• ComputerKram
• ELK-Stack
• Kibana

Kibana

/usr/local/kibana-5.1.2-linux-x86_64/bin/kibana -p 80 -H 0.0.0.0&

Dev-Tools

1

GET _search
{
  "query": {
    "match_all": {}
  }
}
PUT heartbeat-2019_reindex7

PUT postgres*/_settings
{
    "index": {
    "blocks": {
        "read_only_allow_delete": "false"
        }
    }
}

GET _cluster/allocation/explain

POST _cluster/reroute?retry_failed=true

PUT postgres-2020-07
{
    "settings" : {
        "index" : {
            "number_of_shards" : 1, 
            "number_of_replicas" : 0
        }
    }
}

PUT metricbeat-2020-07
{
    "settings" : {
        "index" : {
            "number_of_shards" : 1, 
            "number_of_replicas" : 0
        }
    }
}

DELETE postgres-2020.06.*

DELETE heartbeat-*-2020.06.*

GET heartbeat-2020-05

POST _reindex
{
  "source": {
    "index": "metricbeat-*2020.07*"
  },
  "dest": {
    "index": "metricbeat-2020-07"
  }
}

POST _reindex
{
  "source": {
    "index": "postgres-2020.07.*"
  },
  "dest": {
    "index": "postgres-2020-07"
  }
}


POST heartbeat-*-2020.04.*/_open

DELETE heartbeat-*-2020.04*

POST _reindex
{
  "source": {
    "index": "heartbeat-2019"
  },
  "dest": {
    "index": "heartbeat-2019_reindex7"
  }
}

2

GET _search
{
  "query": {
    "match_all": {}
  }
}

GET filebeat-2018.12.20/_mapping/doc/field/logmessage

PUT _template/filebeat
{
  "index_patterns": ["filebeat-*"],
  "mappings":{
    "doc":{
"properties": {
            "logmessage" : {
              "type" : "text",
              "fields" : {
                "keyword" : {
                  "type" : "keyword",
                  "ignore_above" : 10000
                }
              }
            }
          }

GET _template/filebeat

PUT filebeat-2019.03.20/_mapping/doc { "properties": {

• "logmessage" : {
  • "type" : "text", "fields" : {
    • "keyword" : {
      • "type" : "keyword", "ignore_above" : 10000
      }
    }
  }

• }

}

DELETE filebeat-2019.*

GET filebeat-2019.03.20-ri/_mapping/doc

GET filebeat-2019.03.20-ri/doc/1

PUT filebeat-2020-07

PUT filebeat-2018.07.17-ri

POST _reindex {

• "source": {
  • "index": "filebeat-2020.07.*"
  }, "dest": {
  • "index": "filebeat-2020-07"
  }

}

POST filebeat-2019.03.20-ri/_update_by_query {

• "script" : "ctx._source['host.name'] = ctx._source['beat.hostname']"

}

GET _refresh

POST filebeat-2019.03.20-ri/_search

PUT _template/filebeat {

• "index_patterns": ["filebeat-*"], "mappings":{
  • "doc":{

"properties": {

• "logmessage" : {
  • "type" : "text", "fields" : {
    • "keyword" : {
      • "type" : "keyword", "ignore_above" : 10000
      }
    }
  }

• }

}}}

GET _template/filebeat

PUT filebeat-2018

DELETE filebeat-2017.*

POST _reindex {

• "source": {
  • "index": "filebeat-2018.*"
  }, "dest": {
  • "index": "filebeat-2018"
  }

}

GET filebeat-*2018.*

POST /filebeat-*2018.*/_close

POST /_reindex { "source": { "index": "filebeat-2018.*" },

• "dest": {
  • "index": "filebeat-2018"},
  "script": {
  • "inline": " ctx._source.host = ctx._source.beat.hostname;\n ctx._type = \"doc\";"
  }

• }

}}}

Scripted Fields

Username

String path = doc['logmessage.keyword'].value;
String logger = doc['logger.keyword'].value;
    if (path != null && path.toLowerCase().contains("user")) {
      if ("ClientSessionInitializer".equals(logger)) {
        int firstIndex = path.indexOf("'");
        int lastIndex = path.lastIndexOf("'");
        if (lastIndex > 0) {
            return path.substring(firstIndex+1,lastIndex);
          }
      } 
      if ("PermissionManager".equals(logger)) {
        int lastCollon = path.lastIndexOf(":");
        if (lastCollon > 0) {
            return path.substring(lastCollon+1);
          }
      } 
    }
    return "";

Dashboard

String path = doc['logmessage.keyword'].value;
String logger = doc['logger.keyword'].value;
    if (path != null && path.toLowerCase().contains("report")) {
      if ("DashboardReporter".equals(logger)) {
        int firstIndex = path.indexOf("'");
        int lastIndex = path.lastIndexOf("'");
        if (lastIndex > 0) {
            return path.substring(firstIndex+1,lastIndex);
          }
      }
    }
    return "";

Number of Agents

String path = doc['logmessage.keyword'].value;
String logger = doc['logger.keyword'].value;
    if (path != null && path.toLowerCase().contains("number of agents")) {
      if ("AgentPeerPool".equals(logger)) {
        int firstIndex = path.indexOf("agents:");
        int lastIndex = path.length();
        if (lastIndex > 0) {
            return Integer.parseInt(path.substring(firstIndex+8,lastIndex));
          }
      }
    }
    return "";

Class cache size

String path = doc['logmessage.keyword'].value;
String logger = doc['logger.keyword'].value;
    if (path != null && path.toLowerCase().contains("class cache")) {
      if ("ClassCacheWritingThread".equals(logger)) {
        int firstIndex = path.indexOf("(");
        int lastIndex = path.lastIndexOf(".");
        if (lastIndex > 0) {
            return Integer.parseInt(path.substring(firstIndex+1,lastIndex));
          }
      }
    }
    return "";