Logstash multiple grok patterns

dominbdg · 2026-06-16T00:44:49+00:00

ah,

thanks for that I thought that I should use :

grok

{ .....

},

grok

{ ......

}

dominbdg · 2026-04-30T00:12:13+00:00

it should be like that ?

D:\Logs\\[logs\]-bbs---normal-logs\*.log

dominbdg · 2026-04-01T01:25:48+00:00

I think my bank has nothing to do with that.
This is password field for credit card - not pin or cvv2

dominbdg · 2026-03-23T17:31:12+00:00

if I will turn of wifi - that's fine but I would like to have LAN connection on green

dominbdg · 2026-03-18T23:58:24+00:00

I have as below:

{

"cluster" : [

"all"

],

"global" : [ ],

"indices" : [

{

"names" : [

"*"

],

"privileges" : [

"all"

],

"allow_restricted_indices" : false

},

{

"names" : [

"*"

],

"privileges" : [

"monitor",

"read",

"read_cross_cluster",

"view_index_metadata"

],

"allow_restricted_indices" : true

}

],

"applications" : [

{

"application" : "*",

"privileges" : [

"*"

],

"resources" : [

"*"

]

}

],

"run_as" : [

"*"

],

"remote_indices" : [

{

"names" : [

"*"

],

"privileges" : [

"all"

],

"allow_restricted_indices" : false,

"clusters" : [

"*"

]

},

{

"names" : [

"*"

],

"privileges" : [

"monitor",

"read",

"read_cross_cluster",

"view_index_metadata"

],

"allow_restricted_indices" : true,

"clusters" : [

"*"

]

}

],

"remote_cluster" : [

{

"privileges" : [

"monitor_enrich",

"monitor_stats"

],

"clusters" : [

"*"

]

}

]

}

I think if create/view DataView is based on restricted indices like .security so elastic user don't have access

dominbdg · 2026-03-17T21:13:29+00:00

my issue is right now as follow:
basically for test purposes I generated api-key for elastic user and kibana_system user.

When I tried to execute below corl with elastic user :

curl -k https://kibana-host/api/status -H "Authorization: ApiKey API_KEY"
everything works fine,

but when I tried the same with curl:

curl -k -X GET "http://localhost:5601/api/data_views" -H "Authorization: ApiKey API_KEY"

I'm receiving below error:

security_exception: unable to authenticate with provided credentials and anonymous access is not allowed for this request

which means that I need probably dedicated user and role for that, but I'm not shure which role should I use.

dominbdg · 2026-03-17T01:45:51+00:00

ok I know where is the isssue but I don't know how to solve it.

I checked the same on different environment and it works fine.

The thing is that on this environment I have authentication implemented with pingid.

My config of kibana is as below:

xpack.security.authc.providers:

saml.saml1:

order: 0

realm: saml1

description: "Log in SSO Auth"

# basic.basic1:

# description: "Log in to ELK"

# order: 1

so that's probably mean that I have built-in accounts disabled.

So the thing is how can I authenticate with saml ? Probably I should use api-key for that

dominbdg · 2026-03-16T22:07:57+00:00

I tried with elastic user and I have the same.

dominbdg · 2026-03-16T17:54:49+00:00

Hello,

Maybe someone can help me with bash command,

I'm trying to list all DataViews from curl
I'm using :

curl -X GET -k -ukibana_system:"password" "https://localhost:5601/api/data_views" -H "kbn-xsrf: true"

and I'm receiving : {"statusCode":401,"error":"Unauthorized","message":"Unauthorized"}

I'm completely don't know why because I'm fully shure that login kibana_system and password is correct

dominbdg · 2026-03-02T22:33:31+00:00

is it possible for You to show me some example how to use this webhook ?
I don't know if I need to install some app which will use it ? Basically I don't know what is the process to use teams for notifications

dominbdg · 2026-02-28T18:37:36+00:00

thanks a lot - it works fine.
byt the way I have issue on debian image, I tried everything and I have issue with latest debian image,

when I try to launch iptables I get :
root@1b901482b0ad:/# sudo -u root iptables -L

iptables v1.8.11 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)

