chrisan/bash Secret

## bash
chris@ubuntu:~/code/logstash$ /opt/logstash/bin/logstash -f first-pipeline.conf
Settings: Default pipeline workers: 4
Pipeline main started


## elasticsearch.json
chris@ubuntu:~/code/logstash$ curl -XGET 'localhost:9200/logstash-2016.10.10/_search?pretty&q=response=200'
{
  "error" : {
    "root_cause" : [ {
      "type" : "index_not_found_exception",
      "reason" : "no such index",
      "resource.type" : "index_or_alias",
      "resource.id" : "logstash-2016.10.10",
      "index" : "logstash-2016.10.10"
    } ],
    "type" : "index_not_found_exception",
    "reason" : "no such index",
    "resource.type" : "index_or_alias",
    "resource.id" : "logstash-2016.10.10",
    "index" : "logstash-2016.10.10"
  },
  "status" : 404
}

## first-pipeline.conf
input {
    file {
        path => "/home/chris/code/logstash/logs/*.log"
        start_position => beginning
        ignore_older => 0
    }
}
filter {
    grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
    }
    geoip {
        source => "clientip"
    }
}
output {
    elasticsearch {
        hosts => [ "localhost:9200" ]
    }
}

## indicies
chris@ubuntu:~/code/logstash$ curl 'localhost:9200/_cat/indices?v'
health status index pri rep docs.count docs.deleted store.size pri.store.size

## install.md

      
    Raw
  

              install.md
            
          
    sudo apt-get install default-jre -y
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
echo "deb https://packages.elastic.co/logstash/2.4/debian stable main" | sudo tee -a /etc/apt/sources.list
sudo apt-get update
sudo apt-get install elasticsearch -y
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
sudo apt-get install logstash -y
sudo /opt/logstash/bin/logstash-plugin install logstash-codec-cloudfront
sudo /opt/logstash/bin/logstash-plugin install logstash-input-s3
wget https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz

  
## logs-SLASH-logstash-tutorial.log
# No directories in a gist, but this file does exist:

chris@ubuntu:~/code/logstash$ ll /home/chris/code/logstash/logs/
total 36
drwxrwxr-x 2 chris chris  4096 Oct 10 08:27 ./
drwxrwxr-x 3 chris chris  4096 Oct 10 06:40 ../
-rw-rw-r-- 1 chris chris 24680 Oct 10 08:32 logstash-tutorial.log

chris@ubuntu:~/code/logstash$ cat /home/chris/code/logstash/logs/logstash-tutorial.log
83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/zoom-js/zoom.js HTTP/1.1" 200 7697 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] "GET /presentations/logstash-monitorama-2013/plugin/notes/notes.js HTTP/1.1" 200 2892 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
<snip>
	chris@ubuntu:~/code/logstash$ /opt/logstash/bin/logstash -f first-pipeline.conf
	Settings: Default pipeline workers: 4
	Pipeline main started
	chris@ubuntu:~/code/logstash$ curl -XGET 'localhost:9200/logstash-2016.10.10/_search?pretty&q=response=200'
	{
	"error" : {
	"root_cause" : [ {
	"type" : "index_not_found_exception",
	"reason" : "no such index",
	"resource.type" : "index_or_alias",
	"resource.id" : "logstash-2016.10.10",
	"index" : "logstash-2016.10.10"
	} ],
	"type" : "index_not_found_exception",
	"reason" : "no such index",
	"resource.type" : "index_or_alias",
	"resource.id" : "logstash-2016.10.10",
	"index" : "logstash-2016.10.10"
	},
	"status" : 404
	}
	input {
	file {
	path => "/home/chris/code/logstash/logs/*.log"
	start_position => beginning
	ignore_older => 0
	}
	}
	filter {
	grok {
	match => { "message" => "%{COMBINEDAPACHELOG}"}
	}
	geoip {
	source => "clientip"
	}
	}
	output {
	elasticsearch {
	hosts => [ "localhost:9200" ]
	}
	}
	chris@ubuntu:~/code/logstash$ curl 'localhost:9200/_cat/indices?v'
	health status index pri rep docs.count docs.deleted store.size pri.store.size
	# No directories in a gist, but this file does exist:

	chris@ubuntu:~/code/logstash$ ll /home/chris/code/logstash/logs/
	total 36
	drwxrwxr-x 2 chris chris 4096 Oct 10 08:27 ./
	drwxrwxr-x 3 chris chris 4096 Oct 10 06:40 ../
	-rw-rw-r-- 1 chris chris 24680 Oct 10 08:32 logstash-tutorial.log

	chris@ubuntu:~/code/logstash$ cat /home/chris/code/logstash/logs/logstash-tutorial.log
	83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
	83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
	83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
	83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/zoom-js/zoom.js HTTP/1.1" 200 7697 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
	83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] "GET /presentations/logstash-monitorama-2013/plugin/notes/notes.js HTTP/1.1" 200 2892 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
	<snip>