update elk

hdjace · Feb 16, 2020 · e2e2898 · e2e2898
1 parent 00c5724
commit e2e2898
Showing 1 changed file with 37 additions and 2 deletions.
diff --git a/resources/elk.md b/resources/elk.md
@@ -19,9 +19,18 @@ Name | Comments
 [Grok Patterns](https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns) | Logstash Patterns Code
 [RE used by Grok](https://github.com/kkos/oniguruma/blob/master/doc/RE) |
 
-## Tools
+## Logstash Tools
+
+Name | Comments
+:------|:------:
+[GrokDebug](https://grokdebug.herokuapp.com) | Test Grok Patterns
+
+## Kibana Tools
+
+Name | Comments
+:------|:------:
+[Rubban](https://github.com/sherifabdlnaby/rubban) | "Kibana Automatic Index Pattern Discovery and Other Curating Tasks"
 
-https://grokdebug.herokuapp.com
 
 ## Logstash Cheat Sheet
 
@@ -41,10 +50,36 @@ input {
 tcpdump -Xni eth0 port 5140
 ```
 
+* Load Parquet files
+
+```
+Use https://github.com/Parquet/parquet-compatibility/blob/master/parquet-compat/src/test/java/parquet/compat/test/ConvertUtils.java
+Specifically https://github.com/Parquet/parquet-compatibility/blob/master/parquet-compat/src/test/java/parquet/compat/test/ConvertUtils.java#L111
+
+Once it's convreted to CSV, you process it with
+
+input {
+    file {
+        path => "/path/to/your/parquet/as/csv/file"
+    }
+}
+filter {
+    csv {
+        columns => ["col1", "col2"]
+    }
+}
+```
+
 ## Elsaticsearch Cheat Sheet
 
 * Test elasticsearch
 
 ```
 curl localhost:9200
 ```
+
+* List indexes
+
+```
+curl 'localhost:9200/_cat/indices?v'
+```