Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save renshuki/2524214219c6770e2b0423a6c6645e1e to your computer and use it in GitHub Desktop.
Save renshuki/2524214219c6770e2b0423a6c6645e1e to your computer and use it in GitHub Desktop.
Logstash - output.elasticsearch bulk requests size monitoring hack

Command:

tcpdump -A 'tcp port 9200 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)' -i lo0 | egrep -A 5 -i "POST /_bulk"

Expected output (w/ Content-Length):

...U...5POST /_bulk HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Content-Length: 173
Host: localhost:9200
User-Agent: Manticore 0.6.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment