[15:16:27] <rdurward>	 Hi Pats
[17:48:41] <rfarrand>	 Tech Talk: Using Kibana4 to read logs at Wikimedia | YouTube Stream: https://www.youtube.com/watch?v=woS587VIfHI
[17:48:48] <rfarrand>	 Starting in 12 min
[17:49:20] <rfarrand>	 if you have any questions during the talk you can ping me and I will ask for you!
[17:52:14] * bawolff recently began to wonder, why does logstash default to OR instead of AND for the boolean operation
[17:52:18] * bawolff finds that weird
[17:52:55] <bd808>	 bawolff: good question. it is kind of annoying
[17:58:05] <rfarrand>	 Tech Talk: Using Kibana4 to read logs at Wikimedia | YouTube Stream: https://www.youtube.com/watch?v=woS587VIfHI
[17:58:12] <rfarrand>	 starting in a few moments
[18:02:28] <guillom>	 Just checking: the stream (for tech tech talk) hasn't started yet, correct?
[18:02:56] <rfarrand>	 live!
[18:02:58] <rfarrand>	 Just started
[18:03:11] <rfarrand>	 I am here to ask questions
[18:03:18] <Niharika>	 rfarrand: Not online yet for me.
[18:03:19] <rfarrand>	 for you
[18:03:28] <rfarrand>	 Let me know when anyone sees it
[18:03:29] <Niharika>	 Oh now it is.
[18:03:34] <rfarrand>	 Great!
[18:03:40] <rfarrand>	 everything sound OK Niharika?
[18:03:51] <Niharika>	 rfarrand: It's great. :)
[18:03:55] <rfarrand>	 Perfect
[18:03:57] <Niharika>	 Thanks for organizing this!
[18:04:03] <rfarrand>	 no problem, and Hi! :)
[18:06:17] <rfarrand>	 I can't change the topic, so I will keep posting this every once in a while: <rfarrand> Tech Talk: Using Kibana4 to read logs at Wikimedia | YouTube Stream: https://www.youtube.com/watch?v=woS587VIfHI
[18:07:13] <rfarrand>	 If you have questions for the speaker you can ping me and I will ask :)
[18:13:05] <rfarrand>	 10 viewers :)
[18:13:28] <zeljkof>	 o/
[18:23:07] <ottomata>	 can those filters be typed into the search box?
[18:23:10] <ottomata>	 somehow?
[18:23:15] <ottomata>	 rfarrand: ^
[18:23:34] <rfarrand>	 just asked :)
[18:24:52] <rfarrand>	 ottomata: does this answer your q?
[18:24:58] <ottomata>	 rfarrand: and how to filter out
[18:24:59] <ottomata>	 ?
[18:25:07] <rfarrand>	 OK
[18:26:17] <rfarrand>	 Done :)
[18:26:39] <ottomata>	 perfect.  thanks
[18:26:50] <rfarrand>	 np
[18:28:04] <ottomata>	 yup, answered, thank you
[18:29:35] <rfarrand>	 start thinking of any other questions you all have
[18:30:09] <cajoel>	 @rfarrand for the tech talk: Have you established a way to correlate code releases or other events using 'annotation' marks in the Kibana UI?
[18:31:05] <rfarrand>	 OK cajoel
[18:31:51] <rfarrand>	 will wait for a break and ask
[18:33:17] <rfarrand>	 any other questions i should add to the list?
[18:33:54] <rfarrand>	 cajoel: asked
[18:34:48] <ottomata>	 gotta get some lunch, thanks bd808!  :)
[18:35:01] <rfarrand>	 cajoel: does this help?
[18:35:07] <cajoel>	 yep - -thx
[18:35:13] <cajoel>	 I have the same problem..
[18:36:35] <rfarrand>	 any final questions?
[18:36:45] <rfarrand>	 last chance...
[18:36:46] <apergos>	 thanks for the talk
[18:37:30] <apergos>	 slides link!
[18:37:37] <apergos>	 (I know he'll do it)
[18:37:55] <rfarrand>	 bd808 ^
[18:38:21] <bd808>	 I'll get them on commons soon, but for now here's the google link -- https://docs.google.com/presentation/d/1TMAzhgRnPLg3aqhNNLEpB5kQwdDxHFIoYjoWJAaO9AU/edit?usp=sharing
[18:38:27] <apergos>	 sweet
[18:38:31] <bawolff>	 bd808: Sorry, I couldn't come to this talk, but umm, I was wondering, is there a way to set alerts in logstash so if there is some query matches stuff i get an email?
[18:38:55] <apergos>	 ah the weekend... yeah. woulda been nice
[18:40:16] <cajoel>	 bawolff: I wrote a python wrapper that makes direct queries to ES for certain matches, and it triggers a icinga alert -- not too far off to generate an email
[18:40:56] <bd808>	 bawolff: we have some tooling, but it's not great. There are graphite counters that can be used to alert in drastic rate changes.
[18:41:01] <bawolff>	 cajoel: hmm, interesting. I might look into using that at some point in the future
[18:41:16] <cajoel>	 it's pretty easy to write your own ES queries
[18:41:39] <bd808>	 The folks at elasticsearch went open core a couple of years ago and alerting is one of the features they put behind their paywall
[18:41:40] <cajoel>	 and Kibana will spit out a ES json formatted query for you if you construct something you want in Kibana..
[18:42:23] <bd808>	 bawolff: there's a ticket in phab somewhere about a FLOSS altering tool that csteipp was interested in trying out...
[18:43:42] <cajoel>	 bd808: from a quick check  -- it seemed that Kibana5 was not backward compat with Kibana4-era ES.. is that you understanding too ? (lock step breaking of backward compat?)
[18:44:29] <bd808>	 cajoel: yeah, my understanding is that Elasticsearch 5.x is needed to back Kibana 5.x
[18:44:46] <cajoel>	 'all-in or none', yeah.
[18:46:31] <bd808>	 I haven't talked to the Discovery folks to see if upgrading elasticsearch from 2.x to 5.x is even on their roadmap yet
[18:51:25] <bd808>	 Ok, slides are on commons at https://commons.wikimedia.org/wiki/File:Using_Kibana4_to_read_logs_at_Wikimedia_Tech_Talk_2016-11-14.pdf
[18:52:22] <apergos>	 \o/
[18:55:05] <ebernhardson>	 thanks!
[18:55:20] <ebernhardson>	 bd808: it is on our roadmap
[18:55:33] <bd808>	 ebernhardson: I figured :)
[18:56:53] <ebernhardson>	 bd808: i have no clue where the list is ... but it was a possible goal either Q3 or Q4, i forget which
[18:57:53] * Deskana looks at the roadmap
[18:58:12] <Deskana>	 Q3 FY 2016-17
[18:58:33] <Deskana>	 I should really put these goals on the official goals pages
[20:25:57] <pizzzacat>	 is this where we can ask questions in the space brownbag?
[20:26:48] <bawolff>	 pizzzacat: I think you are supposed to do that in #wikimedia-staff
[20:27:09] <pizzzacat>	 ah thank you!
[20:28:30] <pizzzacat>	 well I'm unable to join. will just email them.