|
|
| Subject: | Advice for searching the logstash |
| Author: | Jane Curry |
| Posted: | 2014-04-17 05:26 |
The new logstash seems to take a lot of resources and I seem to be getting ~3000 events per minute but I would appreciate some advice on getting useful "information" out of this "data"
I have tried a query with ERROR and zencommand as keys and want just ERROR events for zencommand but this appears to OR the search terms - see screenshot. http://wiki.zenoss.org/images/4/48/Logstash.jpg
Cheers,
Jane
Email: jane.curry@skills-1st.co.uk Web: https://www.skills-1st.co.uk
| Subject: | Jane, |
| Author: | Andrew Kirch |
| Posted: | 2014-05-08 12:12 |
Jane,
The search tool is actually elastic search, for more information on constructing queries, take a look at:
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/qu...
Andrew Kirch
akirch@gvit.com
Need Zenoss support, consulting or custom development Look no further. Email or PM me!
Ready for Distributed Topology (collectors) for Zenoss 5 Coming May 1st from GoVanguard
| Subject: | Logstash, elasticsearch, and zenoss core |
| Author: | [Not Specified] |
| Posted: | 2015-01-06 11:56 |
Hi,
Does v5 take advantage of elasticsearch or logstash other than the control center itself
Thanks!
| Subject: | Yes and no. It's pretty easy |
| Author: | Andrew Kirch |
| Posted: | 2015-01-07 13:24 |
Yes and no. It's pretty easy to create a template to launch your own ELK instance on Control Center that can feed events into Zenoss but this isn't provided by default.
Andrew Kirch
akirch@gvit.com
Need Zenoss support, consulting or custom development Look no further. Email or PM me!
Ready for Distributed Topology (collectors) for Zenoss 5 Coming May 1st from GoVanguard
| < |
Previous Zeneventserver keeps stopping and devices say they are down |
Next Zenoss SNMP error: snmp trap snmpTraps.4 |
> |