├── .gitignore ├── README.md ├── api.es ├── api_thai.es ├── datasource ├── accounts.ndjson ├── orders.ndjson ├── products.ndjson └── recipes.ndjson ├── docker-compose.yaml ├── elasticsearch-plugins.yml ├── kibana ├── README.md └── resources │ ├── nginx-access-logs-2020-01.ndjson │ ├── nginx-access-logs-2020-02.ndjson │ ├── nginx-access-logs-2020-03.ndjson │ └── orders.ndjson ├── logstash ├── config │ ├── logstash.yml │ └── pipelines.yml ├── input │ ├── apache.log │ ├── input-20210806.log │ ├── input-20210807.log │ └── input.log ├── logstash.conf ├── output │ ├── access-20170920.log │ ├── access-20210806.log │ ├── access.log │ ├── apache.log │ ├── error-20210806.log │ ├── file-20210806.log │ ├── file.log │ ├── http-20210806.log │ ├── http.log │ └── output.log ├── pattern │ └── mypattern ├── pipeline │ ├── apache.logstash.conf │ └── basic.logstash.conf ├── resources │ ├── apache_access.log │ └── patterns │ │ ├── aws │ │ ├── bacula │ │ ├── bind │ │ ├── bro │ │ ├── exim │ │ ├── firewalls │ │ ├── grok-patterns │ │ ├── haproxy │ │ ├── httpd │ │ ├── java │ │ ├── junos │ │ ├── linux-syslog │ │ ├── maven │ │ ├── mcollective │ │ ├── mcollective-patterns │ │ ├── mongodb │ │ ├── nagios │ │ ├── postgresql │ │ ├── rails │ │ ├── redis │ │ ├── ruby │ │ └── squid └── start.sh ├── opensearch └── docker-compose.yaml └── slide.pdf /.gitignore: -------------------------------------------------------------------------------- 1 | data/ -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/README.md -------------------------------------------------------------------------------- /api.es: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/api.es -------------------------------------------------------------------------------- /api_thai.es: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/api_thai.es -------------------------------------------------------------------------------- /datasource/accounts.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/datasource/accounts.ndjson -------------------------------------------------------------------------------- /datasource/orders.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/datasource/orders.ndjson -------------------------------------------------------------------------------- /datasource/products.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/datasource/products.ndjson -------------------------------------------------------------------------------- /datasource/recipes.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/datasource/recipes.ndjson -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/docker-compose.yaml -------------------------------------------------------------------------------- /elasticsearch-plugins.yml: -------------------------------------------------------------------------------- 1 | plugins: 2 | - id: analysis-icu -------------------------------------------------------------------------------- /kibana/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/kibana/README.md -------------------------------------------------------------------------------- /kibana/resources/nginx-access-logs-2020-01.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/kibana/resources/nginx-access-logs-2020-01.ndjson -------------------------------------------------------------------------------- /kibana/resources/nginx-access-logs-2020-02.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/kibana/resources/nginx-access-logs-2020-02.ndjson -------------------------------------------------------------------------------- /kibana/resources/nginx-access-logs-2020-03.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/kibana/resources/nginx-access-logs-2020-03.ndjson -------------------------------------------------------------------------------- /kibana/resources/orders.ndjson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/kibana/resources/orders.ndjson -------------------------------------------------------------------------------- /logstash/config/logstash.yml: -------------------------------------------------------------------------------- 1 | config.reload.automatic: true 2 | -------------------------------------------------------------------------------- /logstash/config/pipelines.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/config/pipelines.yml -------------------------------------------------------------------------------- /logstash/input/apache.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/input/apache.log -------------------------------------------------------------------------------- /logstash/input/input-20210806.log: -------------------------------------------------------------------------------- 1 | Hello 2 | -------------------------------------------------------------------------------- /logstash/input/input-20210807.log: -------------------------------------------------------------------------------- 1 | Bond 2 | Hello 3 | -------------------------------------------------------------------------------- /logstash/input/input.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/input/input.log -------------------------------------------------------------------------------- /logstash/logstash.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/logstash.conf -------------------------------------------------------------------------------- /logstash/output/access-20170920.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/access-20170920.log -------------------------------------------------------------------------------- /logstash/output/access-20210806.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/access-20210806.log -------------------------------------------------------------------------------- /logstash/output/access.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/access.log -------------------------------------------------------------------------------- /logstash/output/apache.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/apache.log -------------------------------------------------------------------------------- /logstash/output/error-20210806.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/error-20210806.log -------------------------------------------------------------------------------- /logstash/output/file-20210806.