SlideShare une entreprise Scribd logo

Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana

Publicis Sapient Engineering
Publicis Sapient Engineering

Vous n'avez pas pu assister à la journée DevOps by Xebia ? Voici la présentation de Vincent Spiewak (Xebia) à propos d'ElasticSearch, Logstash et Kibana.

LogicielsTechnologieFormation
1  sur  73
Télécharger pour lire hors ligne
Des dashboards pour tous avec ELK 10 Juin 2014 Vincent Spiewak - @vspiewak
Introduction
Speaker 3 Vincent Spiewak @vspiewak •5 ans XP •Master TA (UPMC) •http://blog.xebia.fr •@vspiewak
Agenda 4 •Introduction •Logstash •Monitoring Système •Monitoring JMX •Log As A Service •Monitoring Métier / BI •Cluster ELK •Vagrant (démos)
Stack 5 1 2 3 Elasticsearch Stockage ! Kibana Visualisation ! Logstash ETL !
Logstash 6 41 » stdin » file » udp » tcp » rabbitmq » s3 » … 20 » plain » json » line » multiline » dots » msgpack » … 50 » grok » date » drop » mutate » geoip » anonymize » … 55 » stdout » file » udp » tcp » rabbitmq » elasticsearch » … OutputsInputs Codecs Filters
Elasticsearch 7 Schema Free Full Text REST Document Real Time Distributed HA Multi-tenancy
Kibana 8
Dashboards Adaptés 9 Infrastructure » serveur » charge Application » stacktrace » warn, error Business » client » produit Objectifs » résultat » progression DirectionOps Dev Métier
Architecture 10
Logstash
Logstash - Entrée/Sortie 12 input {! stdin {}! }! ! # filters! ! output {! stdout { codec => json }! }!
Logstash - Run 13 $ java -jar logstash.jar agent —f app.conf! 2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043! {! "message" => "2011-04-19T03:44:01.103Z GET /index.html 15824 0.043",! "@timestamp" => "2013-11-03T19:48:53.175Z",! "@version" => "1",! "host" => "macbook"! }!
Logstash - Patterns 14 USERNAME [a-zA-Z0-9._-]+! USER %{USERNAME}! INT (?:[+-]?(?:[0-9]+))! WORD bw+b! NOTSPACE S+! DATA .*?! GREEDYDATA .*! HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}! COMBINEDAPACHELOG %{IPORHOST:clientip} … https://github.com/logstash/logstash/blob/master/patterns
Logstash - Filtre Grok 15 2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043! 
 filter { grok { match => 
 [ "message", "%{TIMESTAMP_ISO8601:date} %{IP:client} %{WORD:method} %{URIPATHPARAM:uri} %{NUMBER:bytes} %{NUMBER:duration}" ] } }
Filtre Grok - Sortie 16 2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043! ! {! "@timestamp" => "2013-12-01T21:19:11.303Z",! "@version" => "1",! "@bytes" => "15824",! "@client" => "55.3.244.1",! "date" => "2011-04-19T03:44:01.103Z",! "@duration" => "0.043",! "host" => "macbookpro",! "message" => "2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043",! "method" => "GET",! "uri" => "/index.html",! }!
Filtre Date - @Timestamp 17 filter {! date {! match => [ "date", "ISO8601" ],! }! }!
