GettingStartedWithELK
GettingStartedWithELK copied to clipboard
coolacid
Getting Started with ELK
Given this project will work on "drop and go" filters for devices by type (ie: Input sets type to "ApacheCombined" and our filter is everything that needs to happen in...
If you have a log event with a source IP and destination IP, how do you index them in order to use the aggregation capability for field types of "ip"...
Example on using IP tables to DNAT a source that can not set their destination port: Iptables –t nat -A PREROUTING -s [SOURCEIP]/32 -p udp -m udp --dport 514 -j...
https://github.com/coolacid/GettingStartedWithELK/blob/master/Snippets/Date/remove-ms.txt Should clean this up, remove the temp fields and have a commented area for accessing the MS from the split.
Related to: - https://groups.google.com/forum/#!topic/logstash-users/OL3uI1Pa19U - http://logstash.net/docs/1.4.2/filters/useragent
Need to reorg the whole thing. - Snippets -- These are single bits that do cool things - Examples -- These are examples to use specific inputs/filters/codecs/outputs - Configs --...
From IRC: is there a way to compare timestamps? I sometimes receive very old timestamps from broken syslog entries (Can't figure out why yet) and I just want to drop...