For starts I've never write a script on ElasticSearch, but I'm interested
in knowing if I can write a script that, when run, will do a search on then
ElasticSearch cluster. This search would be based on the fields of the doc
on which the script would be running. I can imagine that it would have a
TERRIBLE performance hit on the query since all the searches taking place,
but it might be worth it.
If this is possible it might be possible to cross reference different
indexes/document types on the same search.
Log monitoring is my field of interest, so, with this I could, for example:
look for users that have failed login attemps with SSH (syslog log), and
look if the machine that originated the attemps also tried connecting
somewhere else (iptables logs). I could put the script on a sum
aggregation, for example, so I'd have something like: machine A tried
connecting to XXXX other machines, machine B tried connecting to YYYY other
machines ...
Thanks
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7fa38c48-f906-4d91-b9db-3f4f1764fc66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.