Filtre Date - @Timestamp 18 {! "@timestamp" => "2011-04-19T03:44:01.103Z",! "@version" => "1",! "@bytes" => "15824",! "@client" => "55.3.244.1",! "date" => "2011-04-19T03:44:01.103Z",! "@duration" => "0.043",! "host" => "macbookpro",! "message" => "2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043",! "method" => "GET",! "uri" => "/index.html",! }
Sortie Elasticsearch 19
Filtres 20 •ajout d’un champ / type / tag •suppression d’un champ •split d’un champ •conversion de type (string, int, float) •IP => géolocation •UA => device, browser, os, versions •conditions •etc…
Logstash - Sortie Elasticsearch 21 •host •port •cluster •index => "logstash-%{+YYYY.MM.dd}" •protocol •…
Monitoring Système
Monitoring Système: Collectd 23 UDP 25826
Collectd - Plugins 24 •cpu (jiffies) •process •users •disk •memory •swap •network •Java / JMX •MySQL •…
Collectd - Configuration 25 FQDNLookup true LoadPlugin syslog <Plugin syslog> LogLevel info </Plugin> LoadPlugin cpu LoadPlugin df LoadPlugin disk LoadPlugin entropy LoadPlugin interface LoadPlugin irq LoadPlugin load LoadPlugin memory LoadPlugin network LoadPlugin processes LoadPlugin rrdtool LoadPlugin swap LoadPlugin users <Plugin interface> Interface "eth0" IgnoreSelected false </Plugin> <Plugin network> <Server "127.0.0.1" "25826"> </Server> </Plugin> <Plugin rrdtool> DataDir "/var/lib/collectd/rrd" </Plugin> Include "/etc/collectd/filters.conf" Include "/etc/collectd/thresholds.conf"
Collectd - Logstash Conf 26 input { collectd { host => "127.0.0.1" } } ! output { elasticsearch {} }
Elasticsearch - Samples 27 { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "precise64", "plugin": "memory", "collectd_type": "memory", "type_instance": "cached", "value": 267845632 } ! { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "precise64", "plugin": "memory", "collectd_type": "memory", "type_instance": "used", "value": 703348736 }
system-survey Monitoring Système 28 Démo
system-survey Monitoring Système 29
Monitoring JMX
Monitoring JMX: Collectd JMX 31 PORT 25826
Collectd - Setup Java & JMX 32 ! ! ! ! # check dynamic libraries ! ldd /usr/lib/collectd/java.so ! ! ! ! ! # fix libjvm.so not found error ! ln -s /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/server/libjvm.so /usr/lib/libjvm.so
JConsole - SystemCpuLoad 33
Collectd - Plugin Java & JMX 34 <Plugin "java"> JVMARG "-Djava.class.path=/usr/share/collectd/java/collectd-api.jar:/usr/share/collectd/java/generic-jmx.jar" LoadPlugin "org.collectd.java.GenericJMX" <Plugin "GenericJMX"> <MBean "os"> ObjectName "java.lang:type=OperatingSystem" ! <Value> Type "gauge" InstancePrefix "system_cpu_load" Attribute "SystemCpuLoad" </Value> ! </MBean> ! <Connection> ServiceURL "service:jmx:rmi:///jndi/rmi://localhost:9010/jmxrmi" Collect "os" </Connection> ! </Plugin> </Plugin>
Elasticsearch - Samples 35 { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "localhost", "plugin": "GenericJMX", "collectd_type": "gauge", "type_instance": "system_cpu_load", "value": 0.5587837837837838 }
JConsole - HeapMemoryUsage 36
Collectd - JMX - Type Table 37 # Heap memory usage <MBean "memory-heap"> ObjectName "java.lang:type=Memory" #InstanceFrom "" InstancePrefix "memory-heap" # Creates four values: committed, init, max, used <Value> Type "jmx_memory" Table true Attribute "HeapMemoryUsage" </Value> </MBean> !
Collectd - Types 38 ! /usr/share/collectd/types.db ! ! gauge value:GAUGE:U:U ! load shortterm:GAUGE:0:100, midterm:GAUGE:0:100, longterm:GAUGE:0:100 ! percent percent:GAUGE:0:100.1 ! jmx_memory value:GAUGE:0:U
Elasticsearch - Samples 39 { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "localhost", "plugin": "GenericJMX", "plugin_instance": "memory-heap", "collectd_type": "jmx_memory", "type_instance": "used", "value": 62282808 } ! { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "localhost", "plugin": "GenericJMX", "plugin_instance": "memory-heap", "collectd_type": "jmx_memory", "type_instance": "init", "value": 104857600 }
Collectd - Custom MBean 40 <MBean "flume-source"> ObjectName "org.apache.flume.source:type=source-1" InstancePrefix "flume-source-1" <Value> Type "gauge" InstancePrefix "event_received_count" Attribute "EventReceivedCount" </Value> <Value> Type "gauge" InstancePrefix "event_accepted_count" Table false Attribute "EventAcceptedCount" </Value> </MBean>
