Public Pastes
daily pastebin goal
22%
SHARE
TWEET

Untitled

a guest Feb 27th, 2015 237 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. LS config:
  2.  
  3. input {
  4.   file {
  5.     path => "/data/work/logstash/inputlogs/sys_generated.log"
  6.     start_position => beginning
  7.     sincedb_path => "/dev/null"
  8.    # sincedb_path => "/data/work/logstash/inputlogs/sincedb.db"
  9.   }
  10. }
  11.  
  12. filter {
  13.   if [path] =~ "sys" {
  14.     mutate { replace => { "type" => "sys_con" } }
  15.     grok {
  16.       patterns_dir => "/data/work/logstash/patterns"
  17.       match => [ "message",  "%{SYS_CON_LOG}" ]
  18.     }
  19.     date {
  20.      match => [ "SYStimestamp", "dd.MMM.YYYY HH:mm:ss" ]
  21.     }
  22.   }
  23. }
  24.  
  25. output {
  26.   elasticsearch {
  27.     host => localhost
  28.     embedded => true
  29.   }
  30.   stdout { codec => rubydebug }
  31. }
  32.  
  33.  
  34. Logstash Rubydebug:
  35.  
  36. {
  37.          "message" => "[INFO ] (01.02.2014 14:01:59) StopWatch(SYS-Thread #-4675457402) - SYS-Aufruf beendet: Elapsed 54.998s, Total 54.998s",
  38.         "@version" => "1",
  39.       "@timestamp" => "2015-02-27T06:16:00.956Z",
  40.             "host" => "hermes",
  41.             "path" => "/data/work/logstash/inputlogs/sys_generated.log",
  42.             "type" => "sys_con",
  43.     "SYStimestamp" => "01.02.2014 14:01:59",
  44.          "elapsed" => "54.998",
  45.            "total" => "54.998"
  46. }
  47.  
  48.  
  49.  
  50. ES Config
  51.  
  52. ##################### Elasticsearch Configuration Example #####################
  53.  
  54. # This file contains an overview of various configuration settings,
  55. # targeted at operations staff. Application developers should
  56. # consult the guide at <http://elasticsearch.org/guide>.
  57. #
  58. # The installation procedure is covered at
  59. # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>.
  60. #
  61. # Elasticsearch comes with reasonable defaults for most settings,
  62. # so you can try it out without bothering with configuration.
  63. #
  64. # Most of the time, these defaults are just fine for running a production
  65. # cluster. If you're fine-tuning your cluster, or wondering about the
  66. # effect of certain configuration option, please _do ask_ on the
  67. # mailing list or IRC channel [http://elasticsearch.org/community].
  68.  
  69. # Any element in the configuration can be replaced with environment variables
  70. # by placing them in ${...} notation. For example:
  71. #
  72. #node.rack: ${RACK_ENV_VAR}
  73.  
  74. # For information on supported formats and syntax for the config file, see
  75. # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
  76.  
  77.  
  78. ################################### Cluster ###################################
  79.  
  80. # Cluster name identifies your cluster for auto-discovery. If you're running
  81. # multiple clusters on the same network, make sure you're using unique names.
  82. #
  83. #cluster.name: elasticsearch
  84.  
  85.  
  86. #################################### Node #####################################
  87.  
  88. # Node names are generated dynamically on startup, so you're relieved
  89. # from configuring them manually. You can tie this node to a specific name:
  90. #
  91. #node.name: "Franz Kafka"
  92.  
  93. # Every node can be configured to allow or deny being eligible as the master,
  94. # and to allow or deny to store the data.
  95. #
  96. # Allow this node to be eligible as a master node (enabled by default):
  97. #
  98. #node.master: true
  99. #
  100. # Allow this node to store data (enabled by default):
  101. #
  102. #node.data: true
  103.  
  104. # You can exploit these settings to design advanced cluster topologies.
  105. #
  106. # 1. You want this node to never become a master node, only to hold data.
  107. #    This will be the "workhorse" of your cluster.
  108. #
  109. #node.master: false
  110. #node.data: true
  111. #
  112. # 2. You want this node to only serve as a master: to not store any data and
  113. #    to have free resources. This will be the "coordinator" of your cluster.
  114. #
  115. #node.master: true
  116. #node.data: false
  117. #
  118. # 3. You want this node to be neither master nor data node, but
  119. #    to act as a "search load balancer" (fetching data from nodes,
  120. #    aggregating results, etc.)
  121. #
  122. #node.master: false
  123. #node.data: false
  124.  
  125. # Use the Cluster Health API [http://localhost:9200/_cluster/health], the
  126. # Node Info API [http://localhost:9200/_nodes] or GUI tools
  127. # such as <http://www.elasticsearch.org/overview/marvel/>,
  128. # <http://github.com/karmi/elasticsearch-paramedic>,
  129. # <http://github.com/lukas-vlcek/bigdesk> and
  130. # <http://mobz.github.com/elasticsearch-head> to inspect the cluster state.
  131.  
  132. # A node can have generic attributes associated with it, which can later be used
  133. # for customized shard allocation filtering, or allocation awareness. An attribute
  134. # is a simple key value pair, similar to node.key: value, here is an example:
  135. #
  136. #node.rack: rack314
  137.  
  138. # By default, multiple nodes are allowed to start from the same installation location
  139. # to disable it, set the following:
  140. #node.max_local_storage_nodes: 1
  141.  
  142.  
  143. #################################### Index ####################################
  144.  
  145. # You can set a number of options (such as shard/replica options, mapping
  146. # or analyzer definitions, translog settings, ...) for indices globally,
  147. # in this file.
  148. #
  149. # Note, that it makes more sense to configure index settings specifically for
  150. # a certain index, either when creating it or by using the index templates API.
  151. #
  152. # See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and
  153. # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html>
  154. # for more information.
  155.  
  156. # Set the number of shards (splits) of an index (5 by default):
  157. #
  158. #index.number_of_shards: 5
  159.  
  160. # Set the number of replicas (additional copies) of an index (1 by default):
  161. #
  162. #index.number_of_replicas: 1
  163.  
  164. # Note, that for development on a local machine, with small indices, it usually
  165. # makes sense to "disable" the distributed features:
  166. #
  167. #index.number_of_shards: 1
  168. #index.number_of_replicas: 0
  169.  
  170. # These settings directly affect the performance of index and search operations
  171. # in your cluster. Assuming you have enough machines to hold shards and
  172. # replicas, the rule of thumb is:
  173. #
  174. # 1. Having more *shards* enhances the _indexing_ performance and allows to
  175. #    _distribute_ a big index across machines.
  176. # 2. Having more *replicas* enhances the _search_ performance and improves the
  177. #    cluster _availability_.
  178. #
  179. # The "number_of_shards" is a one-time setting for an index.
  180. #
  181. # The "number_of_replicas" can be increased or decreased anytime,
  182. # by using the Index Update Settings API.
  183. #
  184. # Elasticsearch takes care about load balancing, relocating, gathering the
  185. # results from nodes, etc. Experiment with different settings to fine-tune
  186. # your setup.
  187.  
  188. # Use the Index Status API (<http://localhost:9200/A/_status>) to inspect
  189. # the index status.
  190.  
  191.  
  192. #################################### Paths ####################################
  193.  
  194. # Path to directory containing configuration (this file and logging.yml):
  195. #
  196. #path.conf: /path/to/conf
  197.  
  198. # Path to directory where to store index data allocated for this node.
  199. #
  200. #path.data: /path/to/data
  201. #
  202. # Can optionally include more than one location, causing data to be striped across
  203. # the locations (a la RAID 0) on a file level, favouring locations with most free
  204. # space on creation. For example:
  205. #
  206. #path.data: /path/to/data1,/path/to/data2
  207.  
  208. # Path to temporary files:
  209. #
  210. #path.work: /path/to/work
  211.  
  212. # Path to log files:
  213. #
  214. #path.logs: /path/to/logs
  215.  
  216. # Path to where plugins are installed:
  217. #
  218. #path.plugins: /path/to/plugins
  219.  
  220.  
  221. #################################### Plugin ###################################
  222.  
  223. # If a plugin listed here is not installed for current node, the node will not start.
  224. #
  225. #plugin.mandatory: mapper-attachments,lang-groovy
  226.  
  227.  
  228. ################################### Memory ####################################
  229.  
  230. # Elasticsearch performs poorly when JVM starts swapping: you should ensure that
  231. # it _never_ swaps.
  232. #
  233. # Set this property to true to lock the memory:
  234. #
  235. #bootstrap.mlockall: true
  236.  
  237. # Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set
  238. # to the same value, and that the machine has enough memory to allocate
  239. # for Elasticsearch, leaving enough memory for the operating system itself.
  240. #
  241. # You should also make sure that the Elasticsearch process is allowed to lock
  242. # the memory, eg. by using `ulimit -l unlimited`.
  243.  
  244.  
  245. ############################## Network And HTTP ###############################
  246.  
  247. # Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
  248. # on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
  249. # communication. (the range means that if the port is busy, it will automatically
  250. # try the next port).
  251.  
  252. # Set the bind address specifically (IPv4 or IPv6):
  253. #
  254. #network.bind_host: 192.168.0.1
  255.  
  256. # Set the address other nodes will use to communicate with this node. If not
  257. # set, it is automatically derived. It must point to an actual IP address.
  258. #
  259. #network.publish_host: 192.168.0.1
  260.  
