Re: Kibana: Mark warnings as "solved"

2015-04-09 Thread Mark Walkom 
Just update your query to include a NOT, or similar.

On 9 April 2015 at 16:22, Thomas Güttler  wrote:

> I know how to use a programming language and I could do start a own
> project.
>
> But I would like to avoid it, since it leads to "plubming". I guess other
> people have same use case,
> and I would like to use (and improve) an existing project.
>
> But I have not found any up to now.
>
> How do other ELK users solve my use case?
>
> I guess I am missing something.
>
> Regards,
>   Thomas Güttler
>
>
> Am Mittwoch, 8. April 2015 11:02:35 UTC+2 schrieb James Green:
>>
>> Couldn't you update the document with a flag on a field?
>>
>> On 8 April 2015 at 09:43, Thomas Güttler  wrote:
>>
>>> We are evaluating if ELK is the right tool for our logs and event
>>> messages.
>>>
>>> We need a way to mark warnings as "done". All warnings of this type
>>> should be invisible in the future.
>>>
>>> Use case:
>>>
>>> There was a bug in our code and the dev team has created a fix.
>>> Continuous Integration is running,
>>> and soon the bug in the production system will be gone.
>>>
>>> We need a way to mark the warnings as "this type of warning is already
>>> handled, and the
>>> fix will be in the production system during the next three hours".
>>>
>>> Can you understand what I want?
>>>
>>> How to handle this with ELK?
>>>
>>> Just removing these logs from ElasticSearch is not a solution, since
>>> during the next hours (after
>>> setting the flag "done") new events can still come into the system.
>>>
>>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "elasticsearch" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to elasticsearc...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/elasticsearch/ff5e0583-3f1d-4ba4-af38-ee0a4823afc2%
>>> 40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/6edd4558-7035-48d2-85b2-7e88f6571acc%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAEYi1X-W0p7iR_XBrLeh%2B8GVSiMTfi1JGeDuU-KTwGq6LP5cJg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Kibana: Mark warnings as "solved"

2015-04-08 Thread Thomas Güttler 
I know how to use a programming language and I could do start a own project.

But I would like to avoid it, since it leads to "plubming". I guess other 
people have same use case,
and I would like to use (and improve) an existing project.

But I have not found any up to now.

How do other ELK users solve my use case?

I guess I am missing something.

Regards,
  Thomas Güttler


Am Mittwoch, 8. April 2015 11:02:35 UTC+2 schrieb James Green:
>
> Couldn't you update the document with a flag on a field?
>
> On 8 April 2015 at 09:43, Thomas Güttler > 
> wrote:
>
>> We are evaluating if ELK is the right tool for our logs and event 
>> messages.
>>
>> We need a way to mark warnings as "done". All warnings of this type 
>> should be invisible in the future.
>>
>> Use case:
>>
>> There was a bug in our code and the dev team has created a fix. 
>> Continuous Integration is running,
>> and soon the bug in the production system will be gone.
>>
>> We need a way to mark the warnings as "this type of warning is already 
>> handled, and the 
>> fix will be in the production system during the next three hours".
>>
>> Can you understand what I want?
>>
>> How to handle this with ELK?
>>
>> Just removing these logs from ElasticSearch is not a solution, since 
>> during the next hours (after
>> setting the flag "done") new events can still come into the system.
>>
>>
>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to elasticsearc...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/elasticsearch/ff5e0583-3f1d-4ba4-af38-ee0a4823afc2%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/6edd4558-7035-48d2-85b2-7e88f6571acc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Kibana: Mark warnings as "solved"

2015-04-08 Thread James Green 
Couldn't you update the document with a flag on a field?

On 8 April 2015 at 09:43, Thomas Güttler  wrote:

> We are evaluating if ELK is the right tool for our logs and event messages.
>
> We need a way to mark warnings as "done". All warnings of this type should
> be invisible in the future.
>
> Use case:
>
> There was a bug in our code and the dev team has created a fix. Continuous
> Integration is running,
> and soon the bug in the production system will be gone.
>
> We need a way to mark the warnings as "this type of warning is already
> handled, and the
> fix will be in the production system during the next three hours".
>
> Can you understand what I want?
>
> How to handle this with ELK?
>
> Just removing these logs from ElasticSearch is not a solution, since
> during the next hours (after
> setting the flag "done") new events can still come into the system.
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/ff5e0583-3f1d-4ba4-af38-ee0a4823afc2%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAMH6%2BayGJGhn0VfBmJaeLEiaXyXjG%2BU-spHdhia4Rfu%3DUjTfcw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Kibana: Mark warnings as "solved"

2015-04-08 Thread Thomas Güttler 
We are evaluating if ELK is the right tool for our logs and event messages.

We need a way to mark warnings as "done". All warnings of this type should 
be invisible in the future.

Use case:

There was a bug in our code and the dev team has created a fix. Continuous 
Integration is running,
and soon the bug in the production system will be gone.

We need a way to mark the warnings as "this type of warning is already 
handled, and the 
fix will be in the production system during the next three hours".

Can you understand what I want?

How to handle this with ELK?

Just removing these logs from ElasticSearch is not a solution, since during 
the next hours (after
setting the flag "done") new events can still come into the system.


-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/ff5e0583-3f1d-4ba4-af38-ee0a4823afc2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.