Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jedi4ever/logstash-cli
Commandline interface for logstash
https://github.com/jedi4ever/logstash-cli
Last synced: about 1 month ago
JSON representation
Commandline interface for logstash
- Host: GitHub
- URL: https://github.com/jedi4ever/logstash-cli
- Owner: jedi4ever
- Created: 2012-05-11T09:26:18.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2013-05-29T06:54:32.000Z (over 11 years ago)
- Last Synced: 2024-10-31T13:53:23.015Z (about 2 months ago)
- Language: Ruby
- Size: 224 KB
- Stars: 71
- Watchers: 8
- Forks: 9
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
** Work in progress **
## Description
A cli tool to query an elasticsearch host for logstash information.
Because let's face it, we're CLI junkies :)
Mucho inspired by a gist of the eminent @lusis -
## Installation
### As a gem
$ gem install logstash-cli
### From github
Tested with rvm and ruby-1.8.7
$ git clone git://github.com/jedi4ever/logstash-cli.git
$ cd logstash-cli
$ gem install bundler
$ bundle install
## Usage
### Using the Gem
# If you no rvm
$ bundle exec bin/logstash-cli
# If you have rvm , there is an alias in .rvmrc
$ logstash-cli
### Using the Github version - through bundler
$ bundle exec bin/logstash-cli
## Commandline Options
### Grep
Usage:
logstash-cli grep PATTERN
Options:
[--index-prefix=INDEX_PREFIX] # Logstash index prefix
# Default: logstash-
[--fields=FIELDS] # Logstash Fields to show
# Default: message,program
[--meta=META] # Meta Logstash fields to show
# Default: type,message
[--to=TO] # End date
# Default: Today in YYYY-MM-DD HH:MM:SS form (the time is optional)
[--delim=DELIM] # plain or csv delimiter
# Default: |
[--format=FORMAT] # Format to use for exporting
# Default: csv
[--from=FROM] # Begin date
# Default: Today in YYYY-MM-DD HH:MM:SS form (the time is optional)
[--size=SIZE] # Number of results to return
# Default: 500
[--esurl=ESURL] # URL to connect to elasticsearch
# Default: http://localhost:9200
[--last=LAST] # Specify period since now (Examples: 10min, 3hrs, 4days, 1wk, 1yr)
Search logstash for a pattern
### Tail
Usage:
logstash-cli tail
Options:
[--host=HOST] # Host to connect to AMQP
# Default: localhost
--amqpurl, [--url=URL] # Alternate way to specify settings via an AMQP Url f.i. amqp://logstash:foopass@localhost:5672.
This takes precendence over other settings. Note that username and password need to be percentage encoded(URL encoded) in case of special characters
[--auto-delete] # Autodelete Exchange or not
[--vhost=VHOST] # VHost to connect to AMQP
# Default: /
[--persistent] # Persistent Exchange or not
[--ssl] # Enable SSL to connect to AMQP
[--user=USER] # User to connect to AMQP
# Default: logstash
[--meta=META] # Meta Logstash fields to show
# Default: timestamp,type,message
[--format=FORMAT] # Format to use for exporting (plain,csv,json)
# Default: csv
[--key=KEY] # Routing key
# Default: #
[--port=PORT] # Port to connect to AMQP
# Default: 5672
[--exchange=EXCHANGE] # Exchange name
# Default: rawlogs
[--password=PASSWORD] # Password to connect to AMQP
# Default: foo
[--delim=DELIM] # plain or csv delimiter
# Default: |
[--exchange-type=EXCHANGE_TYPE] # Exchange Type
# Default: direct
[--durable] # Durable Exchange or not
Stream a live feed via AMQP
### Count
Usage:
logstash-cli count PATTERN --countfield=COUNTFIELD
Options:
[--meta=META] # Meta Logstash fields to show
[--last=LAST] # Specify period since now f.i. 1d
[--from=FROM] # Begin date
# Default: Today in YYYY-MM-DD form
[--delim=DELIM] # plain or csv delimiter
# Default: |
--countfield=COUNTFIELD # Logstash field to count
[--countsize=COUNTSIZE] # Number of most frequent values to return
# Default: 50
[--format=FORMAT] # Format to use for exporting (plain,csv,json)
# Default: csv
[--to=TO] # End date
# Default: Today in YYYY-MM-DD form
[--fields=FIELDS] # Logstash fields to show
[--size=SIZE] # Number of results per index to show
# Default: 10
[--esurl=ESURL] # URL to connect to elasticsearch
# Default: http://localhost:9200
[--index-prefix=INDEX_PREFIX] # Logstash index prefix
# Default: logstash-
Return most frequent values of a field within a pattern and optionally show associated fields
## Examples
$ logstash-cli grep --esurl="http://logger-1.jedi.be:9200" '@message:jedi4ever AND program:sshd' --last 5d --format csv --delim ':'
$ logstash-cli tail --amqpurl="amqp://logger-1.jedi.be:5672" --key="program.sshd"
$ logstash-cli count --esurl="http://logger-1.jedi.be:9200" '@message:jedi4ever' --countfield=program
## TODO
- find a way to query existing instances
- find a way to get the results by streaming instead of loading all in memory (maybe pagination will help here)
- produce ascii histograms
- or sparklines