Skip to content

Instantly share code, notes, and snippets.

@renshuki

renshuki/logstash-output-elasticsearch-bulk-request-size-monitoring.md

Created June 25, 2021 06:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save renshuki/2524214219c6770e2b0423a6c6645e1e to your computer and use it in GitHub Desktop.
Save renshuki/2524214219c6770e2b0423a6c6645e1e to your computer and use it in GitHub Desktop.
Download ZIP
Logstash - output.elasticsearch bulk requests size monitoring hack
Raw
logstash-output-elasticsearch-bulk-request-size-monitoring.md

Command:

tcpdump -A 'tcp port 9200 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)' -i lo0 | egrep -A 5 -i "POST /_bulk"

Expected output (w/ Content-Length):

...U...5POST /_bulk HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Content-Length: 173
Host: localhost:9200
User-Agent: Manticore 0.6.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment