pmuellr

'use strict'

// examples from https://github.com/vriad/zod

// trying to use zod in JS w/ jsdoc type comments in vsCode

const z = require('zod')

const dogSchema = z.object({
  name: z.string(),

pmuellr

{"attributes":{"fieldFormatMap":"{\"event.duration\":{\"id\":\"duration\",\"params\":{\"parsedUrl\":{\"origin\":\"https://81b07bbaeb0c43d2b6f957add35c71b2.us-east-1.aws.staging.foundit.no:9243\",\"pathname\":\"/app/home\",\"basePath\":\"\"},\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asMilliseconds\",\"outputPrecision\":0,\"showSuffix\":true}}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"n

pmuellr

info [o.e.x.i.a.TransportPutLifecycleAction] [pmuellr.muellerware.org] adding index lifecycle policy [.kibana-event-log-policy]
info [o.e.c.m.MetaDataIndexTemplateService] [pmuellr.muellerware.org] adding template [.kibana-event-log-8.0.0-template] for index patterns [.kibana-event-log-8.0.0-*]
info [o.e.c.m.MetaDataCreateIndexService] [pmuellr.muellerware.org] [.kibana-event-log-8.0.0-000001] creating index, cause [api], templates [.kibana-event-log-8.0.0-template], shards [1]/[1], mappings [_doc]
info [o.e.x.i.IndexLifecycleTransition] [pmuellr.muellerware.org] moving index [.kibana-event-log-8.0.0-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.kibana-event-log-policy]
info [o.e.x.i.IndexLifecycleTransition] [pmuellr.muellerware.org] moving index [.kibana-event-log-8.0.0-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.kibana-event-log-policy]
info [o.e.x.i

pmuellr

filters
| essql 
  query="SELECT \"@timestamp\" as time, \"summary.up\" as up FROM \"es-hb-sim\" WHERE time > NOW() - INTERVAL 60 SECONDS"
| pointseries x="time" y="up"
| plot defaultStyle={seriesStyle lines="1" fill=1 bars="0"}
| render

pmuellr

#!/usr/bin/env bash

# creates a number of alerts with a server-log action

# Note that default alerttype - example.heartbeat is from
# https://github.com/pmuellr/kbn-sample-plugins#exampleheartbeat

# requires the following:
#   jq:         https://stedolan.github.io/jq/download/
#   kbn-action: https://github.com/pmuellr/kbn-action/blob/master/README.md

pmuellr

<!DOCTYPE html>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="./node_modules/@observablehq/inspector/dist/inspector.css">
<body>
<script type="module">
import { Runtime, Inspector } from "./node_modules/@observablehq/runtime/dist/runtime.js";

const runtime = new Runtime()
const inspector = Inspector.into(document.body)
const mod = runtime.module(define, inspector)

pmuellr

DELETE _ilm/policy/event_log_policy   
DELETE _template/event_log_template
DELETE event-log-000001
DELETE event-log-000002

PUT _ilm/policy/event_log_policy   
{
  "policy": {                       
    "phases": {
      "hot": {                      

pmuellr

#!/usr/bin/env bash

source ~/.kbn-fizz-buzz-secrets.sh

ACTION_ID_SELOG=`kbn-action create .server-log "fizz-buzz server-log" "{}" "{}"                                                                                              | jq -r ".id"`
ACTION_ID_SLACK=`kbn-action create .slack      "fizz-buzz slack"      "{}"                                               "{webhookUrl: '$SLACK_WEBHOOKURL'}"                 | jq -r ".id"`
ACTION_ID_EMAIL=`kbn-action create .email      "fizz-buzz email"      "{service: '$EMAIL_SERVICE', from: '$EMAIL_FROM'}" "{user: '$EMAIL_USER' password: '$EMAIL_PASSWORD'}" | jq -r ".id"`
ACTION_ID_INDEX=`kbn-action create .index      "fizz-buzz index"      "{index: 'fizz-buzz'}"                             "{}"                                                | jq -r ".id"`
ACTION_ID_PDUTY=`kbn-action create .pagerduty  "fizz-buzz pagerduty"  "{}"                                               "{routingKey: '$PAGERDUTY_ROUTING_KEY'}"            | jq -r ".id"`

pmuellr

/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License;
 * you may not use this file except in compliance with the Elastic License.
 */

type IAuditRecord = Record<string, any>;

interface IAuditLog {
  initialize(): Promise<void>;

pmuellr

#!/usr/bin/env bash

# creates a number of alerts with a server-log action

# Note that default alerttype - test.always-firing is part of the
# alerting function tests, and writes documents to the index $GARBAGE_INDEX_NAME
# specified below (it's uses it productively in tests, but not useful here).
# So, if you use this default alerttype, you should be pointing your $KBN_URLBASE to
# a Function Test Server.