In Splunk, it is possible to detect tampering of logs. Splunk will take an
event at ingestion time and create a hash value based on the event and your
certificates/keys. You can then write searches that will re-hash the event
to be compared to the original to indicate if anything has changed.
I recently ran into an issue where my cluster is reporting an
IndexMissingException. I tried deleting the faulty index, but I keep
getting the same error returned. How do I fix this problem?
$ curl -XDELETE 'http://localhost:9200/logstash-2014.09.04.11'
I removed all the extra allocation stuff. When I did that, the shards were
all propogated. Health is green again.
On Thursday, May 22, 2014 6:56:24 PM UTC-4, Brian Wilkins wrote:
Went back and read the page again. So I made one master, workhorse, and
balancer with rackid of rack_two
I have five nodes : Two Master Nodes, One Balancer Node, One Workhorse
Node, and One Coordinator Node.
I am shipping events from logstash, redis, to elasticsearch.
At the moment, my cluster is RED. The shards are created but no index is
created. I used to get an index like logstash.2014-05-22,
/elasticsearch/reference/current/modules-cluster.html#allocation-awareness
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com javascript:
web: www.campaignmonitor.com
On 23 May 2014 02:22, Brian Wilkins bwil...@gmail.com javascript:wrote:
I have
Went back and read the page again. So I made one master, workhorse, and
balancer with rackid of rack_two for testing. One master shows rackid of
rack_one. All nodes were restarted. The shards are still unassigned. Also,the
indices in ElasticHQ are empty.
--
You received this message because
I am on RHEL 6. I can send messages from my Logstash shipper to Redis to
Elasticsearch. I installed logstash via RPM on all my servers and I
installed elasticsearch 1.0.3 via RPM. When I issue the command via curl to
check my node status, I get two different versions. In Kibana 3, it tells
me
or ElasticHQ to give yourself
better insight into your cluster.
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com
web: www.campaignmonitor.com
On 9 May 2014 23:08, Brian Wilkins bwilk...@gmail.com wrote:
I am on RHEL 6. I can send messages from my
