Grep search tip

Search for a string in specific files within a directory, with context and excluding certain directories.

Using virtualenv on Jupyter Notebook

Using virtualenv on Jupyter Notebook

Authenticating to GKE without gcloud CLI

How to authenticate to GKE without gcloud CLI

Debugging Logstash and Filebeat pipelines with Logshark

Debugging Logstash and Filebeat pipelines with Logshark

Test all fonts in Figlet

Using Figlet and Lolcat

A Short Emergency Response Guide for Elasticsearch

Help! Production is on fire!

Using Regex groups in Logstash's Gsub

A simple Logstash Gsub trick

Deploying a headless Logstash on Kubernetes

Easily scale up and down to deal with throughput and deploy ETL pipelines to hundreds of instances with a single click

How to get and use the Root CA Certificate Fingerprint in the Elastic Stack

We need a HEX encoded SHA-256 of a CA certificate to use `ca_trusted_fingerprint`

Logstash 8.x - Deploying, Ingesting and Testing the right way

Some of the best practices for deploying Logstash in production in 8.x version, separated in Deployment, Data Ingestion and Testing

Too many fields! 3 ways to prevent mapping explosion in Elasticsearch

More often than not, we have customers indexing fields "just in case" they need to be used for search.

Sharing Logstash keystore between multiple Logstash containers.

Can Logstash Keystore be shared or reused?

Trusting a self-signed CA certificate

Follow this simple steps to make your OS to trust a self-signed Certificate Authority

My Tmux Configuration

I love tmux

Elasticsearch - Replacing an index by alias.

You can change an index name by reindexing its data to a different index and switching it to an alias, all behind the scenes with no downtime.

Need to bind Logstash/Filebeat to a port below 1000? Try iptables REDIRECT.

redirect the priviledged port to a higher port

Whitelist / Blacklist searching in Elasticsearch

How do we match a large number of documents against a dynamic whitelist/blacklist in Elasticsearch?

Logstash - Augmenting events with day of week and day of month

It is useful sometimes to have day of week and day of month in fields that are separate from the @timestamp so we can make aggregations or even machine learning jobs to find a potential correlation between your events and weekdays.

Elasticsearch - Locking Memory for Production

A common error people face when putting an Elasticsearch cluster to production has to do with memory locking. Tipically users would see errors like “Unable to lock JVM memory (ENOMEM). This can result in part of the JVM being swapped out. Increase RLIMIT_MEMLOCK (ulimit)” or “memory locking requested for elasticsearch process but memory is not locked”.