Skip to content

Instantly share code, notes, and snippets.

View yaauie's full-sized avatar

Rye Biesemeyer yaauie

131 followers · 3 following
View GitHub Profile
@yaauie
yaauie / determine-field-type.logstash-filter-ruby.rb
Created December 15, 2022 01:30
###############################################################################
# determine-field-type.logstash-filter-ruby.rb
# ---------------------------------
# A script for a Logstash Ruby Filter to determine a field's type
###############################################################################
#
# Copyright 2022 Ry Biesemeyer
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@yaauie
yaauie / unicode-and-control-chars.txt
Created December 5, 2022 19:53
literal: 👍
u-encoded: \u001c\u{1F44D}
inspected: "\u001C👍"
dumped: "\x1C\u{1F44D}"
json-encoced: "\u001c👍"
@yaauie
yaauie / listup
Last active October 6, 2022 22:36
#!/bin/sh
#
# Utility for determining why we cannot list the
# contents of a deeply-nested directory.
#
# Usage:
# listup.sh /deeply/nested/path
#
##############################################################################
# Copyright 2022 Ry Biesemeyer
@yaauie
yaauie / flatten-structure.logstash-filter-ruby.rb
Created September 13, 2022 01:31
Flatten all or part of a Logstash event, in-place or targeted, optionally destructively
###############################################################################
# flatten-structure.logstash-filter-ruby.rb
# ---------------------------------
# A script for a Logstash Ruby Filter to flatten a nested structure to produce
# flat structure whose keys are the paths of the previous structure
###############################################################################
#
# Copyright 2022 Ry Biesemeyer
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
@yaauie
yaauie / logstash-to-logstash-over-http.md
Created September 6, 2022 15:30
2022 high-level docs for logstash-to-logstash using the HTTP input/output pair

We have had some success using LS-to-LS over HTTP(S), which supports an HTTP(s) Load Balancer or Proxy in the middle, and can be secured with TLS/SSL. It can be made to be quite performant, but doing so requires some specific tuning.

Upstream (HTTP Output)

The upstream pipelie would contain a single HTTP output plugin aimed either directly at a downstream Logstash or at a Load Balancer, importantly configured with:

  • format => json_batch (for performance; without this one event will be sent at a time) and
  • retry_non_idempotent => true (for resilience; without this, some failures cannot be safely retried).

Depending on whether we ar sending directly to another Logstash or through an SSL-terminating Load Balancer or proxy, the output may need to be configured

  • with HTTP Basic credentials (user/password),
@yaauie
yaauie / org.logstash.instrument.metrics.timer.ExecutionTimer.java
Created August 30, 2022 20:41
ExecutionTimer for getting the cumulative execution time including in-progress execution.
package org.logstash.instrument.metrics.timer;
import org.logstash.instrument.metrics.AbstractMetric;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.LongSupplier;
import java.util.function.Supplier;
/**
@yaauie
yaauie / replace-with-serialzied.logstash-filter-ruby.rb
Last active April 26, 2022 06:56
Logstash Ruby Filter script to replace a structured event's data with a single field containing a JSON-serialized string representing the same data.
###############################################################################
# replace-with-serialzied.logstash-filter-ruby.rb
# ---------------------------------
# A script for a Logstash Ruby Filter to replace the event's contents with a
# single field containing a string JSON-encoded representation of the event.
#
# This filter _MUTATES_ the event, removing all DATA-keys while leaving METADATA
# in-tact.
#
###############################################################################
@yaauie
yaauie / README.md
Last active April 25, 2022 06:09

The included apply-template.rb provides a way generate Logstash config fragments from a shared template.

This can be useful for shared verbose configuration that is shared across multiple pipelines.

For example, if we are using multiple pipelines with pipelines.yml

 - pipeline.id: one
   path.config: "${LOGSTASH_HOME}/pipelines/one/*.conf"
 - pipeline.id: two
@yaauie
yaauie / JRUBY.out
Created February 16, 2022 18:23
Reproduction demonstrating a difference in behaviour between MRI and JRuby for keyword arg splats of aliased methods, as discovered in Sinatra 2.2.0
╭─{ yaauie@limbo:~/src/elastic/ls (✔ 8.0) }
╰─● (rbenv shell jruby-9.2.19.0; ruby kwargs-splat.rb)
ArgumentError: wrong number of arguments calling `initialize` (given 1, expected 0)
new at kwargs-splat.rb:7
<main> at kwargs-splat.rb:17
( rbenv shell jruby-9.2.19.0; ruby kwargs-splat.rb; ) 9.23s user 0.53s system 405% cpu 2.412 total
[error: 1]
@yaauie
yaauie / json-sanitize-field-names.logstash-filter-ruby.rb
Last active December 8, 2021 22:56
###############################################################################
# json-sanitize-field-names.logstash-filter-ruby.rb
# ---------------------------------
# A script for a Logstash Ruby Filter to transform a JSON string so that the
# resulting JSON string's decoded representation does not contain square
# brackets in keys.
#
# This filter does NOT parse the JSON string into an Object, and has undefined
# behaviour when the string is not valid JSON.
#