Skip to content

Instantly share code, notes, and snippets.

View webmat's full-sized avatar

Mathieu Martin webmat

105 followers · 77 following
View GitHub Profile
@webmat
webmat / README.md
Last active December 18, 2023 07:10
Understanding Filebeat modules

Filebeat modules are all either open source, or provided via the Elastic License. You can look at them all, to understand how the parsing, the conversion and the mapping to ECS are done.

Looking for the modules

Looking at the code of the pipelines

@webmat
webmat / ecs-example.json
Last active January 29, 2022 10:45
Example ECS event
{
"@timestamp": "2018-12-07T11:05:07.000Z",
"agent" : {
"type": "filebeat",
"version": "7.0.0-beta1"
},
"ecs": { "version": "1.0.0" },
"event": {
"action": "get",
"dataset": "apache.access",
@webmat
webmat / benchmark.rb
Created May 10, 2012 12:52 — forked from panthomakos/benchmark.rb
Benchmark Your Bundle
#!/usr/bin/env ruby
# Temporarily add this dir to your path
# export PATH=~/gists/bundle_benchmark:$PATH
# cd to any of your project and run the benchmark
# cd ~/my-project
# benchmark.rb
require 'benchmark'
require 'bundler'
@webmat
webmat / grok_fields.rb
Created March 13, 2019 02:38
Script to list all fields in Logstash grok patterns
PATTERNS_GLOB = ENV['PATTERNS_GLOB'] || '~/work/elastic/plugins/logstash-patterns-core/patterns/*'
FIELD_MATCHER = /{\w+:([^}]+)}/
ECS = %w(labels agent client cloud container destination ecs error event file
geo group host http log network observer organization os process
related server service source url user user_agent)
field_names = {}
puts "File name\tField\tLine\tPosition\tConflict"
Dir[PATTERNS_GLOB].each do |file|
@webmat
webmat / dashboards.rb
Created February 22, 2012 20:46
First draft of an active_admin-based view for Delayed::Job
ActiveAdmin::Dashboards.build do
# Add this section in your dashboard...
section "Background Jobs" do
now = Time.now.getgm
ul do
li do
jobs = Delayed::Job.where('failed_at is not null').count(:id)
link_to "#{jobs} failing jobs", admin_jobs_path(q: {failed_at_is_not_null: true}), style: 'color: red'
end
@webmat
webmat / README.md
Last active November 28, 2019 13:33

The file schema-explorer.ndjson is a dashboard called "Schema Explorer". This dashboard lets you view ECS field definitions from within Kibana.

This requires that you import the ECS csv (found here generated/csv/fields.csv) into Elasticsearch via the Machine Learning Data Visualizer.

@webmat
webmat / keybase.md
Last active April 28, 2018 01:50
keybase.md

Keybase proof

I hereby claim:

  • I am webmat on github.
  • I am webmat (https://keybase.io/webmat) on keybase.
  • I have a public key ASBxf8fg0XaY8to2x3Ujd9jBhZIDzp_fjMMI33Dlg9Vq-Qo

To claim this, I am signing this object:

@webmat
webmat / Attendees-Example.csv
Last active December 29, 2015 23:39
Pick a winner out of EventBrite attendees (in CSV format)
Attendee # Date Last Name First Name Email QTY Ticket Type Date Attending Order # Order Type Total Paid (USD) Fees Paid (USD) Eventbrite Fees (USD) CC Processing (USD) Attendee Status Home Address 1 Home Address 2 Home City Home State/Province Home Postcode Home Country
277877635 21 Oct 2013 Martin Mathieu webmat@gmail.com 1 DevOps Enthusiast (80) 4 Nov 2013 218440551 Free Order 0.00 0.00 0.0 0.00 Attending
@webmat
webmat / steps.txt
Last active December 27, 2015 21:09
Deploying the Railsbridge message board to Heroku
# Gemfile
group :production do
gem 'pg'
end
group :development, :test do
gem 'sqlite3'
end
# config/application.rb
@webmat
webmat / jump-zsh-shortcuts.sh
Created September 13, 2013 12:14
Shortcuts for the 'jump' oh-my-zsh plugin by @jeroenhjanssen (http://jeroenjanssens.com/2013/08/16/quickly-navigate-your-filesystem-from-the-command-line.html)
alias j='jump'
alias m='mark'
alias mm='marks'
alias um='unmark'