{
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_all" : {
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Painless transform script: | |
POST _scripts/painless/alerting_index_transform | |
{ | |
"script": "def triggered_time = ctx.trigger.triggered_time; def failure_counts = new HashMap(); ctx.payload.failed_auth_users.aggregations.users.buckets.stream().map(p -> failure_counts.put(p.key,p.doc_count)); def successful_users = ctx.payload.success_auth_users.aggregations.users.buckets.stream().map(p -> p.key).collect(Collectors.toList()); def failure_only_records = ctx.payload.failed_auth_users.aggregations.users.buckets.stream().filter(p -> !successful_users.contains(p.key)).map(e -> ['@timestamp':triggered_time,'user':e.key,'severity':'MEDIUM','failed_auths':e.doc_count]).collect(Collectors.toList()); def success_and_failure_records = ctx.payload.success_auth_users.aggregations.users.buckets.stream().map(e -> ['@timestamp':triggered_time,'user':e.key,'severity':'HIGH','successful_auths':e.doc_count,'failed_auths':failure_counts.get(e.key)]).collect(Collectors.toList()); success_and_failure_records.addAll(failure_only_re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env perl | |
use POSIX; | |
my $KB = 1024; | |
my $MB = $KB*1024; | |
my $GB = $MB*1024; | |
my $TB = $GB*1024; | |
my %index_stats; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import json | |
import sys | |
import md5 | |
import collections | |
import datetime | |
import re | |
epoch = datetime.datetime.utcfromtimestamp(0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Nginx configuration for stubbing _bulk requests and proxying everything | |
# else to a local Elasticsearch instance. | |
# | |
# This can be used to test performance of network and the load generator | |
# for pure bulk indexing benchmarks. | |
# | |
# This configuration has been tested with Rally (https://github.com/elastic/rally). | |
# nginx-extras for the more-include headers module | |
# sudo apt-get install nginx nginx-extras |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -k -u "uuu:ppp" -XGET https://356a27e883d143769ddbd5xxxxxxxxxx.demo.elastic.co:9243/api/kibana/dashboards/export?dashboard=d25f3e20-041d-11e8-af22-05a1f7ea412f > dashboards.json | |
curl -k -u "uuu:ppp" -XGET https://356a27e883d143769ddbd5xxxxxxxxxx.demo.elastic.co:9243/api/kibana/dashboards/export?dashboard=97aa8e60-041d-11e8-af22-05a1f7ea412f >> dashboards.json | |
curl -k -u "uuu:ppp" -XGET https://356a27e883d143769ddbd5xxxxxxxxxx.demo.elastic.co:9243/api/kibana/dashboards/export?dashboard=51fb4e10-ff75-11e7-af22-05a1f7ea412f >> dashboards.json | |
curl -k -u "uuu:ppp" -XGET https://356a27e883d143769ddbd5xxxxxxxxxx.demo.elastic.co:9243/api/kibana/dashboards/export?dashboard=a45b4e10-041d-11e8-af22-05a1f7ea412f >> dashboards.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[2018-07-19T08:48:47,631][WARN ][o.e.i.c.IndicesClusterStateService] [iZBcaR9] [[elasticlogs-2-2018.01.02-44][1]] marking and sending shard failed due to [failed recovery] | |
org.elasticsearch.indices.recovery.RecoveryFailedException: [elasticlogs-2-2018.01.02-44][1]: Recovery failed from {Q8apBcz}{Q8apBcz2QeS7wXq3tIrvLA}{gY6uDjozSmWxadECk2VenQ}{192.168.1.32}{192.168.1.32:9300}{ml.machine_memory=128847142912, ml.max_open_jobs=20, xpack.installed=true, ml.enabled=true} into {iZBcaR9}{iZBcaR9JTk6f8OhyT7yL4A}{9v9sDmqZTniJCFvk_MSk6g}{192.168.1.33}{192.168.1.33:9300}{ml.machine_memory=128847142912, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} | |
at org.elasticsearch.indices.recovery.PeerRecoveryTargetService.doRecovery(PeerRecoveryTargetService.java:282) [elasticsearch-6.3.0.jar:6.3.0] | |
at org.elasticsearch.indices.recovery.PeerRecoveryTargetService.access$900(PeerRecoveryTargetService.java:80) [elasticsearch-6.3.0.jar:6.3.0] | |
at org.elasticsearch.indices.recovery.PeerRecoveryTargetService$RecoveryRunner |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% set p_bulk_indexing_clients = (bulk_indexing_clients | default(20)) %} | |
{% set p_duration = bulk_indexing_duration | default(900) %} | |
{ | |
"name": "split_indexing", | |
"description": "Index data into indices with and without `number_of_routing_shards` set. IDs are autogenerated by Elasticsearch, meaning there are no conflicts.", | |
"meta": { | |
"client_count": {{ p_bulk_indexing_clients }}, | |
"benchmark_type": "split-indexing" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
stdin {} | |
} | |
filter { | |
grok { | |
match => { "message" => [ '%{IP:ip}" %{GREEDYDATA:a}', | |
'%{IP:ip1}, %{IP:ip}" %{GREEDYDATA:a}' ] } | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"trigger": { | |
"schedule": { | |
"interval": "10s" | |
} | |
}, | |
"input": { | |
"http" : { | |
"request" : { | |
"host" : "127.0.0.1:9200", |