0.03
No commit activity in last 3 years
No release in over 3 years
There's a lot of open issues
Gem for querying Logstash and exporting the results.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 0

Runtime

>= 0.8.5
= 0.8.8
= 0.6.6
 Project Readme

stash-query

A CLI Tool for Querying Logstash/Elasticsearch and Exporting the results. Uses the Lucene query syntax that Kibana utilizes, but provides the option for exporting.

Usage:

    -c, --connect_host [HOST]        Elasticsearch host to run query on (defaults to: localhost)
    -p, --port [PORT]                Elasticsearch port (defaults to: 9200)
        --ssl                        Elasticsearch port (defaults to no ssl)
    -T, --timefield [FIELDNAME]      Time-field name (defaults to: @timestamp)
        --scroll-size [number of records]
                                     Scroll Size (defaults to: 10).
        --scroll-time [time units]   Scroll Size (defaults to: 30m).
    -i, --index-prefix [PREFIX]      Index name prefix(es). Defaults to 'logstash-'. Comma delimited
    -w, --write [FILE]               Write output file location (defaults to nil)
    -d, --debug                      Debug mode
    -s, --start [DATE]               Start date. Format: YYYY-MM-DDThh:mm:ss.SSSZ. Ex: 2013-12-01T12:00:00.000Z
    -e, --end [DATE]                 End date. Format: YYYY-MM-DDThh:mm:ss.SSSZ
    -q, --query [QUERY]              Query string
    -t, --tags [TAGS]                Tags to query. Comma delimited
    -f, --write-fields [FIELDS]      Comma delimited list of Logstash fields to write to output file. Defaults to "message"
    -l, --delimiter [DELIMITER]      Delimiter to use in output file. Defaults to ","
    -S, --silent                     Run silently
    -m, --max [INTEGER]              Maximum number of results to return. Non-integer arguments default to 0.

Examples:

stash-query -s 2013-12-01T00:00:00.000Z -e 2013-12-02T00:00:00.000Z -t my_tag -q 'message:hello_world' -w /tmp/my_query.txt

To install locally

gem build stash-query.gemspec
 
gem install stash-query-<version>.gem