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/file-20210806.log -------------------------------------------------------------------------------- /logstash/output/file.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/file.log -------------------------------------------------------------------------------- /logstash/output/http-20210806.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/http-20210806.log -------------------------------------------------------------------------------- /logstash/output/http.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/http.log -------------------------------------------------------------------------------- /logstash/output/output.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/output/output.log -------------------------------------------------------------------------------- /logstash/pattern/mypattern: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/pattern/mypattern -------------------------------------------------------------------------------- /logstash/pipeline/apache.logstash.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/pipeline/apache.logstash.conf -------------------------------------------------------------------------------- /logstash/pipeline/basic.logstash.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/pipeline/basic.logstash.conf -------------------------------------------------------------------------------- /logstash/resources/apache_access.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/apache_access.log -------------------------------------------------------------------------------- /logstash/resources/patterns/aws: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/aws -------------------------------------------------------------------------------- /logstash/resources/patterns/bacula: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/bacula -------------------------------------------------------------------------------- /logstash/resources/patterns/bind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/bind -------------------------------------------------------------------------------- /logstash/resources/patterns/bro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/bro -------------------------------------------------------------------------------- /logstash/resources/patterns/exim: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/exim -------------------------------------------------------------------------------- /logstash/resources/patterns/firewalls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/firewalls -------------------------------------------------------------------------------- /logstash/resources/patterns/grok-patterns: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/grok-patterns -------------------------------------------------------------------------------- /logstash/resources/patterns/haproxy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/haproxy -------------------------------------------------------------------------------- /logstash/resources/patterns/httpd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/httpd -------------------------------------------------------------------------------- /logstash/resources/patterns/java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/java -------------------------------------------------------------------------------- /logstash/resources/patterns/junos: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/junos -------------------------------------------------------------------------------- /logstash/resources/patterns/linux-syslog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/linux-syslog -------------------------------------------------------------------------------- /logstash/resources/patterns/maven: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/maven -------------------------------------------------------------------------------- /logstash/resources/patterns/mcollective: -------------------------------------------------------------------------------- 1 | MCOLLECTIVEAUDIT %{TIMESTAMP_ISO8601:timestamp}: 2 | -------------------------------------------------------------------------------- /logstash/resources/patterns/mcollective-patterns: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/mcollective-patterns -------------------------------------------------------------------------------- /logstash/resources/patterns/mongodb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/mongodb -------------------------------------------------------------------------------- /logstash/resources/patterns/nagios: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/nagios -------------------------------------------------------------------------------- /logstash/resources/patterns/postgresql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/postgresql -------------------------------------------------------------------------------- /logstash/resources/patterns/rails: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/rails -------------------------------------------------------------------------------- /logstash/resources/patterns/redis: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/redis -------------------------------------------------------------------------------- /logstash/resources/patterns/ruby: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/ruby -------------------------------------------------------------------------------- /logstash/resources/patterns/squid: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/resources/patterns/squid -------------------------------------------------------------------------------- /logstash/start.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/logstash/start.sh -------------------------------------------------------------------------------- /opensearch/docker-compose.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/opensearch/docker-compose.yaml -------------------------------------------------------------------------------- /slide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codebangkok/elastic/HEAD/slide.pdf --------------------------------------------------------------------------------