  261. # Set both 'bind_host' and 'publish_host':
  262. #
  263. #network.host: 192.168.0.1
  264.  
  265. # Set a custom port for the node to node communication (9300 by default):
  266. #
  267. #transport.tcp.port: 9300
  268.  
  269. # Enable compression for all communication between nodes (disabled by default):
  270. #
  271. #transport.tcp.compress: true
  272.  
  273. # Set a custom port to listen for HTTP traffic:
  274. #
  275. #http.port: 9200
  276.  
  277. # Set a custom allowed content length:
  278. #
  279. #http.max_content_length: 100mb
  280.  
  281. # Disable HTTP completely:
  282. #
  283. #http.enabled: false
  284.  
  285.  
  286. ################################### Gateway ###################################
  287.  
  288. # The gateway allows for persisting the cluster state between full cluster
  289. # restarts. Every change to the state (such as adding an index) will be stored
  290. # in the gateway, and when the cluster starts up for the first time,
  291. # it will read its state from the gateway.
  292.  
  293. # There are several types of gateway implementations. For more information, see
  294. # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>.
  295.  
  296. # The default gateway type is the "local" gateway (recommended):
  297. #
  298. #gateway.type: local
  299.  
  300. # Settings below control how and when to start the initial recovery process on
  301. # a full cluster restart (to reuse as much local data as possible when using shared
  302. # gateway).
  303.  
  304. # Allow recovery process after N nodes in a cluster are up:
  305. #
  306. #gateway.recover_after_nodes: 1
  307.  
  308. # Set the timeout to initiate the recovery process, once the N nodes
  309. # from previous setting are up (accepts time value):
  310. #
  311. #gateway.recover_after_time: 5m
  312.  
  313. # Set how many nodes are expected in this cluster. Once these N nodes
  314. # are up (and recover_after_nodes is met), begin recovery process immediately
  315. # (without waiting for recover_after_time to expire):
  316. #
  317. #gateway.expected_nodes: 2
  318.  
  319.  
  320. ############################# Recovery Throttling #############################
  321.  
  322. # These settings allow to control the process of shards allocation between
  323. # nodes during initial recovery, replica allocation, rebalancing,
  324. # or when adding and removing nodes.
  325.  
  326. # Set the number of concurrent recoveries happening on a node:
  327. #
  328. # 1. During the initial recovery
  329. #
  330. #cluster.routing.allocation.node_initial_primaries_recoveries: 4
  331. #
  332. # 2. During adding/removing nodes, rebalancing, etc
  333. #
  334. #cluster.routing.allocation.node_concurrent_recoveries: 2
  335.  
  336. # Set to throttle throughput when recovering (eg. 100mb, by default 20mb):
  337. #
  338. #indices.recovery.max_bytes_per_sec: 20mb
  339.  
  340. # Set to limit the number of open concurrent streams when
  341. # recovering a shard from a peer:
  342. #
  343. #indices.recovery.concurrent_streams: 5
  344.  
  345.  
  346. ################################## Discovery ##################################
  347.  
  348. # Discovery infrastructure ensures nodes can be found within a cluster
  349. # and master node is elected. Multicast discovery is the default.
  350.  
  351. # Set to ensure a node sees N other master eligible nodes to be considered
  352. # operational within the cluster. This should be set to a quorum/majority of
  353. # the master-eligible nodes in the cluster.
  354. #
  355. #discovery.zen.minimum_master_nodes: 1
  356.  
  357. # Set the time to wait for ping responses from other nodes when discovering.
  358. # Set this option to a higher value on a slow or congested network
  359. # to minimize discovery failures:
  360. #
  361. #discovery.zen.ping.timeout: 3s
  362.  
  363. # For more information, see
  364. # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html>
  365.  
  366. # Unicast discovery allows to explicitly control which nodes will be used
  367. # to discover the cluster. It can be used when multicast is not present,
  368. # or to restrict the cluster communication-wise.
  369. #
  370. # 1. Disable multicast discovery (enabled by default):
  371. #
  372. #discovery.zen.ping.multicast.enabled: false
  373. #
  374. # 2. Configure an initial list of master nodes in the cluster
  375. #    to perform discovery when new nodes (master or data) are started:
  376. #
  377. #discovery.zen.ping.unicast.hosts: ["host1", "host2:port"]
  378.  
  379. # EC2 discovery allows to use AWS EC2 API in order to perform discovery.
  380. #
  381. # You have to install the cloud-aws plugin for enabling the EC2 discovery.
  382. #
  383. # For more information, see
  384. # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html>
  385. #
  386. # See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/>
  387. # for a step-by-step tutorial.
  388.  
  389. # GCE discovery allows to use Google Compute Engine API in order to perform discovery.