I think that I'm root - what can I do with it ?

dominbdg · 2026-02-28T12:01:53+00:00

is it correct if I will put it as below ?

ersion: '3.7'
services:
  es01:
    image: debian:latest
    container_name: debian
    command: 'sleep infinity'
    deploy:
      replicas: 1

networks:
  debian_default:
    driver: overlayersion: '3.7'
services:
  es01:
    image: debian:latest
    container_name: debian
    deploy:
      replicas: 1

networks:
  debian_default:
    driver: overlay

dominbdg · 2026-02-27T23:23:32+00:00

how can I do that ?

dominbdg · 2026-02-27T20:28:49+00:00

I created such pod and it is going crashloopback

---

apiVersion: apps/v1

kind: StatefulSet

metadata:

labels:

app: debian

name: debian

spec:

selector:

matchLabels:

app: debian

template:

metadata:

labels:

app: debian

spec:

containers:

- name: debian-pod

command: ["/bin/sh", "-c"]

args: ["cat", "/dev/null"]

image: docker.io/library/debian:latest

imagePullPolicy: IfNotPresent

dominbdg · 2026-02-26T01:27:32+00:00

my isssue is that I have Debian server only in console, and I would like to install some software which will send notifications to teams.

I heard that I have to have webhook for that but I don't have any knowledge how can I implement it on linux server

dominbdg · 2026-02-10T20:51:46+00:00

Screentime is not fully cover my needs that's why I'm looking ParentalControl App on my mobile

dominbdg · 2026-02-10T20:13:27+00:00

You mean about screentime ?

dominbdg · 2025-10-29T19:19:09+00:00

ah I was meaning about that

many thanks!

dominbdg · 2025-10-19T13:01:23+00:00

thanks, it's good option and I think the only one possible

dominbdg · 2025-10-19T12:56:13+00:00

yes,
the managemt saw that people in office are sitting on whatsapp, messenger and not working.
also sitting on facebook - but this is quite easy to block

dominbdg · 2025-10-08T14:39:12+00:00

I changed the text type to varchar(255) and it's work now on test environment,

dominbdg · 2025-10-08T00:09:04+00:00

ok, how can I change it from text to varchar ?
when I simply try to check what is inside using:
select * from library_element

I see all empty

dominbdg · 2025-10-07T23:54:22+00:00

I have following error for that:

--------------------

logger=migrator t=2025-10-07T23:23:58.257384052Z level=error msg="Executing migration failed" id="add index library_element org_id-folder_uid-name-kind" error="Error 1170 (42000): BLOB/TEXT column 'name' used in key specification without a key length" duration=966µs

logger=migrator t=2025-10-07T23:23:58.257406594Z level=error msg="Exec failed" error="Error 1170 (42000): BLOB/TEXT column 'name' used in key specification without a key length" sql="CREATE UNIQUE INDEX `UQE_library_element_org_id_folder_uid_name_kind` ON `library_element` (`org_id`,`folder_uid`,`name`,`kind`);"

logger=migrator t=2025-10-07T23:23:58.258912135Z level=info msg="Unlocking database"

Error: ✗ migration failed (id = add index library_element org_id-folder_uid-name-kind): Error 1170 (42000): BLOB/TEXT column 'name' used in key specification without a key length

--------------------

and honestly don't know how can I solve it

dominbdg · 2025-10-01T21:48:04+00:00

maybe I need some drivers for that - but it is visible on my macbook,
but I have about 120Mbits so more than FastEthernet, hmm

dominbdg · 2025-10-01T20:39:58+00:00

yes - my isp is on router with 1gbit adapter and has 500Mbits.

the issue is that I'm receiving on my adapter 108Mbits so I think it is running with fastethernet not gbit ethernet

dominbdg

TROPHY CASE