Using virtualenv on Jupyter Notebook
Authenticating to GKE without gcloud CLI
Debugging Logstash and Filebeat pipelines with Logshark
Test all fonts in Figlet
A Short Emergency Response Guide for Elasticsearch
Using Regex groups in Logstash's Gsub
Deploying a headless Logstash on Kubernetes
How to get and use the Root CA Certificate Fingerprint in the Elastic Stack
Logstash 8.x - Deploying, Ingesting and Testing the right way
Too many fields! 3 ways to prevent mapping explosion in Elasticsearch
Sharing Logstash keystore between multiple Logstash containers.
Trusting a self-signed CA certificate
Follow this simple steps to make your OS to trust a self-signed Certificate Authority
My Tmux Configuration
Elasticsearch - Replacing an index by alias.
You can change an index name by reindexing its data to a different index and switching it to an alias, all behind the scenes with no downtime.
Need to bind Logstash/Filebeat to a port below 1000? Try iptables REDIRECT.
Whitelist / Blacklist searching in Elasticsearch
How do we match a large number of documents against a dynamic whitelist/blacklist in Elasticsearch?
Logstash - Augmenting events with day of week and day of month
It is useful sometimes to have day of week and day of month in fields that are separate from the @timestamp
so we can make aggregations or even machine learning jobs to find a potential correlation between your events and weekdays.
Elasticsearch - Locking Memory for Production
A common error people face when putting an Elasticsearch cluster to production has to do with memory locking. Tipically users would see errors like “Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit)” or “memory locking requested for elasticsearch process but memory is not locked”.