[06:48:57] <_joe_>	 jbond42: I love it!
[08:22:48] <_joe_>	 jbond42: re: building the puppet image. I think I'll patch together a stupid script in utils/ in puppet to do that
[08:23:11] <_joe_>	 or I'll just write the instructions on wikitech
[08:47:43] <jbond42>	 thanks _joe_ 
[16:01:21] <jbond42>	 FYI the hack for puppetmaster1003 seems to be working.  I leave it over the weekend before doing anything more on it.  but so far i have seen no errors and reports seem to be processes as expected
[18:36:12] <XioNoX>	 How do I download logs from kibana? I have a search with some filters, and want to download the result
[18:38:06] <XioNoX>	 maybe herron or shdubsh know ^
[18:39:39] <shdubsh>	 last I checked (possibly way out of date now) that was still a feature request from upstream.
[18:39:55] <XioNoX>	 haha
[18:39:56] <XioNoX>	 okay
[18:40:12] <XioNoX>	 is there a way to downloads logs somehow?
[18:40:22] <shdubsh>	 However if you can programmatically query the Elasticsearch API, it can be exported and formatted however you want.
[18:40:23] <XioNoX>	 I know the source device and the time window
[18:40:56] <XioNoX>	 is there something easier than writing code to get some logs? :)
[18:41:05] <herron>	 YAV6F (yet another version 6 feature) haha
[18:41:50] <XioNoX>	 "These are the first 500 documents matching your search, refine your search to see others." otherwise I would have copy pasted the page
[18:42:14] <XioNoX>	 are the logs on disk somewhere?
[18:42:21] <XioNoX>	 plain text maybe?
[18:42:24] <shdubsh>	 they are in binary index files
[18:43:04] <herron>	 what are the logs?  you may be able to pull them from kafka
[18:44:31] <XioNoX>	 herron: does that link work? https://logstash.wikimedia.org/goto/54225e77aa5aa3cabc024fdff0d40a19
[18:44:45] <herron>	 yeah thx
[18:45:17] <XioNoX>	 device is csw2-esams, time window is 08/04 between 3am and 3:15am
[18:45:53] <XioNoX>	 The logs are not on the device anymore, so I need those to open a ticket with JTAC for https://phabricator.wikimedia.org/T229755
[18:47:15] <herron>	 ok thx, I’ll poke at this for a couple mins.  should be able to pull from kafka
[18:47:28] <XioNoX>	 thanks :)
[18:47:34] <herron>	 also do you want to log to flat files on the centrallog hosts?  seems we should if this is a fairly regular case
[18:47:43] <herron>	 (in addition to logstash)
[18:49:18] <XioNoX>	 herron: nah it's a one off
[18:49:42] <XioNoX>	 this device is old and very verbose
[18:49:47] <herron>	 kk
[18:49:58] <XioNoX>	 other devices have better local retention