On Mon, Sep 1, 2014 at 2:26 PM, Radu Gheorghe <[email protected]> wrote:
> Hello Rainer, I've been waiting for this :) > > I'll reply inline. > > On Mon, Sep 1, 2014 at 1:44 PM, Rainer Gerhards <[email protected]> > wrote: > > > > Questions now: > > > > - what should I install to get an ES testenv (possibly something that > > doesn't need babysitting or manual updates in the next year or two). > > > > Two options: > 1. Install ES locally. It's mostly about getting the DEB > <http://www.elasticsearch.org/download/> and doing `dpkg -i > elasticsearch*.deb`. Besides that, you need Java. The not-so-open Oracle > version > < > http://ubuntuhandbook.org/index.php/2014/02/install-oracle-java-6-7-or-8-ubuntu-14-04/ > > > is typically recommended. This requires pulling another DEB in the next > year or two if major changes occur in the API (not super-likely, but who > knows) > 2. Use Logsene <http://sematext.com/logsene/index.html>, which exposes the > ES API. The free plan will do, as it's good for 1M documents. You can > remove > logs manually > < > https://sematext.atlassian.net/wiki/display/PUBLOGSENE/Logsene+FAQ#LogseneFAQ-Deletinglogs > >, > and you can adjust the number of days they're kept through the UI. We'll > take care of ES upgrades for you, as we typically release ES often and > typically upgrade ES on the way. If you have any questions about Logsene, > you know where to find me :D > > > > > > To run a test I need to do via a script > > > > - clean up any previous work done on an ES index > > > > curl -XDELETE localhost:9200/_all # this wipes everything > curl -XDELETE localhost:9200/my_index # this removes an index > > > > - be able to "export" a whole ES index into a text file > > > > This depends on how big your index is and how you want the text file to be > formatted. Let's assume you're good with a big pretty-formatted JSON for > now. > > If the index is small (say 100 or 1000 docs), this will do: > > curl localhost:9200/my_index/_search?pretty > /tmp/destination_file > I guess the answer is "no", but I still thought I ask ;) When I do this, I get some JSON back (see after my sig). Two questions: #1 is it possible to get only the field "msgnum", and that raw (I would like to have a file with one number on each line, nothing else). I know I can "solve" this with some postprocessor script, but if its doable directly via the API, I'd prefer that (less moving parts). #2 The response says (as I interpret it), there are 100 results (which is what I pushed), but I only see a small subset. Is that already the paging problem? Thanks, Rainer { "took" : 3, "timed_out" : false, "_shards" : { "total" : 5, "successful" : 5, "failed" : 0 }, "hits" : { "total" : 100, "max_score" : 1.0, "hits" : [ { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "KA1WsljpQlqkPNScFTgC1Q", "_score" : 1.0, "_source":{"msgnum":"00000008"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "IiYFDW7eSD6jiNJYEdKQDw", "_score" : 1.0, "_source":{"msgnum":"00000012"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "NPuYLLyMQ7qg19qghRytqQ", "_score" : 1.0, "_source":{"msgnum":"00000018"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "IT_82CPRQaWt7JjGGu6xXQ", "_score" : 1.0, "_source":{"msgnum":"00000021"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "JbFsSXVhR8-tImU1A9bqhQ", "_score" : 1.0, "_source":{"msgnum":"00000024"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "Z-YzaYriSwCKE7-GEgb3Ow", "_score" : 1.0, "_source":{"msgnum":"00000026"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "2Atj5sBNT66SOERCYD6ojw", "_score" : 1.0, "_source":{"msgnum":"00000027"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "dQ7ROGm9TNCXxfBlK2p3nw", "_score" : 1.0, "_source":{"msgnum":"00000028"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "1bamf2DhSAKaZDJXRcL98A", "_score" : 1.0, "_source":{"msgnum":"00000030"} }, { "_index" : "rsyslog_testbench", "_type" : "events", "_id" : "gqvhkA8CQsKx59b1y47stg", "_score" : 1.0, "_source":{"msgnum":"00000034"} } ] } _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
