[00:48:25] <jinxer-wm>	 FIRING: SystemdUnitFailed: curator_actions_cluster_wide.service on logstash2026:9100 - https://wikitech.wikimedia.org/wiki/Monitoring/check_systemd_state - https://grafana.wikimedia.org/d/g-AaZRFWk/systemd-status - https://alerts.wikimedia.org/?q=alertname%3DSystemdUnitFailed
[04:48:40] <jinxer-wm>	 FIRING: SystemdUnitFailed: curator_actions_cluster_wide.service on logstash2026:9100 - https://wikitech.wikimedia.org/wiki/Monitoring/check_systemd_state - https://grafana.wikimedia.org/d/g-AaZRFWk/systemd-status - https://alerts.wikimedia.org/?q=alertname%3DSystemdUnitFailed
[08:48:40] <jinxer-wm>	 FIRING: SystemdUnitFailed: curator_actions_cluster_wide.service on logstash2026:9100 - https://wikitech.wikimedia.org/wiki/Monitoring/check_systemd_state - https://grafana.wikimedia.org/d/g-AaZRFWk/systemd-status - https://alerts.wikimedia.org/?q=alertname%3DSystemdUnitFailed
[12:48:40] <jinxer-wm>	 FIRING: SystemdUnitFailed: curator_actions_cluster_wide.service on logstash2026:9100 - https://wikitech.wikimedia.org/wiki/Monitoring/check_systemd_state - https://grafana.wikimedia.org/d/g-AaZRFWk/systemd-status - https://alerts.wikimedia.org/?q=alertname%3DSystemdUnitFailed
[16:48:40] <jinxer-wm>	 FIRING: SystemdUnitFailed: curator_actions_cluster_wide.service on logstash2026:9100 - https://wikitech.wikimedia.org/wiki/Monitoring/check_systemd_state - https://grafana.wikimedia.org/d/g-AaZRFWk/systemd-status - https://alerts.wikimedia.org/?q=alertname%3DSystemdUnitFailed
[16:53:25] <jinxer-wm>	 RESOLVED: SystemdUnitFailed: curator_actions_cluster_wide.service on logstash2026:9100 - https://wikitech.wikimedia.org/wiki/Monitoring/check_systemd_state - https://grafana.wikimedia.org/d/g-AaZRFWk/systemd-status - https://alerts.wikimedia.org/?q=alertname%3DSystemdUnitFailed
[20:01:43] <ecarg>	 Hello! I recently created this Phab task: https://phabricator.wikimedia.org/T372445 requesting 'access' to the LogStash server; however, it seems perhaps the syntax of my request was incorrect. I updated the ticket with what I get when I use the provided URL (rather than the localhost:9200), which still blocks me from proceeding with querying in
[20:01:44] <ecarg>	 there. Could anyone provide some insight?
[20:03:34] <ecarg>	 TLDR, this is the doc I'm using: https://wikitech.wikimedia.org/wiki/Logstash#Extract_data_from_Logstash_(OpenSearch)_with_curl_and_jq
[20:03:34] <ecarg>	 The request I'm sending in (from my deployment server `ssh deployment.eqiad.wmnet`):
[20:03:35] <ecarg>	 curl -XGET 'https://logs-api.svc.eqiad.wmnet/_msearch?pretty&size=10000' -d '
[20:03:35] <ecarg>	 {
[20:03:36] <ecarg>	     "query": {
[20:03:36] <ecarg>	         "query_string" : {
[20:03:37] <ecarg>	             "query" : "facility:19,local3 AND host:csw2-esams AND @timestamp:[2019-08-04T03:00 TO 2019-08-04T03:15] NOT program:mgd"
[20:03:37] <ecarg>	         }
[20:03:38] <ecarg>	     },
[20:03:38] <ecarg>	     "sort": ["@timestamp"]
[20:03:39] <ecarg>	 } '
[20:03:39] <ecarg>	 and what I get back:
[20:03:40] <ecarg>	 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
[20:03:40] <ecarg>	 <html><head>
[20:03:41] <ecarg>	 <title>401 Unauthorized</title>
[20:03:41] <ecarg>	 </head><body>
[20:03:42] <ecarg>	 <h1>Unauthorized</h1>
[20:03:42] <ecarg>	 <p>This server could not verify that you
[20:04:29] <ecarg>	 I'd love to know what others get from that request...
[20:04:30] <ecarg>	 TY in advance~!