Elastick stack and thehive 4 integration problem
Reddit » Elasticsearch
by /u/icemanaziz
2h ago
sorry for asking too much but chatgpt couldn't help me much concerning this problem. I have elastic stack running on my local ubuntu 22.04 machine and i'm trying to install and run thehive4 with its database Cassandra but i get a problem running thehive web UI saying can't connect to the elasticsearch cluster, this is some part of the logs: java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) at java ..read more
Visit website
I'm so confused
Reddit » Elasticsearch
by /u/__caio__
2h ago
I imported a jsonl file in elasticsearch and it was 2 GB but when I replaced all the field names with 1 letter names it was 2.3 GB. Why does this happen and how do I get the smallest size possible? submitted by /u/__caio__ [visit reddit] [comments ..read more
Visit website
How to get multiple documents using REST api without the http body in GET request
Reddit » Elasticsearch
by /u/Future_Ad1549
9h ago
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/docs-multi-get.html As shown in the examples we are able to get multiple documents by attaching the details in the http body. I want to use the API to get multiple documents with just doing a get request with url because I'm using the API in the grafana dashboard as a input for infinity datasource so it is not possible for me to attach data in the http body. submitted by /u/Future_Ad1549 [visit reddit] [comments ..read more
Visit website
Docs count
Reddit » Elasticsearch
by /u/voyyVoda
16h ago
I have an index that starts with .ds-indexname-2024.03.27-000001 and continues to increase according to the rule I set. I opened it as 1p 2r. Is the total number of documents written in the sum of 3 shards? So, when I actually save 100 documents, it shows 300? submitted by /u/voyyVoda [visit reddit] [comments ..read more
Visit website
Stack Monitoring question
Reddit » Elasticsearch
by /u/EnergySmithe
23h ago
What is the proper way to enable stack monitoring? Initially we clicked the button to enable “self monitoring” but it warns you repeatedly that it is deprecated, and wants you to use filebeats… and strongly recommends sending the data to a separate non-prod single node cluster. But the documentation on how to enable that is super confusing… 8.12 has self generated CAs that are unique to each cluster, so it wants you to enable TLS trust? If you get it setup to send to the other cluster, and can see records being added, where do you view the dashboard for stack monitoring? There is also a newis ..read more
Visit website
Grok parsing for Cisco FTD logs
Reddit » Elasticsearch
by /u/ptn1120
2d ago
I have this log: <166>2024-03-26 16:36:33 Local4.Info 10.92.201.48 <166>Mar 26 16:36:33 10.92.201.48 Kiwi_Syslog_Server <166>Mar 26 16:36:33 10.92.201.48 Kiwi_Syslog_Server Mar 26 2024 09:36:33: %FTD-6-302028: Butlt inbound ICMP connection for faddr 18.92. 201.29/13567 gaddr 8.8.8.8/0 laddr 8.8.8.8/0 type 8 code 0 I want to parse this value: FTD-6-302028 But this log seems to not have the key: value format and I don’t know how to get this value. Does anyone have a solution for this one, thank you very much! submitted by /u/ptn1120 [visit reddit] [comments ..read more
Visit website
Elasticsearch Index Storage Location Customization
Reddit » Elasticsearch
by /u/Responsible-Rabbit21
3d ago
Is it possible to configure Elasticsearch to store indices on specific drives, such as directing log indices to HDD and frequently accessed data to SSD? submitted by /u/Responsible-Rabbit21 [visit reddit] [comments ..read more
Visit website
Elastic search query to aggregate entries
Reddit » Elasticsearch
by /u/shil-Owl43
3d ago
Hi, I have the following python script to get zipkin traces. Currently I am getting all the spans for all trace ids and then I am aggregating based on trace Id in a python function. I want to use aggregation in the following way In the main method, I would like to query by aggregating `traceId`. I want to get one entry per trace Id. In `get_trace_information()`, I want to query by aggregating `_source.localEndpoint.serviceName` and `_source.remoteEndpoint.serviceName` per traceId. I looked into the following link but it is not clear how to specify time ranges in aggregated query https://www ..read more
Visit website
Introducing a new ElasticSearch/OpenSearch GUI Client - DocKit
Reddit » Elasticsearch
by /u/South_File_40
6d ago
DocKit a new ElasticSearch/OpenSearch GUI Client I was seeking a desktop client for ElasticSearch/OpenSearch for a while, but unluckily, there are no products that make me happy, so I just decided to write one for me, and for other devs who want similar tools as well. That’s the reason why I started DocKit , it provides basic functionalities: Full-featured editor, Powered by monaco-editor the backbones of vscode, provides a familiar editor environment for developers Keep your connections, Keep your connections in desktop apps, move the dependencies of dashboard tools File persistence, Save y ..read more
Visit website
New index pattern does not have ability to select time range
Reddit » Elasticsearch
by /u/elasticsearch_help
6d ago
I have created a new sysmon-* index pattern for my Sysmon logs. The Sysmon logs were previously grouped in my winlogbeat-* index pattern and I had no issues. However now the new sysmon-* doesn't seem to have a Time assigned to it (Kibana doesn't have the Time field automatically showing like other patterns, and the calendar button to select a time range isn't available, nor is the bar graph showing the logs over time viewable). I am wondering if it is related to the new sysmon-* template not having the same settings and mappings as the winlogbeat-* template (I have just copied the settings ov ..read more
Visit website

Follow Reddit » Elasticsearch on FeedSpot

Continue with Google
Continue with Apple
OR