knowdge base article request .ym and mappings

benhank · Post by **benhank** » Mon Jul 23, 2018 3:26 pm

i just made a post hthat got me thinking:
Would you guys be kid enough to put up a knowledgebase article that explains mappings and how to use them with NLS 2.0?
My interest is how to use mappings to optimize NLS for storage and fast retrieval of data
And if possible an article that explains the .yml file and how to use it to make two servers with different HW Harddrive cpu ram um...work together?
and OOOH OOOH! and article that makes using grok and some of the more commonly used filters to transform and mutate data so no matter the datasource it all displays the same? (ok thats a tall order i know )
Thanks guys!

scottwilkerson · Post by **scottwilkerson** » Mon Jul 23, 2018 3:56 pm

We haven't done so because we believe that the mapping in ES is the best you can get by default and you risk a lot by getting the mappings wrong(e.g. no logs will save)

But, so you have it, elastic describes it here
https://www.elastic.co/guide/en/elastic ... pping.html

Post by **mcapra** » Tue Jul 24, 2018 8:37 am

I've been fortunate to have been under-the-hood of a few different ELK-based log collection platforms, and I would argue that a simple log collection platform (like NLS or any other competitor) is not the best launch-pad for a tricked-out custom ElasticSearch cluster. Most of those platforms are making some pretty sweeping assumptions about how ElasticSearch is structured and you're likely to trip over them at almost every turn.

There's strong arguments for a KB article that explains mappings as they relate to some of the default inputs (namely eventlog and syslog). I can think of several instances where logs weren't persisting because the default mappings made some incorrect assumptions.

scottwilkerson · Post by **scottwilkerson** » Tue Jul 24, 2018 9:00 am

mcapra wrote:I've been fortunate to have been under-the-hood of a few different ELK-based log collection platforms, and I would argue that a simple log collection platform (like NLS or any other competitor) is not the best launch-pad for a tricked-out custom ElasticSearch cluster. Most of those platforms are making some pretty sweeping assumptions about how ElasticSearch is structured and you're likely to trip over them at almost every turn.

There's strong arguments for a KB article that explains mappings as they relate to some of the default inputs (namely eventlog and syslog). I can think of several instances where logs weren't persisting because the default mappings made some incorrect assumptions.

Noted

benhank · Post by **benhank** » Wed Jul 25, 2018 9:40 am

Ok i get it, and you guys are right. I just didnt think it thru. Thanks for the replies!

scottwilkerson · Post by **scottwilkerson** » Wed Jul 25, 2018 10:59 am

benhank wrote:Ok i get it, and you guys are right. I just didnt think it thru. Thanks for the replies!

Locking

Nagios Support Forum

knowdge base article request .ym and mappings

knowdge base article request .ym and mappings

Re: knowdge base article request .ym and mappings

Re: knowdge base article request .ym and mappings

Re: knowdge base article request .ym and mappings

Re: knowdge base article request .ym and mappings

Re: knowdge base article request .ym and mappings