We have a scenario like this:
Server Error Count_of_Error
D1 ER1 15
D1 ER2 15
Questions:
Presently we are getting this count from kibana visualisation. We want to maintain the same in conf file.
Can this count be updated in Index in logstash configuration file?
That's probably going to be hard. Where do these numbers come from? How are they getting into Logstash?
How index is stored inside ElasticSerach. Is this stored in files?
Elasticsearch uses a file system for persistence, yes.
magnusblack
We need to create the count too in first place. The next time same error comes it should increment.
Wouldn't it be easier to just use ES for this kind of counting?
Yeah it would definitely be easier but we have a use case where we are going to purge data every 3-4 months. So we wanted to have a summary information of all the errors occured in the past which is count.
We will be purging everything else except this count visualization as it will have only one row per error type.
Can the same aggregation kibana does on UI can be performed on logstash level so that we don't need to store all records and we will be incrementing the same count whenever a same error occur ?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.