updates

Author: ddpbsd

_sources/elk/agent/agent.rst.txt

@@ -0,0 +1,43 @@
+===========
+agent stuff
+===========
+
+
+find an agent by  name in fleet
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The search field is very elasticy, so filter by `local_metadata.host.name` to search based on the name in the `Host` field.
+
+
+agent status
+^^^^^^^^^^^^
+
+Get the status of an agent and the integrations.
+
+.. code-block:: console
+
+   monitor0:/opt/Elastic/Agent # ./elastic-agent status
+   Status: HEALTHY
+   Message: (no message)
+   Applications:
+     * endpoint-security      (HEALTHY)
+                              Protecting with policy {910a8f4a-1642-4d16-b21a-17773eede78b}
+     * filebeat               (HEALTHY)
+                              Running
+     * metricbeat             (HEALTHY)
+                              Running
+     * filebeat_monitoring    (HEALTHY)
+                              Running
+     * metricbeat_monitoring  (HEALTHY)
+                              Running
+     * osquerybeat            (HEALTHY)
+                              Running
+
+check the fleet server status
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+`curl https://fleet-server:8220/api/status`
+
+Should get something like this back:
+`{"name": "fleet-server", "status": "HEALTHY"}`
+

_sources/elk/agent/index.rst.txt

@@ -8,6 +8,6 @@ Contents:
 .. toctree::
    :maxdepth: 2
 
-   cmd
+   agent
    discover
 

_sources/elk/elastic/security/api_key.rst.txt

@@ -94,6 +94,36 @@ With this, set an `Authorization` header:
 
    curl -s -H 'Authorization: ApiKey BASE664_ENCODED_KEY' http://127.0.0.1:9200/_cluster/health
 
+logstash api key
+^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   POST _security/api_key
+   {
+     "name": "logstash-writer",
+     "role_descriptors": {
+       "logstash_writer": {
+         "cluster": [
+           "monitor,
+           "manage_ilm",
+           "read_ilm"
+         ],
+         "index": [
+           {
+             "names": [ "*" ],
+             "privileges": [
+               "view_index_metadata",
+               "create_doc",
+               "create_index",
+               "write"
+             ]
+           }
+         ]
+       }
+     }
+   }
+
 
 
 

_sources/elk/elastic/shards.rst.txt

@@ -72,3 +72,13 @@ get cluster shard status along with curent health
 
    GET _cluster/health?filter_path=status,*_shards
 
+increase the number of shards that can be in the relocating state
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The default is 2, and elastic says you shouldn't change it.
+But sometimes you just gotta.
+
+.. code-block:: console
+
+   cluster.routing.allocation.node_concurrent_recoveries
+

_sources/elk/logstash/index.rst.txt

@@ -14,6 +14,7 @@ Contents:
    input
    ssl
    testing
+   monitoring
    usage
 
    patterns/index

_sources/elk/logstash/monitoring.rst.txt

@@ -0,0 +1,11 @@
+===================
+monitoring logstash
+===================
+
+pipeline stats
+^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   $ curl http://127.0.0.1:9600/_node/stats/pipelines
+

_sources/misc/index.rst.txt

@@ -22,4 +22,5 @@ Contents:
    random
    junk/index
    fediverse/glitch-soc.rst
+   zfs
 

_sources/misc/junk/communication.rst.txt

@@ -0,0 +1,11 @@
+=============
+communication
+=============
+
+include, if possible
+^^^^^^^^^^^^^^^^^^^^
+
+* highlight the issue/facts
+* highlight the impact
+* provide recommendation
+

_sources/misc/junk/index.rst.txt

@@ -14,6 +14,7 @@ Contents:
    books
    breweries
    chicken
+   communication
    creepypastas
    gardening/index
    podcasts

_sources/misc/zfs.rst.txt

@@ -0,0 +1,29 @@
+===
+zfs
+===
+
+import a pool from one system to another
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+I installed a different distribution and wanted to import my zfs pool (on an untouched drive).
+`zpool import` to the rescue!
+
+.. code-block::
+
+   root@caladan:/home/ddp# zpool import
+      pool: data
+        id: 14940038568498653083
+     state: ONLINE
+   status: The pool was last accessed by another system.
+    action: The pool can be imported using its name or numeric identifier and
+           the '-f' flag.
+      see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-EY
+    config:
+
+           data        ONLINE
+             nvme0n1   ONLINE
+   root@caladan:/home/ddp# zpool import -f data
+   root@caladan:/home/ddp# zpool list
+   NAME   SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
+   data   928G   242G   686G        -         -     2%    26%  1.00x    ONLINE  -
+