Sigh, the day has come...i mapping and indexing questions
Posted: Mon Jul 23, 2018 3:06 pm
Sorry fellas, I put it off for as long as I could, but ole benhank has questions about complicated things.
BUT before I continue, at least nothing is broken. =) So all of you fellas on the support staff who read that and reached for the headache medicine relax =D
Here we go:
A discussion arose in my office when I mentioned that thru using filters and mapping (two thing I know next to nothing about) we can significantly decrease the amount of space on our NLS. It was proposed to me that and that NLS "should" (this is an IT world should) does this for you.
So here we are about to embark on a wonderful journey of discovery and enlightenment( <---said in the voice of Deadpoool)
As I understand it the elk stack works like so:
Logs are sent to NLS and logstash is ready and waiting for them. Logstash, that cute and cuddly eager beaver is listening for data on the ports set in for data on the ports and then based on the filters set up in prepares and sends the data to elasticsearch to file away in its indiana jonesesq warehouse to be retrieved by "Top Men" later:
point of contention
I said "Since,I have not set up any special filters or mappings, all of the syslogs, windows event logs etc, are in their raw formats,and spaces in a log are considered characters which count towards file size. This can be overcome thru mapping and filters.
I was then told that No..NLS compresses and decompresses the data, removing and adding the white spaces for displaying the info after a search.
So please help me how does it work?
BUT before I continue, at least nothing is broken. =) So all of you fellas on the support staff who read that and reached for the headache medicine relax =D
Here we go:
A discussion arose in my office when I mentioned that thru using filters and mapping (two thing I know next to nothing about) we can significantly decrease the amount of space on our NLS. It was proposed to me that and that NLS "should" (this is an IT world should) does this for you.
So here we are about to embark on a wonderful journey of discovery and enlightenment( <---said in the voice of Deadpoool)
As I understand it the elk stack works like so:
Logs are sent to NLS and logstash is ready and waiting for them. Logstash, that cute and cuddly eager beaver is listening for data on the ports set in
Code: Select all
Configure/global/global config/INPUTSCode: Select all
Configure/global/global config/filtersI said "Since,I have not set up any special filters or mappings, all of the syslogs, windows event logs etc, are in their raw formats,and spaces in a log are considered characters which count towards file size. This can be overcome thru mapping and filters.
I was then told that No..NLS compresses and decompresses the data, removing and adding the white spaces for displaying the info after a search.
So please help me how does it work?