Skip to content

Instantly share code, notes, and snippets.

Radu Gheorghe radu-gheorghe

Block or report user

Report or block radu-gheorghe

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@radu-gheorghe
radu-gheorghe / logstash.conf
Created Mar 17, 2016
logstash grok filter for Elasticsearch logs
View logstash.conf
filter {
if [type] == "elasticsearch" {
grok {
match => [ "message", "\[%{TIMESTAMP_ISO8601:timestamp}\]\[%{DATA:severity}%{SPACE}\]\[%{DATA:source}%{SPACE}\]%{SPACE}(?<message>(.|\r|\n)*)" ]
overwrite => [ "message" ]
}
if "_grokparsefailure" not in [tags] {
grok { # regular logs
match => [
View example.log.parsed.snippet
{"message":"proxy-435.dialup.xtra.co.nz - - [22/Apr/2009:18:52:51 +1200] \"GET /images/photos/455.jpg HTTP/1.1\" 200 986 \"-\" \"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_4_11; en) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\" \"-\"","@version":"1","@timestamp":"2015-04-16T17:35:24.585Z","host":"rgheorghe-suse.rgheorghe-local","path":"/opt/example.log.raw","clientip":"proxy-435.dialup.xtra.co.nz","ident":"-","auth":"-","timestamp":"22/Apr/2009:18:52:51 +1200","verb":"GET","request":"/images/photos/455.jpg","httpversion":"1.1","response":"200","bytes":"986","referrer":"\"-\"","agent":"\"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_4_11; en) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\""}
{"message":"proxy-435.dialup.xtra.co.nz - - [22/Apr/2009:18:52:51 +1200] \"GET /images/nav/tab_left_middle.gif HTTP/1.1\" 200 1020 \"-\" \"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_4_11; en) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\" \"-\"","@version":"1",
@radu-gheorghe
radu-gheorghe / repro.sh
Created Feb 5, 2015
Elasticsearch significant terms background filtering size oddities
View repro.sh
curl -XDELETE localhost:9200/test
curl -XPOST localhost:9200/test/test -d '{"a": "foo"}'
curl -XPOST localhost:9200/test/test -d '{"a": "foo"}'
curl -XPOST localhost:9200/test/test -d '{"a": "foo2"}'
curl -XPOST localhost:9200/test/test -d '{"a": "foo2"}'
curl -XPOST localhost:9200/test/test -d '{"a": "foo"}'
curl localhost:9200/test/_refresh
# ElasticsearchIllegalArgumentException[supersetFreq > supersetSize, in JLHScore.score(..)]
curl 'localhost:9200/test/_search?pretty&search_type=count' -d '{
View limit.json
{
"from": 0,
"size": 25,
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"bool": {
View stemming_separately
{
"size": 10,
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"multi_match": {
"analyzer": "whitespace_shingle",
View rsyslog compile error
msg.c: In function 'getJSONPropVal':
msg.c:2736:3: warning: 'json_object_object_get' is deprecated (declared at /usr/include/json/json_object.h:217) [-Wdeprecated-declarations]
field = json_object_object_get(parent, (char*)leaf);
^
msg.c: In function 'msgGetJSONPropJSON':
msg.c:2789:2: warning: 'json_object_object_get' is deprecated (declared at /usr/include/json/json_object.h:217) [-Wdeprecated-declarations]
*pjson = json_object_object_get(parent, (char*)leaf);
^
In file included from /usr/include/json/linkhash.h:16:0,
from /usr/include/json/json.h:22,
View boost_by_id.json
{
"query": {
"function_score": {
"query": {
"multi_match": {
"query": "gospel",
"fields": [
"title.raw^60",
"authors.raw^40",
"subjects.raw^20",
@radu-gheorghe
radu-gheorghe / nested filter
Created Aug 20, 2014
nested query turned filter
View nested filter
{
"size": 100,
"query": {
"filtered": {
"query": {
"multi_match": {
"query": "gospel",
"fields": [
"title.raw^60",
"authors.raw^40",
@radu-gheorghe
radu-gheorghe / delete_by_query_stats.sh
Created Apr 14, 2014
deleted stats are not updated when running delete by query in Elasticsearch 1.1.0
View delete_by_query_stats.sh
#!/bin/sh
echo
echo '==========================='
echo 'Creating an empty index'
echo '==========================='
curl -XDELETE localhost:9200/test
curl -XPOST localhost:9200/test/ -d '{"settings": {"index.number_of_shards": 1}}'
echo
@radu-gheorghe
radu-gheorghe / test-logsene
Created Sep 24, 2013
Logsene test dashboard
View test-logsene
{
"title": "another test application",
"services": {
"query": {
"idQueue": [
2,
3,
4
],
"list": {
You can’t perform that action at this time.