Reddit » Elasticsearch
0 FOLLOWERS
Reddit is a network of communities based on people's interests. Find communities you're interested in, and become part of an online community! This subreddit provides links and discussion for the open-source, Lucene-based search engine.
Reddit » Elasticsearch
2h ago
sorry for asking too much but chatgpt couldn't help me much concerning this problem. I have elastic stack running on my local ubuntu 22.04 machine and i'm trying to install and run thehive4 with its database Cassandra but i get a problem running thehive web UI saying can't connect to the elasticsearch cluster, this is some part of the logs:
java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) at java ..read more
Reddit » Elasticsearch
2h ago
I imported a jsonl file in elasticsearch and it was 2 GB but when I replaced all the field names with 1 letter names it was 2.3 GB. Why does this happen and how do I get the smallest size possible?
submitted by /u/__caio__
[visit reddit] [comments ..read more
Reddit » Elasticsearch
9h ago
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/docs-multi-get.html
As shown in the examples we are able to get multiple documents by attaching the details in the http body. I want to use the API to get multiple documents with just doing a get request with url because I'm using the API in the grafana dashboard as a input for infinity datasource so it is not possible for me to attach data in the http body.
submitted by /u/Future_Ad1549
[visit reddit] [comments ..read more
Reddit » Elasticsearch
16h ago
I have an index that starts with .ds-indexname-2024.03.27-000001 and continues to increase according to the rule I set. I opened it as 1p 2r. Is the total number of documents written in the sum of 3 shards? So, when I actually save 100 documents, it shows 300?
submitted by /u/voyyVoda
[visit reddit] [comments ..read more
Reddit » Elasticsearch
23h ago
What is the proper way to enable stack monitoring? Initially we clicked the button to enable “self monitoring” but it warns you repeatedly that it is deprecated, and wants you to use filebeats… and strongly recommends sending the data to a separate non-prod single node cluster. But the documentation on how to enable that is super confusing… 8.12 has self generated CAs that are unique to each cluster, so it wants you to enable TLS trust? If you get it setup to send to the other cluster, and can see records being added, where do you view the dashboard for stack monitoring? There is also a newis ..read more
Reddit » Elasticsearch
2d ago
I have this log:
<166>2024-03-26 16:36:33 Local4.Info 10.92.201.48 <166>Mar 26 16:36:33 10.92.201.48 Kiwi_Syslog_Server <166>Mar 26 16:36:33 10.92.201.48 Kiwi_Syslog_Server Mar 26 2024 09:36:33: %FTD-6-302028: Butlt inbound ICMP connection for faddr 18.92. 201.29/13567 gaddr 8.8.8.8/0 laddr 8.8.8.8/0 type 8 code 0
I want to parse this value: FTD-6-302028
But this log seems to not have the key: value format and I don’t know how to get this value. Does anyone have a solution for this one, thank you very much!
submitted by /u/ptn1120
[visit reddit] [comments ..read more
Reddit » Elasticsearch
3d ago
Is it possible to configure Elasticsearch to store indices on specific drives, such as directing log indices to HDD and frequently accessed data to SSD?
submitted by /u/Responsible-Rabbit21
[visit reddit] [comments ..read more
Reddit » Elasticsearch
3d ago
Hi,
I have the following python script to get zipkin traces. Currently I am getting all the spans for all trace ids and then I am aggregating based on trace Id in a python function. I want to use aggregation in the following way
In the main method, I would like to query by aggregating `traceId`. I want to get one entry per trace Id.
In `get_trace_information()`, I want to query by aggregating `_source.localEndpoint.serviceName` and `_source.remoteEndpoint.serviceName` per traceId.
I looked into the following link but it is not clear how to specify time ranges in aggregated query https://www ..read more
Reddit » Elasticsearch
6d ago
DocKit a new ElasticSearch/OpenSearch GUI Client
I was seeking a desktop client for ElasticSearch/OpenSearch for a while, but unluckily, there are no products that make me happy, so I just decided to write one for me, and for other devs who want similar tools as well. That’s the reason why I started DocKit , it provides basic functionalities:
Full-featured editor, Powered by monaco-editor the backbones of vscode, provides a familiar editor environment for developers
Keep your connections, Keep your connections in desktop apps, move the dependencies of dashboard tools
File persistence, Save y ..read more
Reddit » Elasticsearch
6d ago
I have created a new sysmon-* index pattern for my Sysmon logs. The Sysmon logs were previously grouped in my winlogbeat-* index pattern and I had no issues. However now the new sysmon-* doesn't seem to have a Time assigned to it (Kibana doesn't have the Time field automatically showing like other patterns, and the calendar button to select a time range isn't available, nor is the bar graph showing the logs over time viewable). I am wondering if it is related to the new sysmon-* template not having the same settings and mappings as the winlogbeat-* template (I have just copied the settings ov ..read more