  390. #
  391. # You have to install the cloud-gce plugin for enabling the GCE discovery.
  392. #
  393. # For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>.
  394.  
  395. # Azure discovery allows to use Azure API in order to perform discovery.
  396. #
  397. # You have to install the cloud-azure plugin for enabling the Azure discovery.
  398. #
  399. # For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>.
  400.  
  401. ################################## Slow Log ##################################
  402.  
  403. # Shard level query and fetch threshold logging.
  404.  
  405. #index.search.slowlog.threshold.query.warn: 10s
  406. #index.search.slowlog.threshold.query.info: 5s
  407. #index.search.slowlog.threshold.query.debug: 2s
  408. #index.search.slowlog.threshold.query.trace: 500ms
  409.  
  410. #index.search.slowlog.threshold.fetch.warn: 1s
  411. #index.search.slowlog.threshold.fetch.info: 800ms
  412. #index.search.slowlog.threshold.fetch.debug: 500ms
  413. #index.search.slowlog.threshold.fetch.trace: 200ms
  414.  
  415. #index.indexing.slowlog.threshold.index.warn: 10s
  416. #index.indexing.slowlog.threshold.index.info: 5s
  417. #index.indexing.slowlog.threshold.index.debug: 2s
  418. #index.indexing.slowlog.threshold.index.trace: 500ms
  419.  
  420. ################################## GC Logging ################################
  421.  
  422. #monitor.jvm.gc.young.warn: 1000ms
  423. #monitor.jvm.gc.young.info: 700ms
  424. #monitor.jvm.gc.young.debug: 400ms
  425.  
  426. #monitor.jvm.gc.old.warn: 10s
  427. #monitor.jvm.gc.old.info: 5s
  428. #monitor.jvm.gc.old.debug: 2s
  429.  
  430. ################################## Security ################################
  431.  
  432. # Uncomment if you want to enable JSONP as a valid return transport on the
  433. # http server. With this enabled, it may pose a security risk, so disabling
  434. # it unless you need it is recommended (it is disabled by default).
  435. #
  436. #http.jsonp.enable: true
  437. http.cors.enabled: true
  438. #http.cors.allow-origin: true
  439. http.cors.allow-origin: "*"
  440.  
  441. ES Start
  442.  
  443. [2015-02-27 07:15:26,648][INFO ][node                     ] [Utgard-Loki] version[1.4.2], pid[8678], build[927caff/2014-12-16T14:11:12Z]
  444. [2015-02-27 07:15:26,649][INFO ][node                     ] [Utgard-Loki] initializing ...
  445. [2015-02-27 07:15:26,654][INFO ][plugins                  ] [Utgard-Loki] loaded [], sites []
  446. [2015-02-27 07:15:28,880][INFO ][node                     ] [Utgard-Loki] initialized
  447. [2015-02-27 07:15:28,880][INFO ][node                     ] [Utgard-Loki] starting ...
  448. [2015-02-27 07:15:28,971][INFO ][transport                ] [Utgard-Loki] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.202.1:9300]}
  449. [2015-02-27 07:15:28,983][INFO ][discovery                ] [Utgard-Loki] elasticsearch/HNl_upXgSO6R6ZA9eZWYQA
  450. [2015-02-27 07:15:32,766][INFO ][cluster.service          ] [Utgard-Loki] new_master [Utgard-Loki][HNl_upXgSO6R6ZA9eZWYQA][hermes][inet[/192.168.202.1:9300]], reason: zen-disco-join (elected_as_master)
  451. [2015-02-27 07:15:32,806][INFO ][http                     ] [Utgard-Loki] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.202.1:9200]}
  452. [2015-02-27 07:15:32,806][INFO ][node                     ] [Utgard-Loki] started
  453. [2015-02-27 07:15:33,383][INFO ][gateway                  ] [Utgard-Loki] recovered [6] indices into cluster_state
  454. [2015-02-27 07:15:54,179][INFO ][cluster.service          ] [Utgard-Loki] added {[Brother Nature][9kTYMFw4So2Uf9_oD2iCrg][hermes][inet[/192.168.202.1:9301]],}, reason: zen-disco-receive(join from node[[Brother Nature][9kTYMFw4So2Uf9_oD2iCrg][hermes][inet[/192.168.202.1:9301]]])
  455. [2015-02-27 07:15:57,569][INFO ][cluster.service          ] [Utgard-Loki] added {[logstash-hermes-8747-4010][39ghe4J3QMSDgss4zbTrgw][hermes][inet[/192.168.202.1:9302]]{client=true, data=false},}, reason: zen-disco-receive(join from node[[logstash-hermes-8747-4010][39ghe4J3QMSDgss4zbTrgw][hermes][inet[/192.168.202.1:9302]]{client=true, data=false}])
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top