"Tail" a logstash server query

Posted by phatmanace on Server Fault See other posts from Server Fault or by phatmanace
Published on 2014-06-11T20:11:20Z Indexed on 2014/06/11 21:27 UTC
Read the original article Hit count: 212

Filed under:

logstash

Assuming I have a logstash server chocked full of logs being loaded regularly, is there a reasonably elegant way that I can tail the results of a continuously executing query on the logstash server and show this in a terminal window

e.g

some-special-logstash-command.sh | egrep -v "(searchword1|searchword2)"

the idea being that the command pipes stuff out of logstash and to my grep query that filters and shows me the filtered output for.

.. of course if there is a logstash command that can do the grep piece for me as well, then that works too :)

motivation for doing this, is that assuming all of my events from my estate is being loaded into logstash, then would be nice to have a terminal window with a continuous tail of interesting events as they occur scrolling past the screen.

-Ace

Related posts about logstash

Logstash shipper & server on the samebox

as seen on Server Fault - Search for 'Server Fault'
I'm trying to setup a central logstash configuration. However I would like to be sending my logs through syslog-ng and not third party shippers. This means that my logstash server is accepting via syslog-ng all the logs from the agents. I then need to install a logstash process that will be reading… >>> More
Apache multiple vhost logs, stored locally and sent to remote logstash

as seen on Server Fault - Search for 'Server Fault'
I'm investigating centralised logging and it seems there's so many different ways this can be done. I don't want to run logstash as a log "sender", preferring to keep the web servers as lean and simple possible. So that means either using syslog, syslog-ng or the one I'm testing now, rsyslog. But… >>> More
Postfix - searching emails (logstash, greylog or other solution)

as seen on Server Fault - Search for 'Server Fault'
We are currently having ~100 servers and all of them are using remote syslog, so we have aggregated all logs on one server. The most questioned problem from our support team is: Has an email from .... to ... been delivered? I'd like to give to our support team access to some logging tool and some… >>> More
"Tail" a logstash server query

as seen on Server Fault - Search for 'Server Fault'
Assuming I have a logstash server chocked full of logs being loaded regularly, is there a reasonably elegant way that I can tail the results of a continuously executing query on the logstash server and show this in a terminal window e.g some-special-logstash-command.sh | egrep -v "(searchword1|searchword2)" the… >>> More
Hiera concatenated lookup from yaml

as seen on Server Fault - Search for 'Server Fault'
I am trying to configure the puppet-logstash module via Hiera. When I make the call to hiera('profiles::logstash::config'), the return value is a concatenated string. It tells me that it cannot convert a String into a hash. shipper.pp class profiles::logstash::shipper() { $shipper_config = hiera('profiles::logstash::config') … >>> More

Developer IT