Closed GoogleCodeExporter closed 9 years ago
The program field is stored as a single keyword, so you cannot search for
individual parts of the word. Also, if the program word had been part of the
message, "updown" would not be searchable either in that form because hyphens
count as "letters" for the purposes of making up entire keywords. So do
periods, underscores and at signs.
Original comment by mchol...@gmail.com
on 6 Mar 2012 at 2:39
That makes sense. So, if my program field pulls up like this from on of the
records of the aforementioned search: program=%cdp-4-duplex_mismatch to find
other records that have the same program content, would the search look like
this: "program=%cdp-4-duplex_mismatch" or "%cdp-4-duplex_mismatch". Neither
pulls any records; however the first gives this error:
Errors: index
perm_155,perm_156,perm_157,perm_158,perm_159,perm_160,perm_161,perm_162,perm_163
,perm_164,perm_165,perm_166,perm_167,perm_168,perm_169,perm_170,perm_171,perm_17
2,perm_173,perm_174,perm_175,perm_176,perm_177,perm_178,perm_179,perm_180,perm_1
81,perm_182,perm_183,perm_184,perm_185,perm_186,perm_187,perm_188,perm_189:
fullscan requires extern docinfo
and the second just pulls 0 records. Am I thinking ELSA should be doing
something other than it was designed or do I need to troubleshoot my install?
Thanks.
Original comment by D00050...@dmail.dixie.edu
on 6 Mar 2012 at 6:05
You are experiencing the temp index limit. See the docs under:
http://code.google.com/p/enterprise-log-search-and-archive/wiki/Documentation#In
dex_Configuration .
Original comment by mchol...@gmail.com
on 6 Mar 2012 at 6:58
When doing the process mentioned in the above link, I come up with more errors.
Manly that I cannot seem to run this: "perl /usr/local/elsa/node/elsa.pl -c
/etc/elsa_node.conf -on" command successfully after running this command: "mv
/etc/elsa_node.conf /etc/elsa_node.conf.bak".
If I do not rename the elsa_node.conf file, then I get this error:
Sphinx 2.1.0-id64-dev (r3119)
Copyright (c) 2001-2012, Andrew Aksyonoff
Copyright (c) 2008-2012, Sphinx Technologies Inc (http://sphinxsearch.com)
FATAL: no readable config file (looked in /usr/local/sphinx/etc/sphinx.conf,
./sphinx.conf)
When running this command: "/usr/local/sphinx/bin/indexer --rotate --all".
What am I doing incorrectly?
Thank you.
Original comment by D00050...@dmail.dixie.edu
on 6 Mar 2012 at 9:37
Sorry, I had a type-oh in the documentation, that should've been:
mv /usr/local/etc/sphinx.conf /usr/local/etc/sphinx.conf.bak
Original comment by mchol...@gmail.com
on 6 Mar 2012 at 10:06
Ok, when re-doing the operation I get the same error. How can I tell where it
went wrong?
Thanks!
Original comment by D00050...@dmail.dixie.edu
on 6 Mar 2012 at 11:36
Sorry, need to clarify that the system says I have a sphinx conf file
"sphinx1.conf"
$ sudo perl /usr/local/elsa/node/elsa.pl -c /etc/elsa_node.conf -on
Wrote new config to file /usr/local/etc/sphinx1.conf
Running once
$ sh: turning off NDELAY mode
sudo service searchd stop
Stopping searchd
$
Thanks again.
Original comment by D00050...@dmail.dixie.edu
on 6 Mar 2012 at 11:50
First off, I want to say that doing all temp indexes is not recommended unless
you have an enormous amount of RAM and not that many logs. If you go this
route, keep a sharp eye on your memory utilization.
Searchd should run from /usr/local/etc/sphinx.conf. If you somehow got
sphinx1.conf, you need to rename it to sphinx.conf. I suspect that you changed
the name in the config file. Then, continue with the directions and re-run the
indexing:
sudo /usr/local/sphinx/bin/indexer --rotate --all --config
/usr/local/etc/sphinx.conf
sudo service searchd start
After that, you should be good to start syslog-ng.
Original comment by mchol...@gmail.com
on 7 Mar 2012 at 1:52
Yes, that is what I did and I have it working again. However, I still
cannot create a search that will pull up only those programs I want. The
search method seems to me "broken" because of my miss-unsderstanding of how
it is supposed to work.
How can I search for a specific program?
Thanks.
On Tue, Mar 6, 2012 at 6:52 PM, <
enterprise-log-search-and-archive@googlecode.com> wrote:
Original comment by D00050...@dmail.dixie.edu
on 7 Mar 2012 at 5:56
Ah, found a bug when the program contains the "%" symbol. I have a fix for
this and will be committing that to the codebase soon.
Original comment by mchol...@gmail.com
on 7 Mar 2012 at 7:22
How can I get the fix for this? Is there an update process or do I have to
re-install?
Thank you for working with me through this trouble!
Original comment by D00050...@dmail.dixie.edu
on 8 Mar 2012 at 8:07
This should be fixed in the latest commit. You can update by running sh
install.sh web update.
Original comment by mchol...@gmail.com
on 8 Mar 2012 at 8:36
Ok, that update allowed me to search just as you described.
Thank you.
Original comment by D00050...@dmail.dixie.edu
on 20 Mar 2012 at 11:03
Original comment by mchol...@gmail.com
on 21 Mar 2012 at 3:50
Original issue reported on code.google.com by
D00050...@dmail.dixie.edu
on 5 Mar 2012 at 11:52