1. Query all records from Elasticsearch
curl -XGET "http://localhost:9200/logstash-*/_search?size=50&pretty"
http://stackoverflow.com/a/38874465/2177408
2. Run logstash
/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf
3. Linux 命令(netstat,ps,kill)
On Linux (Ubuntu derivatives at least) killall node is easier than this form. ps | grep <something> kill <somepid> Neither will work if you have a orphaned child holding the port. Instead,do this: netstat -punta | grep <port> If the port is being held you'll see something like this: tcp 0 0.0.0.0:<port> 0.0.0.* LISTEN <pid>/<parent> Now kill by pid: kill -9 <pid>
http://stackoverflow.com/a/22875192/2177408
4. Delete all data of an index in elasticsearch
curl -XDELETE localhost:9200/index/type/documentIDhttp://stackoverflow.com/a/22932471/2177408
5. Match IPV4 and IPV6 in COMBINEDAPACHELOGS
%{IPV6:ipv6}:%{IPV4:ipv4}http://stackoverflow.com/a/40084695/2177408
6. Multiple matches in grok in logstash
input {
stdin{}
}
filter {
grok {
break_on_match => false
match => [ "message","%{WORD:word1}" ]
match => [ "message","%{WORD:word2}" ]
match => [ "message","%{WORD:word3}" ]
}
}
output {
stdout { codec => rubydebug }
}
7. Regex for COMBINEDAPACHELOGS
grok {
match => [ "message","%{IP:client_ip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:apache_timestamp}\] \"%{WORD:method} /%{NOTSPACE:request_page} HTTP/%{NUMBER:http_version}\" %{NUMBER:server_response} " ]
}http://stackoverflow.com/a/22380896/2177408
8. After updating logstash.conf
rm .sincedb* curl -XDELETE localhost:9200/logstash-* sudo /etc/init.d/logstash stop sudo /etc/init.d/logstash start
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
