Category Archives: els

10-apache-filter.conf

title: “10-apache-filter.conf”
date: 2018-10-09T09:25:49
slug: 10-apache-filter-conf

filter {
 if [type] in [ "apache" , "apache\_access" , "apache-access" ] {
 grok {
 match => [
 "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra\_fields}",
 "message" , "%{COMMONAPACHELOG}+%{GREEDYDATA:extra\_fields}"
 ]
 overwrite => [ "message" ]
 }
 mutate {
 convert => ["response", "integer"]
 convert => ["bytes", "integer"]
 convert => ["responsetime", "float"]
 }
 geoip {
 source => "clientip"
 target => "geoip"
 add\_tag => [ "apache-geoip" ]
 }
 date {
 match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
 remove\_field => [ "timestamp" ]
 }
 useragent {
 source => "agent"
 }
 }
 if [type] in ["apache\_error","apache-error"] {
 grok {
 match => ["message", "\[%{WORD:dayname} %{WORD:month} %{DATA:day} %{DATA:hour}:%{DATA:minute}:%{DATA:second} %{YEAR:year}\] \[%{NOTSPACE:loglevel}\] (?:\[client %{IPORHOST:clientip}\] ){0,1}%{GREEDYDATA:message}"]
 overwrite => [ "message" ]
 }
 mutate
 {
 add\_field =>
 {
 "time\_stamp" => "%{day}/%{month}/%{year}:%{hour}:%{minute}:%{second}"
 }
 }
 date {
 match => ["time\_stamp", "dd/MMM/YYYY:HH:mm:ss"]
 remove\_field => [ "time\_stamp","day","dayname","month","hour","minute","second","year"]
 }
 }
}

Elasticsearch & Kibana Helm Chart

title: “Elasticsearch & Kibana Helm Chart”
date: 2018-08-27T13:25:41
slug: elasticsearch-helm-chart

Prerequisite: Local Storage Provisioner

helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
helm install --name elastic-search incubator/elasticsearch
oder mit eigenen values:
git clone https://github.com/helm/charts.git
vi charts/incubator/elasticsearch/values.yaml
helm install --name elastic-search -f charts/incubator/elasticsearch/values.yaml incubator/elasticsearch

git clone https://github.com/helm/charts.git
vi charts/stable/kibana/values.yaml
helm install stable/kibana --name kibana -f charts/stable/kibana/values.yaml

flood stage disk watermark [95%] exceeded on

title: “flood stage disk watermark [95%] exceeded on”
date: 2018-04-11T09:49:52
slug: flood-stage-disk-watermark-95-exceeded-on

curl -XPUT 'localhost:9200/_cluster/settings?pretty' -H 'Content-Type: application/json' -d'
{
"transient": {
"cluster.routing.allocation.disk.watermark.low": "4gb",
"cluster.routing.allocation.disk.watermark.high": "2gb",
"cluster.routing.allocation.disk.watermark.flood_stage": "1gb",
"cluster.info.update.interval": "1m"
}
}
'
{
"acknowledged" : true,
"persistent" : { },
"transient" : {
"cluster" : {
"routing" : {
"allocation" : {
"disk" : {
"watermark" : {
"low" : "4gb",
"flood_stage" : "1gb",
"high" : "2gb"
}
}
}
},
"info" : {
"update" : {
"interval" : "1m"
}
}
}
}
}