Jordan Sissel jordansissel

## ec2.rb
require 'logstash-output-elasticsearch-ec2_jars.rb'

module LogStash::Outputs::ElasticSearch::Ec2

  def self.included(base)
    base.extend(self)
    base.register
  end

  def register

## logstash.conf
input { stdin { } }

filter {
  grok {
    match => { "message" => "<%{NUMBER:syslog_pri}>%{DATA:message}$" }
    overwrite => "message"
  }
  syslog_pri {
    remove_field => "syslog_pri"
  }

## Summary
Elasticsearch 1.2.0, Logstash 1.4.1

* logs raw size: 217.72M
* logs.gz : 21.36M
* test 1: 374.4mb (no filters)
* test 2: 545.6mb (grok)
* test 3: 626.1mb (grok + date)
* test 4: 347mb (grok + date + remove 'message' field)
* test 4 w/ lzop (theoretical): 277.5mb
* test 4 w/ lzop -7 (theoretical): 228.5mb

## gist:11232938
% fpm -s dir -t sh -n example -v 1.0 $HOME/.{vim,zsh}rc
Created package {:path=>"example.sh"}
% ./example.sh -h
Usage: example.sh [options]
Install this package
  -i <DIRECTORY> : install_root - an optional directory to install to.
      Default is package file name without file extension
  -o <USER>     : owner - the name of the user that will own the files installed
                   by the package. Defaults to current user
  -r: disable capistrano style release directories - Default behavior is to create a releases directory inside

## apachedashboard.json
{
  "title": "Apache Overview",
  "services": {
    "query": {
      "list": {
        "2": {
          "id": 2,
          "type": "topN",
          "query": "",
          "alias": "",

## output
[root@localhost log]# systemctl start test
[root@localhost log]# systemctl status test
test.service - Starts and stops a single Logstash instance
          Loaded: loaded (/usr/lib/systemd/system/test.service; disabled)
          Active: active (running) since Fri 2014-02-28 13:34:56 EST; 5s ago
            Docs: http://www.elasticsearch.org
        Main PID: 1214 (sleep)
          CGroup: name=systemd:/system/test.service
                  └─1214 /usr/bin/sleep 3600

## gist:9194469
mkdir /tmp/example
pip install -d /tmp/example flask
for i in *.tar.gz; do
  tar -zxf $i
  fpm -s python -t rpm ${i%%.tar.gz}
done
ls *.rpm


----

## gist:8031741

% git rev-list HEAD | xargs -n1 sh -c 'git ls-tree -lr $1 | awk "\$4 > (300*1024) { print \"size:\",\$4, \$5 }" | sed -e "s,^,commit:$1 ,"' -

commit:fd93322c903a49febe8ad454c9e03a7e86327389 size: 69535125 debian/debian/logstash.war

## gist:7819452
porkrevenge(~/build/fpm) % git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/master

porkrevenge(~/build/fpm) % tail -2 ~/.gitconfig
[remote "origin"]
  fetch = +refs/pull/*/head:refs/remotes/origin/pull/*


## gemflat.rb
require "rubygems"
require "pry"
require "find"

cache = {}

Gem::Specification.find_all do |gemspec|
  gemspec.require_paths.each do |lib|
    prefix = File.join(gemspec.full_gem_path, lib)
    puts prefix + "/"
	require 'logstash-output-elasticsearch-ec2_jars.rb'

	module LogStash::Outputs::ElasticSearch::Ec2

	def self.included(base)
	base.extend(self)
	base.register
	end

	def register
	input { stdin { } }

	filter {
	grok {
	match => { "message" => "<%{NUMBER:syslog_pri}>%{DATA:message}$" }
	overwrite => "message"
	}
	syslog_pri {
	remove_field => "syslog_pri"
	}
	Elasticsearch 1.2.0, Logstash 1.4.1

	* logs raw size: 217.72M
	* logs.gz : 21.36M
	* test 1: 374.4mb (no filters)
	* test 2: 545.6mb (grok)
	* test 3: 626.1mb (grok + date)
	* test 4: 347mb (grok + date + remove 'message' field)
	* test 4 w/ lzop (theoretical): 277.5mb
	* test 4 w/ lzop -7 (theoretical): 228.5mb
	% fpm -s dir -t sh -n example -v 1.0 $HOME/.{vim,zsh}rc
	Created package {:path=>"example.sh"}
	% ./example.sh -h
	Usage: example.sh [options]
	Install this package
	-i <DIRECTORY> : install_root - an optional directory to install to.
	Default is package file name without file extension
	-o <USER> : owner - the name of the user that will own the files installed
	by the package. Defaults to current user
	-r: disable capistrano style release directories - Default behavior is to create a releases directory inside
	{
	"title": "Apache Overview",
	"services": {
	"query": {
	"list": {
	"2": {
	"id": 2,
	"type": "topN",
	"query": "",
	"alias": "",
	[root@localhost log]# systemctl start test
	[root@localhost log]# systemctl status test
	test.service - Starts and stops a single Logstash instance
	Loaded: loaded (/usr/lib/systemd/system/test.service; disabled)
	Active: active (running) since Fri 2014-02-28 13:34:56 EST; 5s ago
	Docs: http://www.elasticsearch.org
	Main PID: 1214 (sleep)
	CGroup: name=systemd:/system/test.service
	└─1214 /usr/bin/sleep 3600
	mkdir /tmp/example
	pip install -d /tmp/example flask
	for i in *.tar.gz; do
	tar -zxf $i
	fpm -s python -t rpm ${i%%.tar.gz}
	done
	ls *.rpm


	----

	% git rev-list HEAD \| xargs -n1 sh -c 'git ls-tree -lr $1 \| awk "\$4 > (300*1024) { print \"size:\",\$4, \$5 }" \| sed -e "s,^,commit:$1 ,"' -

	commit:fd93322c903a49febe8ad454c9e03a7e86327389 size: 69535125 debian/debian/logstash.war
	porkrevenge(~/build/fpm) % git branch -a
	* master
	remotes/origin/HEAD -> origin/master
	remotes/origin/master

	porkrevenge(~/build/fpm) % tail -2 ~/.gitconfig
	[remote "origin"]
	fetch = +refs/pull//head:refs/remotes/origin/pull/
	require "rubygems"
	require "pry"
	require "find"

	cache = {}

	Gem::Specification.find_all do \|gemspec\|
	gemspec.require_paths.each do \|lib\|
	prefix = File.join(gemspec.full_gem_path, lib)
	puts prefix + "/"