticsearch/${HOSTNAME}/${HOSTNAME}.key
certificate: /etc/elasticsearch/${HOSTNAME}/${HOSTNAME}.crt