Skip to content

Instantly share code, notes, and snippets.

View osssubb's full-sized avatar

osssubb

View GitHub Profile
@osssubb
osssubb / gist:6774727
Created October 1, 2013 06:51
@fields separated, date analyzed and 2 time-formats
curl -XPUT http://10.0.4.24:9200/_template/logstash -d '
{
"template" : "logstash*",
"settings" : {
"number_of_shards" : 1,
"index.refresh_interval" : "10s",
"index.query.default_field": "@message"},
"mappings": {
"_default_": {
"_all": { "enabled": false },
@osssubb
osssubb / gist:6774414
Created October 1, 2013 05:59
[2013-10-01 01:50:18,734][DEBUG][action.bulk ] [Logstash] [logstash-2013.10.01][0] failed to execute bulk item (index) index {[logstash-2013.10.01][postfix][7og6VD7JSWOG9MQc1KSo1w], source[{"@source":"file://mail4//var/log/mail.log","@tags":["mail4_mail.log","easymail","mail4"],"@fields":{"date":["Oct 1 01:55:46"],"host":["mail4"],"service":["dovecot"],"program":["dovecot"],"message":["imap(user@example.com): Debug: Quota root: name=User quota backend=maildir args="]},"@timestamp":"2013-10-01T05:55:47.142Z","@source_host":"mail4","@source_path":"//var/log/mail.log","@message":"imap(user@example.com): Debug: Quota root: name=User quota backend=maildir args=","@type":"postfix"}]}
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [@fields.date]
at org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:396)
at org.elasticsearch.index.mapper.object.ObjectMapper.serializeValue(ObjectMapper.java:614)
at org.elasticsearch.index.mapper.object.Object
@osssubb
osssubb / gist:6740562
Created September 28, 2013 10:06
@fields separated but date analyzed.
curl -XPUT http://10.0.4.24:9200/_template/logstash -d '
{
"template" : "logstash*",
"settings" : {
"number_of_shards" : 1,
"index.refresh_interval" : "10s",
"index.query.default_field": "@message"},
"mappings": {
"_default_": {
"_all": { "enabled": false },
@osssubb
osssubb / gist:6183360
Last active December 20, 2015 19:29
@fields separated
curl -XPUT http://10.0.4.24:9200/_template/logstash -d '
{
"template" : "logstash*",
"settings" : {
"number_of_shards" : 1,
"index.refresh_interval" : "10s",
"index.query.default_field": "@message"},
"mappings": {
"_default_": {
"_all": { "enabled": false },
@osssubb
osssubb / new logstash
Last active December 20, 2015 17:49
########
########
curl -XPUT http://10.0.4.24:9200/_template/logstash -d '
{
"template" : "logstash*",
"settings" : {
"number_of_shards" : 1,
"index.refresh_interval" : "10s",
"index.query.default_field": "@message"},
@osssubb
osssubb / gist:6154620
Created August 5, 2013 09:32
logstash_template
curl -XPUT http://10.0.4.24:9200/_template/logstash -d '
{
"template" : "logstash*",
"settings" : {
"number_of_shards" : 1,
"index.refresh_interval" : "10s",
"index.query.default_field": "@message"},
"mappings": {
"_default_": {
"_all": { "enabled": false },