Skip to content

Instantly share code, notes, and snippets.

Avatar
🌀
Software developer @ Elastic working on Kibana. Previously @ NodeSource, IBM.

Patrick Mueller pmuellr

🌀
Software developer @ Elastic working on Kibana. Previously @ NodeSource, IBM.
View GitHub Profile
@pmuellr
pmuellr / es-log.txt
Created Feb 27, 2020
2020-02-27 es walkback from event-log
View es-log.txt
info [o.e.x.i.a.TransportPutLifecycleAction] [pmuellr.muellerware.org] adding index lifecycle policy [.kibana-event-log-policy]
info [o.e.c.m.MetaDataIndexTemplateService] [pmuellr.muellerware.org] adding template [.kibana-event-log-8.0.0-template] for index patterns [.kibana-event-log-8.0.0-*]
info [o.e.c.m.MetaDataCreateIndexService] [pmuellr.muellerware.org] [.kibana-event-log-8.0.0-000001] creating index, cause [api], templates [.kibana-event-log-8.0.0-template], shards [1]/[1], mappings [_doc]
info [o.e.x.i.IndexLifecycleTransition] [pmuellr.muellerware.org] moving index [.kibana-event-log-8.0.0-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.kibana-event-log-policy]
info [o.e.x.i.IndexLifecycleTransition] [pmuellr.muellerware.org] moving index [.kibana-event-log-8.0.0-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.kibana-event-log-policy]
info [o.e.x.i
@pmuellr
pmuellr / canvas-es-hb-sim
Last active Jan 16, 2020
Kibana canvas chart for es-hb-sim
View canvas-es-hb-sim
filters
| essql
query="SELECT \"@timestamp\" as time, \"summary.up\" as up FROM \"es-hb-sim\" WHERE time > NOW() - INTERVAL 60 SECONDS"
| pointseries x="time" y="up"
| plot defaultStyle={seriesStyle lines="1" fill=1 bars="0"}
| render
@pmuellr
pmuellr / whole-lotta-alerts-hb.sh
Last active Jan 14, 2020
whole-lotta-alerts stress tester for Kibana alerting using heartbeat data
View whole-lotta-alerts-hb.sh
#!/usr/bin/env bash
# creates a number of alerts with a server-log action
# Note that default alerttype - example.heartbeat is from
# https://github.com/pmuellr/kbn-sample-plugins#exampleheartbeat
# requires the following:
# jq: https://stedolan.github.io/jq/download/
# kbn-action: https://github.com/pmuellr/kbn-action/blob/master/README.md
@pmuellr
pmuellr / graphic-3.html
Created Jan 4, 2020
ObservableHQ runtime example
View graphic-3.html
<!DOCTYPE html>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="./node_modules/@observablehq/inspector/dist/inspector.css">
<body>
<script type="module">
import { Runtime, Inspector } from "./node_modules/@observablehq/runtime/dist/runtime.js";
const runtime = new Runtime()
const inspector = Inspector.into(document.body)
const mod = runtime.module(define, inspector)
@pmuellr
pmuellr / es-ilm-rollover-setup.text
Created Sep 16, 2019
commands for Kibana console to play with ilm/rollover/aliases
View es-ilm-rollover-setup.text
DELETE _ilm/policy/event_log_policy
DELETE _template/event_log_template
DELETE event-log-000001
DELETE event-log-000002
PUT _ilm/policy/event_log_policy
{
"policy": {
"phases": {
"hot": {
@pmuellr
pmuellr / kbn-fizz-buzz-alerts.sh
Last active Aug 27, 2019
creates alerts with the "built-in" .fizz-buzz Kibana alert type
View kbn-fizz-buzz-alerts.sh
#!/usr/bin/env bash
source ~/.kbn-fizz-buzz-secrets.sh
ACTION_ID_SELOG=`kbn-action create .server-log "fizz-buzz server-log" "{}" "{}" | jq -r ".id"`
ACTION_ID_SLACK=`kbn-action create .slack "fizz-buzz slack" "{}" "{webhookUrl: '$SLACK_WEBHOOKURL'}" | jq -r ".id"`
ACTION_ID_EMAIL=`kbn-action create .email "fizz-buzz email" "{service: '$EMAIL_SERVICE', from: '$EMAIL_FROM'}" "{user: '$EMAIL_USER' password: '$EMAIL_PASSWORD'}" | jq -r ".id"`
ACTION_ID_INDEX=`kbn-action create .index "fizz-buzz index" "{index: 'fizz-buzz'}" "{}" | jq -r ".id"`
ACTION_ID_PDUTY=`kbn-action create .pagerduty "fizz-buzz pagerduty" "{}" "{routingKey: '$PAGERDUTY_ROUTING_KEY'}" | jq -r ".id"`
@pmuellr
pmuellr / audit_log.ts
Created Aug 5, 2019
initial pass on an AuditLog interface
View audit_log.ts
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
type IAuditRecord = Record<string, any>;
interface IAuditLog {
initialize(): Promise<void>;
@pmuellr
pmuellr / whole-lotta-alerts.sh
Last active Jul 14, 2020
create lots of alerts in Kibana
View whole-lotta-alerts.sh
#!/usr/bin/env bash
# creates a number of alerts with a server-log action
# Note that default alerttype - test.always-firing is part of the
# alerting function tests, and writes documents to the index $GARBAGE_INDEX_NAME
# specified below (it's uses it productively in tests, but not useful here).
# So, if you use this default alerttype, you should be pointing your $KBN_URLBASE to
# a Function Test Server.
@pmuellr
pmuellr / generic-kibana-rfc.md
Created Jul 2, 2019
generic template for Kibana RFCs
View generic-kibana-rfc.md
  • Start Date: 20yy-mm-dd
  • RFC PR: (leave this empty)
  • Kibana Issue: TBD

Summary

@pmuellr
pmuellr / index.ts
Created Jun 26, 2019
Kibana plugin for functional test server to run raw action type executors
View index.ts
// path: x-pack/test/api_integration/fixtures/plugins/action_runner/index.ts
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import Joi from 'joi';
You can’t perform that action at this time.