Lstash is a gem and command line utility to count or grep log messages in a certain time frame from a Logstash Elasticsearch server.
Or install it yourself as:
gem install lstash
$ lstash
Commands:
lstash count QUERY # count number of log messages matching the QUERY
lstash grep QUERY # grep log messages from Logstash
lstash help [COMMAND] # Describe available commands or one specific command
count commandUsage:
lstash count QUERY
Description:
Count log messages matching the QUERY from Logstash and output this count to stdout. QUERY can use Apache Lucene query
parser syntax.
Example to count the number of HAProxy log messages in yesterdays month.
lstash count 'program:haproxy' --from firstday --to today --anchor yesterday
grep commandUsage:
lstash grep QUERY
Description:
Grep log messages matching the QUERY from Logstash in ascending timestamp order and output to stdout. QUERY can use Apache Lucene query parser syntax.
Example to grep HAProxy log messages from the beginning of this month upto now
lstash grep 'program:haproxy' --from firstday --to now
Options:
-f, [--from=start of time range] # date/time, 'now', 'today', 'yesterday', or 'firstday'
-t, [--to=end of time range] # date/time, 'now', 'today', 'yesterday', or 'firstday'
-a, [--anchor=anchor date/time] # used as reference date for firstday
-e, [--es-url=Elasticsearch endpoint for Logstash] # or ES_URL environment variable
All times will be relative to the timezone of the machine on which you are running lstash.
By default lstash will connnect to Elasticsearch on your localhost as http://localhost:9200. To connect
to a different server you can set the ES_URL environment variable. URL scheme http and port 9200 are default
and may be omitted.
Example
export ES_URL=log.mydomain.com
lstash count program:haproxy
Or
lstash count program:haproxy --es-url log.mydomain.com
Count the number of haproxy log messages matching QUERY from Aug 1 at midnight (0:00 am) upto (not including) Aug 2 at midnight (0:00 am).
lstash count program:haproxy --from "Aug 1" --to "Aug 2"
Grep all haproxy log messages using for one day (Aug 24 1 0:00 am upto and including Aug 2 23:59).
lstash grep program:haproxy --from "Aug 1" --to "Aug 2"
Assuming today is Sep 1 2014. Count all haproxy log messages in the previous month.
lstash count program:haproxy --anchor yesterday --from firstday --to today -d
time range: [2014-08-01 00:00:00 +0200..2014-09-01 00:00:00 +0200]
logstash-2014.07.31: 1
logstash-2014.08.01: 13
logstash-2014.08.02: 14
logstash-2014.08.03: 1654
logstash-2014.08.04: 6
logstash-2014.08.05: 20
logstash-2014.08.06: 219
logstash-2014.08.07: 32
logstash-2014.08.08: 14
logstash-2014.08.09: 28
logstash-2014.08.10: 799
logstash-2014.08.11: 18
logstash-2014.08.12: 8
logstash-2014.08.13: 23
logstash-2014.08.14: 25
logstash-2014.08.15: 69
logstash-2014.08.16: 19
logstash-2014.08.17: 1160
logstash-2014.08.18: 284
logstash-2014.08.19: 61
logstash-2014.08.20: 26
logstash-2014.08.21: 16
logstash-2014.08.22: 145
logstash-2014.08.23: 72
logstash-2014.08.24: 792
logstash-2014.08.25: 31
logstash-2014.08.26: 33
logstash-2014.08.27: 51
logstash-2014.08.28: 8
logstash-2014.08.29: 23
logstash-2014.08.30: 25
logstash-2014.08.31: 69
5633
Add this line to your application's Gemfile:
gem 'lstash'
And then execute:
bundle
Usage:
bundle console
Connect to elasticsearch and create the Lstash client
elasticsearch = Elasticsearch::Client.new(url: ENV['ES_URL'])
client = Lstash::Client.new(elasticsearch, debug: true)
Create the query
query = Lstash::Query.new('program:haproxy', from: 'today', to: 'now')
Count example
client.count(query)
Grep example
client.grep(query) do |message|
puts message
end
Build the gem
$ gem build lstash
Successfully built RubyGem
Name: lstash
Version: 0.2.0
File: lstash-0.2.0.gem
Pushing your gem to RubyGems.org
$ gem push lstash-0.2.0.gem
Pushing gem to RubyGems.org...
Successfully registered gem: lstash (0.2.0)
See RubyGems.org documention for more info.
git checkout -b my-new-feature)git commit -am 'Add some feature')git push origin my-new-feature)FAQs
Unknown package
We found that lstash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.