fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.8K
active users

#logstash

1 post1 participant0 posts today
Onno Bos :verified:<p>/var/log/</p><p><a href="https://mastodon.adtension.com/tags/Log" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Log</span></a> <a href="https://mastodon.adtension.com/tags/Monitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monitoring</span></a> <a href="https://mastodon.adtension.com/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> <a href="https://mastodon.adtension.com/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Elasticsearch</span></a> <a href="https://mastodon.adtension.com/tags/Kibana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kibana</span></a> <a href="https://mastodon.adtension.com/tags/Grafana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Grafana</span></a> <a href="https://mastodon.adtension.com/tags/Beats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Beats</span></a> <a href="https://mastodon.adtension.com/tags/Filebeat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Filebeat</span></a> <a href="https://mastodon.adtension.com/tags/Metricbeat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metricbeat</span></a></p>
Trainfo.eu<p>Utan externa statistiktjänster som kräver cookies (trainfo.eu är nog i en väldigt liten minoritet som inte har cookies) kan man räkna besökare från webserverloggarna (anonymiserade). Flest besökare på förmiddagen och kvällen. </p><p>Inga större överraskningar, flest kollar från mobilen. </p><p>Men bra att veta vilka sidor som är populärast så jag vet vad som är viktigast.</p><p><a href="https://mastodonsweden.se/tags/elk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elk</span></a> <a href="https://mastodonsweden.se/tags/kibana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kibana</span></a> <a href="https://mastodonsweden.se/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a></p>
ltning<p>For any <a class="hashtag" href="https://pleroma.anduin.net/tag/mtcp" rel="nofollow noopener" target="_blank">#MTCP</a>, <a class="hashtag" href="https://pleroma.anduin.net/tag/dos" rel="nofollow noopener" target="_blank">#DOS</a> and <a class="hashtag" href="https://pleroma.anduin.net/tag/retrocomputing" rel="nofollow noopener" target="_blank">#Retrocomputing</a> nerds out there who are also running <code>httpserv</code> and want pretty graphs, poke me for a recipe for a hideosly bloated <a class="hashtag" href="https://pleroma.anduin.net/tag/logstash" rel="nofollow noopener" target="_blank">#logstash</a> configuration to ingest the UDP logs.</p><p>I feed it to <a class="hashtag" href="https://pleroma.anduin.net/tag/graylog" rel="nofollow noopener" target="_blank">#Graylog</a> which stores the data in <a class="hashtag" href="https://pleroma.anduin.net/tag/opensearch" rel="nofollow noopener" target="_blank">#Opensearch</a> - a pipeline that combined (and this is accurate) needs, conservatively, 4096 times as much RAM as the floppy museum itself (8MB).</p><p>And while looking at this when making this screenshot: I wonder why someone would hit http//floppy.museum with a <code>Referer</code>-header indicating they come from a salesforce-dot-com address? http-colon-slashslash-136.146.46.127 (about halfway down the list).</p><p><a class="hashtag" href="https://pleroma.anduin.net/tag/msdos" rel="nofollow noopener" target="_blank">#msdos</a> <a class="hashtag" href="https://pleroma.anduin.net/tag/bloatware" rel="nofollow noopener" target="_blank">#bloatware</a> <a class="hashtag" href="https://pleroma.anduin.net/tag/theremustbeabetterway" rel="nofollow noopener" target="_blank">#theremustbeabetterway</a></p>
Who Let The Dogs Out 🐾<p>This project is a SIEM with SIRP and Threat Intel, all in one.</p><p><a href="https://github.com/V1D1AN/S1EM" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/V1D1AN/S1EM</span><span class="invisible"></span></a></p><p><a href="https://mastodon.ml/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://mastodon.ml/tags/elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elasticsearch</span></a> <a href="https://mastodon.ml/tags/kibana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kibana</span></a> <a href="https://mastodon.ml/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> <a href="https://mastodon.ml/tags/filebeat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>filebeat</span></a> <a href="https://mastodon.ml/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.ml/tags/suricata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>suricata</span></a> <a href="https://mastodon.ml/tags/misp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>misp</span></a> <a href="https://mastodon.ml/tags/thehive" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thehive</span></a> <a href="https://mastodon.ml/tags/cortex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cortex</span></a> <a href="https://mastodon.ml/tags/sigma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sigma</span></a> <a href="https://mastodon.ml/tags/yara" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yara</span></a> <a