** Work in progress **
A cli tool to query an elasticsearch host for logstash information. Because let's face it, we're CLI junkies :)
Mucho inspired by a gist of the eminent @lusis - https://gist.github.com/1388077
$ gem install logstash-cli
Tested with rvm and ruby-1.8.7
$ git clone git://github.com/jedi4ever/logstash-cli.git
$ cd logstash-cli
$ gem install bundler
$ bundle install
# If you no rvm
$ bundle exec bin/logstash-cli
# If you have rvm , there is an alias in .rvmrc
$ logstash-cli
$ bundle exec bin/logstash-cli
Usage:
logstash-cli grep PATTERN
Options:
[--index-prefix=INDEX_PREFIX] # Logstash index prefix
# Default: logstash-
[--fields=FIELDS] # Logstash Fields to show
# Default: message,program
[--meta=META] # Meta Logstash fields to show
# Default: type,message
[--to=TO] # End date
# Default: Today in YYYY-MM-DD HH:MM:SS form (the time is optional)
[--delim=DELIM] # plain or csv delimiter
# Default: |
[--format=FORMAT] # Format to use for exporting
# Default: csv
[--from=FROM] # Begin date
# Default: Today in YYYY-MM-DD HH:MM:SS form (the time is optional)
[--size=SIZE] # Number of results to return
# Default: 500
[--esurl=ESURL] # URL to connect to elasticsearch
# Default: http://localhost:9200
[--last=LAST] # Specify period since now (Examples: 10min, 3hrs, 4days, 1wk, 1yr)
Search logstash for a pattern
Usage:
logstash-cli tail
Options:
[--host=HOST] # Host to connect to AMQP
# Default: localhost
--amqpurl, [--url=URL] # Alternate way to specify settings via an AMQP Url f.i. amqp://logstash:foopass@localhost:5672.
This takes precendence over other settings. Note that username and password need to be percentage encoded(URL encoded) in case of special characters
[--auto-delete] # Autodelete Exchange or not
[--vhost=VHOST] # VHost to connect to AMQP
# Default: /
[--persistent] # Persistent Exchange or not
[--ssl] # Enable SSL to connect to AMQP
[--user=USER] # User to connect to AMQP
# Default: logstash
[--meta=META] # Meta Logstash fields to show
# Default: timestamp,type,message
[--format=FORMAT] # Format to use for exporting (plain,csv,json)
# Default: csv
[--key=KEY] # Routing key
# Default: #
[--port=PORT] # Port to connect to AMQP
# Default: 5672
[--exchange=EXCHANGE] # Exchange name
# Default: rawlogs
[--password=PASSWORD] # Password to connect to AMQP
# Default: foo
[--delim=DELIM] # plain or csv delimiter
# Default: |
[--exchange-type=EXCHANGE_TYPE] # Exchange Type
# Default: direct
[--durable] # Durable Exchange or not
Stream a live feed via AMQP
Usage:
logstash-cli count PATTERN --countfield=COUNTFIELD
Options:
[--meta=META] # Meta Logstash fields to show
[--last=LAST] # Specify period since now f.i. 1d
[--from=FROM] # Begin date
# Default: Today in YYYY-MM-DD form
[--delim=DELIM] # plain or csv delimiter
# Default: |
--countfield=COUNTFIELD # Logstash field to count
[--countsize=COUNTSIZE] # Number of most frequent values to return
# Default: 50
[--format=FORMAT] # Format to use for exporting (plain,csv,json)
# Default: csv
[--to=TO] # End date
# Default: Today in YYYY-MM-DD form
[--fields=FIELDS] # Logstash fields to show
[--size=SIZE] # Number of results per index to show
# Default: 10
[--esurl=ESURL] # URL to connect to elasticsearch
# Default: http://localhost:9200
[--index-prefix=INDEX_PREFIX] # Logstash index prefix
# Default: logstash-
Return most frequent values of a field within a pattern and optionally show associated fields
$ logstash-cli grep --esurl="http://logger-1.jedi.be:9200" '@message:jedi4ever AND program:sshd' --last 5d --format csv --delim ':'
$ logstash-cli tail --amqpurl="amqp://logger-1.jedi.be:5672" --key="program.sshd"
$ logstash-cli count --esurl="http://logger-1.jedi.be:9200" '@message:jedi4ever' --countfield=program
FAQs
Unknown package
We found that logstash-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.