elasticsearchclitools / estail Goto Github PK

Since Scan and Scroll disables sorting, the returned data will need to be sorted.

I want to see about having 2 different options of the search type

query_and_fetch
and
scan

also I may implement a local sorting of the data when implementing the scan.

I tried using esTail against my ES instance however I get the following error:

$ node ./esTail.js --hostport=my-es-server:9200 --index=ereglog-dev-2017.07.31
Connected to Elasticsearch cluster.
ERR:[parsing_exception] no [query] registered for [missing], with { line=1 & col=132 } :: {"path":"/ereglog-dev-2017.07.31/_search","query":{"scroll":"30s","search_type":"scan","size":100},"body":"{\"query\":{\"bool\":{\"must\":[{\"range\":{\"@timestamp\":{\"gt\":\"now-10m\",\"to\":\"now\"}}}],\"must_not\":[{\"constant_score\":{\"filter\":{\"missing\":{\"field\":\"message\"}}}},{\"constant_score\":{\"filter\":{\"missing\":{\"field\":\"@timestamp\"}}}}],\"should\":[]}},\"sort\":{\"@timestamp\":{\"order\":\"asc\"}}}","statusCode":400,"response":"{\"error\":{\"root_cause\":[{\"type\":\"parsing_exception\",\"reason\":\"no [query] registered for [missing]\",\"line\":1,\"col\":132}],\"type\":\"parsing_exception\",\"reason\":\"no [query] registered for [missing]\",\"line\":1,\"col\":132},\"status\":400}"}

Is this something I'm doing wrong, or is esTail not compatible with v5.4.2?

Hi,

I have type and message fields in my elasticseach logstash entries.

I want to filter entries by type and then apply regular expression message field to tail only matching entries.
I tried this, but it does not work.

nodejs ./esTail.js --hostport=localost:9200 --index=logstash-* --context=type=test-component --regex='(Offset Report)' --regexflags="gm"

Above command should filter messages based matching type and then apply regex to show only entries that have "Offset Report" string in it.

Am I making any mistake here?

Using version 8.2.0 of the elasticsearch package, as defined in https://github.com/ElasticSearchCLITools/esTail/blob/master/package.json#L13 I receive this error:

Elasticsearch ERROR: 2015-12-09T17:38:26Z
  Error: Unable to convert node list from undefined to hosts durring sniff. Encountered error:
  Error: node's http_address property ("10.0.1.52:9200") does not match the expected pattern /\[\/*([^:]+):(\d+)\]/.

Version 10.0.1 has an updated method for this check: https://github.com/elastic/elasticsearch-js/blob/v10.0.1/src/lib/nodes_to_host.js

Updating the elasticsearch dependency at https://github.com/ElasticSearchCLITools/esTail/blob/master/package.json#L13 to the latest version (10.0.1 at the time of this writing) and running npm install to update the dependency resolves the issue:
"elasticsearch": "^10.0.1",