href="https://mastodon.ml/tags/zeek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeek</span></a> <a href="https://mastodon.ml/tags/opencti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opencti</span></a> <a href="https://mastodon.ml/tags/mwdb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mwdb</span></a> <a href="https://mastodon.ml/tags/n8n" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>n8n</span></a> <a href="https://mastodon.ml/tags/velociraptor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>velociraptor</span></a> <a href="https://mastodon.ml/tags/arkime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arkime</span></a> <a href="https://mastodon.ml/tags/zircolite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zircolite</span></a></p>
Habr<p>Разбираем архитектуру. Часть 2. Чистая архитектура на примере FastAPI приложения</p><p>Идея проекта - создать относительно небольшой пример приложения, демонстрирующий распространённый функционал: логирование, мониторинг, хранение и обработку данных, интеграцию с внешними системами и работу с фоновыми задачами. Функционально проект реализует систему сбора и анализа вакансий с агрегаторов вроде HeadHunter. Но гораздо важнее не то, какие задачи решает система, а то — как именно она это делает. Этот проект — прежде всего о структуре, архитектуре и принципах. Основные используемые технологии : Python 3.13, FastAPI, Nginx, Uvicorn, PostgreSQL, Alembic, Celery, Redis, Pytest, FileBeat, LogStash, ElasticSearch, Kibana, Prometheus, Grafana, Docker, Docker Compose.</p><p><a href="https://habr.com/ru/articles/908082/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/908082/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/python3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python3</span></a> <a href="https://zhub.link/tags/fastapi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fastapi</span></a> <a href="https://zhub.link/tags/clean_architecture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>clean_architecture</span></a> <a href="https://zhub.link/tags/filebeat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>filebeat</span></a> <a href="https://zhub.link/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> <a href="https://zhub.link/tags/elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elasticsearch</span></a> <a href="https://zhub.link/tags/kibana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kibana</span></a> <a href="https://zhub.link/tags/prometheus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>prometheus</span></a> <a href="https://zhub.link/tags/grafana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grafana</span></a></p>
ck 👨‍💻<p>After I adjusted a field type in the Elastic <a href="https://noc.social/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> configuration to "integer" (which is translated into "long" in <a href="https://noc.social/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Elasticsearch</span></a>), the field now led to a conflict in <a href="https://noc.social/tags/kibana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kibana</span></a> </p><p>In order to change the field type, there was (unfortunately) no other way around re-indexing the data into a new index.</p><p>It worked. But it's slow, to say the least, for large indices. </p><p><a href="https://www.claudiokuenzler.com/blog/1483/how-to-change-mapping-field-type-re-index-elasticsearch" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">claudiokuenzler.com/blog/1483/</span><span class="invisible">how-to-change-mapping-field-type-re-index-elasticsearch</span></a></p>
Eric Horwath<p>Which <a href="https://hachyderm.io/tags/logging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logging</span></a> system do you prefer for managing logs in <a href="https://hachyderm.io/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a>?</p><p><a href="https://hachyderm.io/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>k8s</span></a> <a href="https://hachyderm.io/tags/log" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>log</span></a> <a href="https://hachyderm.io/tags/LogManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LogManagement</span></a> <a href="https://hachyderm.io/tags/logs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logs</span></a> <a href="https://hachyderm.io/tags/kibana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kibana</span></a> <a href="https://hachyderm.io/tags/elastic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elastic</span></a> <a href="https://hachyderm.io/tags/elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elasticsearch</span></a> <a href="https://hachyderm.io/tags/opensearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensearch</span></a> <a href="https://hachyderm.io/tags/fluent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fluent</span></a> <a href="https://hachyderm.io/tags/fluent2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fluent2</span></a> <a href="https://hachyderm.io/tags/fluentbit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fluentbit</span></a> <a