Hi there,
I got myself in a bit of a mess...
Due to a wrong manipulation of a filter i ended up with a huge list of "Not Sending" Unique Hosts.
Reason is that i (briefly) used 'host' as the field name in a CSV filter.
I understand that this is a 'reserved word' and this mistake somehow made these entries tagged as input hosts.
There a few thousand entries, and I would like to avoid having to manually be clicking/deleting every single entry.
And my question is how i would be able to clean this out in a more convenient way?
Is there any location/file, or is there any command that i could run?
How to clean-up huge list of "Not Sending" Unique Hosts
How to clean-up huge list of "Not Sending" Unique Hosts
You do not have the required permissions to view the files attached to this post.
- jmichaelson
- Posts: 127
- Joined: Wed Aug 23, 2023 1:02 pm
Re: How to clean-up huge list of "Not Sending" Unique Hosts
I'm not sure that there is an easy way to do what you're doing, that we provide. Could you be a bit more specific as to what you did to create that filter in the first place, and I can try to replicate the scenario and see if I can provide more guidance to easily handle this?
Please let us know if you have any other questions or concerns.
-Jason
-Jason
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Hey Jason,
Thank you for your response already!
I'm not 100% sure anymore.
But i think i either used "host" as part of the CSV filter
if [host] == '##.##.##.##' {
csv {
columns => ["zs01_time","zs02_login","zs03_protocol","host","zs04_eurl","zs05_action"]
}
}
OR i might have done something like this where i created a new field named host.
#Copy a field
ruby {
code => "
event['host'] = event.get('FQDN15')
"
}
Regards
John
Thank you for your response already!
I'm not 100% sure anymore.
But i think i either used "host" as part of the CSV filter
if [host] == '##.##.##.##' {
csv {
columns => ["zs01_time","zs02_login","zs03_protocol","host","zs04_eurl","zs05_action"]
}
}
OR i might have done something like this where i created a new field named host.
#Copy a field
ruby {
code => "
event['host'] = event.get('FQDN15')
"
}
Regards
John
- jmichaelson
- Posts: 127
- Joined: Wed Aug 23, 2023 1:02 pm
Re: How to clean-up huge list of "Not Sending" Unique Hosts
I'm working on what hopefully will resolve this for you. Unfortunately Its going to be Monday before I can verify whether it will work.
Please let us know if you have any other questions or concerns.
-Jason
-Jason
- jmichaelson
- Posts: 127
- Joined: Wed Aug 23, 2023 1:02 pm
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Good morning! I just had to make sure that what I was going to have you do will regenerate the known hosts list. I'm not sure how long it will take but for me sometime between the time I left on Friday and now it regenerated so I feel safe having you do this. SSH into yout Log Server system, and at the shell prompt type the following:
This will delete the known hosts list, and the system jobs will eventually reset it.
Hope this helps you!
Code: Select all
curl -X "DELETE http://localhost:9200/nagioslogserver/cf_option/known_hosts"
Hope this helps you!
Please let us know if you have any other questions or concerns.
-Jason
-Jason
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Hey Jason,
This worked!
Thank you very much man, you saved my mouse and my finger from developing RSI.......
Tiny note: I just had to move the double quote
curl -X DELETE "http://localhost:9200/nagioslogserver/c ... nown_hosts"
thank you!
John
This worked!
Thank you very much man, you saved my mouse and my finger from developing RSI.......
Tiny note: I just had to move the double quote
curl -X DELETE "http://localhost:9200/nagioslogserver/c ... nown_hosts"
thank you!
John