Skip to main content

Testing logstash filters

There are many posts on techniques for testing your logstash config, but I found most of them to lack in the exact details of getting it working and others are just obsolete, so here are my dumbed down notes:
  1. download, unpack and cd into the logstash version you are using or planning to use
  2. install development tools: ./bin/logstash-plugin install --development
  3. check if the bin directory contains an rspec file. If not create it and make it executable using this source
  4. now cd into the project holding your logstash configs. I'll assume your logstash config lives in a conf.d directory: create a spec directory at the same level or run ${LOGSTASH_HOME}/bin/rspec --init for rspec to create its directory structure. You should now have conf.d and spec at the same level
  5. in spec drop a test specification, like the one below
  6. test your specs with the following command:
${LOGSTASH_HOME}/bin/rspec

Enjoy :-)

Edited on Jan 29th 2017 as I missed the plugin step. Apparently I had an older version lying around which filled the missing gems. Got bitten reproducing on new laptop.

Comments

Popular posts from this blog

Indexing Apache access logs with ELK (Elasticsearch+Logstash+Kibana)

Who said that grepping Apache logs has to be boring?

The truth is that, as Enteprise applications move to the browser too, Apache access logs are a gold mine, it does not matter what your role is: developer, support or sysadmin. If you are not mining them you are most likely missing out a ton of information and, probably, making the wrong decisions.
ELK (Elasticsearch, Logstash, Kibana) is a terrific, Open Source stack for visually analyzing Apache (or nginx) logs (but also any other timestamped data).

From 0 to ZFS replication in 5m with syncoid

The ZFS filesystem has many features that once you try them you can never go back. One of the lesser known is probably the support for replicating a zfs filesystem by sending the changes over the network with zfs send/receive.
Technically the filesystem changes don't even need to be sent over a network: you could as well dump them on a removable disk, then receive  from the same removable disk.

A not so short guide to ZFS on Linux

Updated Oct 16 2013: shadow copies, memory settings and links for further learning.
Updated Nov 15 2013: shadow copies example, samba tuning.

Unless you've been living under a rock you should have by now heard many stories about how awesome ZFS is and the many ways it can help with saving your bacon.

The downside is that ZFS is not available (natively) for Linux because the CDDL license under which it is released is incompatible with the GPL. Assuming you are not interested in converting to one of the many Illumos distributions or FreeBSD this guide might serve you as a starting point if you are attracted  by ZFS features but are reluctant to try it out on production systems.

Basically in this post I note down both the tought process and the actual commands for implementing a fileserver for a small office. The fileserver will run as a virtual machine in a large ESXi host and use ZFS as the filesystem for shared data.