href="https://hachyderm.io/tags/fluentd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fluentd</span></a> <a href="https://hachyderm.io/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> <a href="https://hachyderm.io/tags/kafka" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kafka</span></a> <a href="https://hachyderm.io/tags/grafana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grafana</span></a> <a href="https://hachyderm.io/tags/loki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>loki</span></a> <a href="https://hachyderm.io/tags/promtail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>promtail</span></a> <a href="https://hachyderm.io/tags/cncf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cncf</span></a></p>
Habr<p>Как оптимизировать производительность API при высокой нагрузке</p><p>В статье мы рассмотрим основные подходы и практики для оптимизации производительности API, применяемые в</p><p><a href="https://habr.com/ru/companies/exolve/articles/879580/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/exolve/a</span><span class="invisible">rticles/879580/</span></a></p><p><a href="https://zhub.link/tags/zabbix_%D0%BC%D0%BE%D0%BD%D0%B8%D1%82%D0%BE%D1%80%D0%B8%D0%BD%D0%B3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zabbix_мониторинг</span></a> <a href="https://zhub.link/tags/%D0%BF%D1%80%D0%BE%D0%B8%D0%B7%D0%B2%D0%BE%D0%B4%D0%B8%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>производительность</span></a> <a href="https://zhub.link/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> <a href="https://zhub.link/tags/%D0%BC%D0%B8%D0%BA%D1%80%D0%BE%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%BD%D0%B0%D1%8F_%D0%B0%D1%80%D1%85%D0%B8%D1%82%D0%B5%D0%BA%D1%82%D1%83%D1%80%D0%B0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>микросервисная_архитектура</span></a> <a href="https://zhub.link/tags/redis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redis</span></a> <a href="https://zhub.link/tags/rabbitmq" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rabbitmq</span></a> <a href="https://zhub.link/tags/%D0%BE%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F_%D0%BA%D0%BE%D0%B4%D0%B0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>оптимизация_кода</span></a> <a href="https://zhub.link/tags/%D0%B0%D1%81%D0%B8%D0%BD%D1%85%D1%80%D0%BE%D0%BD%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>асинхронность</span></a> <a href="https://zhub.link/tags/asyncio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>asyncio</span></a> <a href="https://zhub.link/tags/nosql" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nosql</span></a></p>
ck 👨‍💻<p>When you use Elastic's <a href="https://noc.social/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> http output plugin, you can send logs to a HTTP endpoint (e.g. to a HTTP API), sometimes also named <a href="https://noc.social/tags/logsink" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logsink</span></a>. 🪵 ⬇️ </p><p>The plugin's format setting allows a couple of options. But what is the actual difference between the default "json" value and "json_batch"? 🤔 </p><p>Here's an actual example to see the differences in a practical way. </p><p><a href="https://www.claudiokuenzler.com/blog/1461/logstash-http-output-json-batch-format-difference" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">claudiokuenzler.com/blog/1461/</span><span class="invisible">logstash-http-output-json-batch-format-difference</span></a></p>
ck 👨‍💻<p>In a large ELK <a href="https://noc.social/tags/observability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>observability</span></a> stack, the <a href="https://noc.social/tags/Nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nginx</span></a> access logs of a specific web application needed to be sent to an external service for data analysis. </p><p>To comply with data privacy, some parts of the log events must be removed. At the same time the external service also required a specific name of fields - which differed from the <a href="https://noc.social/tags/ELK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ELK</span></a> logs.</p><p>Luckily there's the <a href="https://noc.social/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> mutate filter, which allows to modify and alter log events - until everyone's happy. </p><p><a href="https://www.claudiokuenzler.com/blog/1459/log-manipulation-alteration-with-logstash-mutate-filter" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">claudiokuenzler.com/blog/1459/</span><span class="invisible">log-manipulation-alteration-with-logstash-mutate-filter</span></a></p>
