Page 1 of 1
How to clean-up huge list of "Not Sending" Unique Hosts
Posted: Thu Feb 08, 2024 2:21 am
by Haas07
Hi there,
I got myself in a bit of a mess...
Due to a wrong manipulation of a filter i ended up with a huge list of "Not Sending" Unique Hosts.
Reason is that i (briefly) used 'host' as the field name in a CSV filter.
I understand that this is a 'reserved word' and this mistake somehow made these entries tagged as input hosts.
There a few thousand entries, and I would like to avoid having to manually be clicking/deleting every single entry.
And my question is how i would be able to clean this out in a more convenient way?
Is there any location/file, or is there any command that i could run?
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Posted: Thu Feb 08, 2024 10:18 am
by jmichaelson
I'm not sure that there is an easy way to do what you're doing, that we provide. Could you be a bit more specific as to what you did to create that filter in the first place, and I can try to replicate the scenario and see if I can provide more guidance to easily handle this?
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Posted: Thu Feb 08, 2024 11:07 am
by Haas07
Hey Jason,
Thank you for your response already!
I'm not 100% sure anymore.
But i think i either used "host" as part of the CSV filter
if [host] == '##.##.##.##' {
csv {
columns => ["zs01_time","zs02_login","zs03_protocol","host","zs04_eurl","zs05_action"]
}
}
OR i might have done something like this where i created a new field named host.
#Copy a field
ruby {
code => "
event['host'] = event.get('FQDN15')
"
}
Regards
John
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Posted: Fri Feb 09, 2024 5:29 pm
by jmichaelson
I'm working on what hopefully will resolve this for you. Unfortunately Its going to be Monday before I can verify whether it will work.
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Posted: Mon Feb 12, 2024 11:46 am
by jmichaelson
Good morning! I just had to make sure that what I was going to have you do will regenerate the known hosts list. I'm not sure how long it will take but for me sometime between the time I left on Friday and now it regenerated so I feel safe having you do this. SSH into yout Log Server system, and at the shell prompt type the following:
Code: Select all
curl -X "DELETE http://localhost:9200/nagioslogserver/cf_option/known_hosts"
This will delete the known hosts list, and the system jobs will eventually reset it.
Hope this helps you!
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Posted: Mon Feb 12, 2024 1:44 pm
by Haas07
Hey Jason,
This worked!
Thank you very much man, you saved my mouse and my finger from developing RSI.......
Tiny note: I just had to move the double quote
curl -X DELETE
"http://localhost:9200/nagioslogserver/c ... nown_hosts"
thank you!
John
Re: How to clean-up huge list of "Not Sending" Unique Hosts
Posted: Thu Jul 04, 2024 9:42 pm
by jimmyjane
jmichaelson wrote: ↑Mon Feb 12, 2024 11:46 am
Good morning! I just had to make sure that what I was going to have you do will regenerate the known hosts list. I'm not sure how long it will take but for me sometime between the time I left on Friday and now it regenerated so I feel safe having you do this. SSH into yout Log Server system, and at the shell prompt type the following:
Code: Select all
curl -X "DELETE http://localhost:9200/nagioslogserver/cf_option/known_hosts"
This will delete the known hosts list, and the system jobs will eventually reset it.
Hope this helps you!
Thank you, Jason, for the solution you provided. It worked perfectly for me as well, and it saved me a lot of time and effort. For anyone else facing the same problem, I recommend following Jason's advice to delete the known hosts list. Just remember to place the double quotes correctly around the URL like John mentioned