Stack Overflow
Stack Overflow

Questions tagged [elastic-stack]

Elastic Stack combines the Elasticsearch, Logstash, Kibana, and the Beats Framework to provide real-time insights of any type of structured or unstructured data.

Elastic Stack combines the , , , and the Beats Framework to provide real-time insights of any type of structured or unstructured data.

In 2015, Elastic introduced the Beats framework (,,) into their stack and decided to rename the ELK Stack to the Elastic Stack

3683 questions
0
votes
0 answers

Data parse from multiple rsyslog to logstash to elasticsearch

I am new to ELK. I have deployed my ELK with this article. https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-22-04 I skipped the nginx part and just used the rest process. My…
milan patel
  • 23
  • 3
0
votes
2 answers

Kibana FIlter on String Value

I have large amount of transactions in Kibana. There is 1 field (timetaken) which indicates time taken by the transaction to complete. The issue is time taken is in string form. When I use >15000; it also shows fields less than 15000. I want to get…
Usama Waheed
  • 1
0
votes
1 answer

unable to find script [testfile] in cluster state in elastic search 8.9 v

I have created a file ie., testfile.painless ctx._source.b_id=params.b_id; and just placed the testfile.painless file in the config/scripts folder on cluster node and then tried with _update_by_query { "script": { "id": "testfile", …
Ajay Takur
  • 6,079
  • 5
  • 39
  • 55
0
votes
1 answer

Can we get Java Client request failure log in Elasticsearch Cluster?

We are facing issue with Elasticsearch Java client but we are not getting any error in Elasticsearch data/master node log. I have updated logger level from INFO to DEBUG but I don't think it will help. Do you have any suggestions to capture Java…
Roopendra
  • 7,674
  • 16
  • 65
  • 92
0
votes
1 answer

Getting parse exception [match] unknown token [START_ARRAY] after [query] in elastic search

not able to get the results with the below syntax in the current version. { "query": { "bool": { "must": [ { "match": { "cid": { "query": [ "TEST" ] } …
Ajay Takur
  • 6,079
  • 5
  • 39
  • 55
0
votes
1 answer

What is the alternative of lowercase_expanded_terms in Elastic search 8.9?

I know that lowercase_expanded_terms is valid in 2.x version and if the same is tried to execute in 8.9v gives "reason": "[query_string] query does not support [lowercase_expanded_terms]". { "size": 1000, "query": { "bool": { "must":…
Ajay Takur
  • 6,079
  • 5
  • 39
  • 55
0
votes
2 answers

What is the alternative of filter context missing clause in elastic search 8.9?

The same syntax below has been working in 2.3 v and if I do execute it in 8.9v does not work. { "size": 0, "query": { "bool": { "filter": [ { "missing": { //"reason": "unknown field [missing]" …
Ajay Takur
  • 6,079
  • 5
  • 39
  • 55
0
votes
1 answer

How to fetch documents with filter context with not clause in elastic search 8.9 v

{ "size": 0, "query": { "bool": { "must": [ { "match": { "cid": { "query": "AFM" } } }, …
Ajay Takur
  • 6,079
  • 5
  • 39
  • 55
0
votes
0 answers

Elasticsearch `match_bool_prefix` query and similar ones

In the Elasticsearch documentation of the match_bool_prefix query, it is stated that the query GET /_search { "query": { "match_bool_prefix" : { "message" : "quick brown f" } } } is equivalent to GET /_search { "query": { …
Aitor Pérez
  • 47
  • 5
0
votes
1 answer

What is the corresponding syntax of "not" in 8.9 version of elastic?

The below syntax is from 2.2 elastic version and its works fine. { "bool" : { "must" : { "term" : { "name.first" : "shay" } }, "filter" : { "not" : { "range" : { …
Ajay Takur
  • 6,079
  • 5
  • 39
  • 55
0
votes
1 answer

Use variants of an elastic dashboard (stage,prod..)

I have a kibana dashboard for a stage environment that shows multiple visuals with queries that all filter for "kubernetes.namespace:stage". I now have to add another dashboard for prod where I filter for "kubernetes.namespace:prod". Both dashboards…
Mathias F
  • 15,906
  • 22
  • 89
  • 159
0
votes
1 answer

Filebeat: Registry log.json grows constantly even with filebeat.registry.flush: 60s

Filebeat 7.17.1 I'm looking into decreasing the amount of IO for the filebeat registry in our deployment. I found the filebeat.registry.flush setting after some research and thought that it would do what I wanted. I set it to 60s redeployed and…
pkulenka
  • 21
  • 3
0
votes
1 answer

Wazuh ElasticSearch Bad Request "_license"

talk to server... ERROR Connection marked as failed because the onConnect callback failed: could not connect to a compatible version of Elasticsearch: 400 Bad Request: {"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid…
ibrahim demet
  • 89
  • 11
0
votes
0 answers

Docker not reading .env file

I am trying to setup the Elastic Stack using Docker Compose. For background, I am running on a Windows 10 device with WSL2 and Docker Desktop (Docker Compose version v2.20.2-desktop.1) installed. I have changed the virtual memory configuration using…
punished ksen
  • 1
  • 1
0
votes
0 answers

Filters in the url are ovewritten by default state of the Security events Dashboard in Wazuh Elastic

I have a table in my Opensearch Dashboard. Also, I have Dashboard in Wazuh, integrated in Elastic. Wazuh is like a security application with its built-in dashboards of different categories. I need to create an url for the table field: agent.name. It…
Aigerim
  • 23
  • 3
1 2 3
99 100