Pyrzout :vm:<p>Enhancing Events with Geolocation Data in Logstash – Source: socprime.com <a href="https://ciso2ciso.com/enhancing-events-with-geolocation-data-in-logstash-source-socprime-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/enhancing-events</span><span class="invisible">-with-geolocation-data-in-logstash-source-socprime-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Elasticsearch</span></a> <a href="https://social.skynetcloud.site/tags/KnowledgeBits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KnowledgeBits</span></a> <a href="https://social.skynetcloud.site/tags/socprimecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprimecom</span></a> <a href="https://social.skynetcloud.site/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> <a href="https://social.skynetcloud.site/tags/socprime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprime</span></a> <a href="https://social.skynetcloud.site/tags/Blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blog</span></a></p>
Habr<p>Opensearch, Logstash и dynamic mapping</p><p>У нас в Домклик огромное количество микро-сервисов, около 5000. Все они пишут какие-то логи. В этой статье я хочу рассказать о том, как у нас в компании настроен маппинг в индексах Opensearch и какие "фишки" мы используем, чтобы минимизировать работы по настройке маппинга.</p><p><a href="https://habr.com/ru/companies/domclick/articles/864128/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/domclick</span><span class="invisible">/articles/864128/</span></a></p><p><a href="https://zhub.link/tags/opensearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensearch</span></a> <a href="https://zhub.link/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> <a href="https://zhub.link/tags/dynamic_mapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dynamic_mapping</span></a> <a href="https://zhub.link/tags/logstash_filter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash_filter</span></a></p>
Pyrzout :vm:<p>Using Ruby Code in Logstash for Translating Text from HEX – Source: socprime.com <a href="https://ciso2ciso.com/using-ruby-code-in-logstash-for-translating-text-from-hex-source-socprime-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/using-ruby-code-</span><span class="invisible">in-logstash-for-translating-text-from-hex-source-socprime-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Latestthreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Latestthreats</span></a> <a href="https://social.skynetcloud.site/tags/socprimecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprimecom</span></a> <a href="https://social.skynetcloud.site/tags/ELKStack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ELKStack</span></a> <a href="https://social.skynetcloud.site/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> <a href="https://social.skynetcloud.site/tags/socprime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprime</span></a> <a href="https://social.skynetcloud.site/tags/Blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blog</span></a></p>
Philipp Krenn<p>continuing the shell tools: tuistash for <a href="https://mastodon.social/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> looks great — <a href="https://github.com/edmocosta/tuistash" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/edmocosta/tuistash</span><span class="invisible"></span></a><br>data is retrieved from the logstash API (local or remote) or offline from a diagnostic bundle (<a href="https://github.com/elastic/support-diagnostics" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/elastic/support-dia</span><span class="invisible">gnostics</span></a>). no support for aggregating data from multiple logstashs for now</p><p>PS: this one is a side project of one of our colleagues</p>
Pyrzout :vm:<p>Standard Logstash Template for Event Processing (Gold Template) – Source: socprime.com <a href="https://ciso2ciso.com/standard-logstash-template-for-event-processing-gold-template-source-socprime-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/standard-logstas</span><span class="invisible">h-template-for-event-processing-gold-template-source-socprime-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/KnowledgeBits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KnowledgeBits</span></a> <a href="https://social.skynetcloud.site/tags/socprimecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprimecom</span></a> <a href="https://social.skynetcloud.site/tags/ELKStack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ELKStack</span></a> <a href="https://social.skynetcloud.site/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> <a href="https://social.skynetcloud.site/tags/socprime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprime</span></a> <a href="https://social.skynetcloud.site/tags/Blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blog</span></a></p>
Pyrzout :vm:<p>Adding Processing Timestamp and Hostname in Logstash Using Ruby – Source: socprime.com <a href="https://ciso2ciso.com/adding-processing-timestamp-and-hostname-in-logstash-using-ruby-source-socprime-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/adding-processin</span><span class="invisible">g-timestamp-and-hostname-in-logstash-using-ruby-source-socprime-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/KnowledgeBits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KnowledgeBits</span></a> <a href="https://social.skynetcloud.site/tags/socprimecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprimecom</span></a> <a href="https://social.skynetcloud.site/tags/ELKStack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ELKStack</span></a> <a href="https://social.skynetcloud.site/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> <a href="https://social.skynetcloud.site/tags/socprime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socprime</span></a> <a href="https://social.skynetcloud.site/tags/Blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blog</span></a></p>
Philipp Krenn<p>open source is coming in 2 broad flavors:<br>* permissive "do what you want" with the apache license 2.0 as a popular choice: this is what <a href="https://mastodon.social/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> (dual-licensed) and <a href="https://mastodon.social/tags/elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elasticsearch</span></a> language clients have always been using<br>* copyleft "do what you want but share changes alike" 2/10</p>
Fabian 🌵<p>Downtime of a company's main database is very expensive and a major risk to operations. In this success story, I show how I helped a device manufacturer gain real-time insights into their data warehouse using <a href="https://mastodon.world/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Elasticsearch</span></a>, <a href="https://mastodon.world/tags/Logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logstash</span></a> and <a href="https://mastodon.world/tags/kibana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kibana</span></a> </p><p><a href="https://www.fabianstadler.com/2024/09/mysql_database_elk.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">fabianstadler.com/2024/09/mysq</span><span class="invisible">l_database_elk.html</span></a></p><p><a href="https://mastodon.world/tags/development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>development</span></a> <a href="https://mastodon.world/tags/softwareengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwareengineering</span></a></p>
Habr<p>Logstash. Преимущества фильтра Dissect над Grok</p><p>Мы в Домклике много лет используем ELK-stack (сейчас уже OpenSearch) для хранения и работы с логами, которых у нас очень много: около 400 гигабайтов в день. Весь этот объём проходит через Logstash, где логи частично парсятся, обогащаются метаданными и т. д. Недавно мы решили стандартизировать логи инфраструктурных сервисов, которые подняты в нескольких экземплярах. Начали с HAproxy. У нас несколько групп экземпляров под разные цели, с разным количеством логов. Раньше каждая группа HAproxy писала логи в каком-то собственном формате, и мы парсили эти логи с помощью всего одного паттерна для Grok-фильтра. Сообщение либо подходило под паттерн и разбивалось на поля, либо отправлялось в виде одной текстовой строки. Расскажу о проблемах, с которыми мы столкнулись при добавлении новых Grok-паттернов, и о том, как мы их решили, отказавшись от Grok.</p><p><a href="https://habr.com/ru/companies/domclick/articles/840338/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/domclick</span><span class="invisible">/articles/840338/</span></a></p><p><a href="https://zhub.link/tags/logstash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logstash</span></a> <a href="https://zhub.link/tags/grok" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grok</span></a> <a href="https://zhub.link/tags/dissect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dissect</span></a> <a href="https://zhub.link/tags/%D0%BF%D1%80%D0%BE%D0%B8%D0%B7%D0%B2%D0%BE%D0%B4%D0%B8%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>производительность</span></a></p>
Orhun Parmaksız 👾<p>Logstash power users, check this out! 💯</p><p>🪵 **tuistash**: A terminal UI for monitoring Logstash.</p><p>🔥 Inspect pipelines, flows, and nodes with ease!</p><p>🦀 Written in Rust &amp; built with <span class="h-card" translate="no"><a href="https://fosstodon.org/@ratatui_rs" class="u-url mention">@<span>ratatui_rs</span></a></span></p><p>⭐ GitHub: <a href="https://github.com/edmocosta/tuistash" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="">github.com/edmocosta/tuistash</span><span class="invisible"></span></a></p><p><a href="https://fosstodon.org/tags/rustlang" class="mention hashtag" rel="tag">#<span>rustlang</span></a> <a href="https://fosstodon.org/tags/ratatui" class="mention hashtag" rel="tag">#<span>ratatui</span></a> <a href="https://fosstodon.org/tags/tui" class="mention hashtag" rel="tag">#<span>tui</span></a> <a href="https://fosstodon.org/tags/logstash" class="mention hashtag" rel="tag">#<span>logstash</span></a> <a href="https://fosstodon.org/tags/log" class="mention hashtag" rel="tag">#<span>log</span></a> <a href="https://fosstodon.org/tags/terminal" class="mention hashtag" rel="tag">#<span>terminal</span></a> <a href="https://fosstodon.org/tags/commandline" class="mention hashtag" rel="tag">#<span>commandline</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="tag">#<span>opensource</span></a> <a href="https://fosstodon.org/tags/monitoring" class="mention hashtag" rel="tag">#<span>monitoring</span></a></p>