Elasticsearch - Samples 41 { "@version": "1", "@timestamp": "2014-06-09T23:09:41.000Z", "host": "localhost", "plugin": "GenericJMX", "plugin_instance": "flume-source-1", "collectd_type": "gauge", "type_instance": "event_accepted_count", "value": 1246501 }
Flume JMX Monitoring JVM / JMX 42 Démo
Flume JMX Monitoring JVM / JMX 43
Log As Service
Log As A Service: SyslogAppender 45 PORT 5514
SyslogAppender Log As A Service - Logback 46
Logstash - Syslog configuration 47 input { udp { port => "5514" } } ! filter { grok { patterns_dir => "./patterns" match => ["message","%{LOGBACK_SYSLOG}"] } } ! filter { date { match => ["log_date","dd-MM-YYYY HH:mm:ss.SSS"] } } ! output { elasticsearch {} }
Logstash - Pattern 48 ! ! ! ! LOG_DATE %{MONTHDAY}-%{MONTHNUM}-%{YEAR} %{HOUR}:%{MINUTE}:%{SECOND}.[0-9]{3} ! SYSLOG_BASE %{SYSLOG5424PRI}%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_host} SYSLOG %{SYSLOG_BASE} %{GREEDYDATA:syslog_message} ! LOGBACK_SYSLOG_BASE %{SYSLOG_BASE} %{LOG_DATE:log_date} [%{NOTSPACE:thread}] %{LOGLEVEL:log_level} %{NOTSPACE:classname} LOGBACK_SYSLOG %{LOGBACK_SYSLOG_BASE} %{GREEDYDATA:log_msg}
Syslog Monitoring Log 49 Démo
Syslog Monitoring Log 50
Monitoring Métier- BI
Problème GeekShop 52 •Quels sont les produits les plus achetés ? •Quelle est la répartition H/F de mes clients ? •Quels sont mes clients les plus fidèles ? •Combien de femmes à Paris ont acheté un iPod Touch Bleu 32 Go entre le 12 octobre 2012 à 14h30 et le 4 novembre 2013 à 19h ?
GeekShop - Format Logs 53 09-06-2014 21:27:42.228 [pool-32-thread-1] INFO com.github.vspiewak.loggenerator.SearchRequest - id=317&ua=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/ 534.24&ip=94.228.34.210&category=Mobile! ! 09-06-2014 21:27:42.227 [pool-32-thread-1] INFO com.github.vspiewak.loggenerator.SellRequest - id=313&ua=Mozilla/ 5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/ 20110420 Firefox/ 3.6.17&ip=202.46.52.35&email=client314@gmail.com&sex=M&brand=Appl e&name=iPod Touch&model=iPod Touch - Jaune - Disque 32Go&category=Baladeur&color=Jaune&options=Disque 32Go&price=329.0
GeekShop - Après Logstash 54 {! "_index": "logstash-2014.06.09",! "_type": "app-log",! "_id": "gaQXRn9mROiAGjhBZ2h2Og",! "_version": 1,! "found": true,! "_source": {! "message": "09-06-2014 21:27:42.228 [pool-32-thread-1] INFO com.github.vspiewak.loggenerator.SearchRequest - id=317&ua=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24&ip=94.228.34.210&category=Mobile",! "@version": "1",! "@timestamp": "2014-06-09T19:27:42.228Z",! "type": "app-log",! "host": "precise64",! "path": "/home/vagrant/app.log",! "log_date": "09-06-2014 21:27:42.228",! "thread": "pool-32-thread-1",! "log_level": "INFO",! "classname": "com.github.vspiewak.loggenerator.SearchRequest",! "log_msg": "- id=317&ua=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/ 534.24&ip=94.228.34.210&category=Mobile",! "id": 317,! "ua": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24",! "ip": "94.228.34.210",! "category": "Mobile",! "tags": [! "search"! ],! "geoip": {! "ip": "94.228.34.210",! "country_code2": "GB",! "country_code3": "GBR",! "country_name": "United Kingdom",! "continent_code": "EU",! "latitude": 51.5,! "longitude": -0.12999999999999545,! "timezone": "Europe/London",! "location": [! -0.12999999999999545,! 51.5! ]! },! "useragent": {! "name": "Chrome",! "os": "Linux",! "os_name": "Linux",! "device": "Other",! "major": "11",! "minor": "0",! "patch": "696"! }! }! }
Kibana: Terms & Analysers 55
Change analyser on specific indexes & fields Elasticsearch Template Mapping 56 curl -XPUT http://localhost:9200/_template/logstash_per_index -d '{ "template" : "logstash*",! "mappings" : { ! "_default_" : {! "properties" : {! "@timestamp": { "type": "date", "index": "not_analyzed" },! "ip": { "type" : "ip", "index": "not_analyzed" },! "name": { "type" : "string", "index": "not_analyzed" },! "options": { "type" : "string", "index": "not_analyzed" },! "email": { "type" : "string", "index": "not_analyzed" }! } ! }! }! }'
eshop-survey Monitoring Métier / Business 57 Démo
eshop-survey Monitoring Métier / Business 58
eshop-survey Monitoring Métier / Business 59
Cluster ELK
Elasticsearch - Feedbacks 61 ! •The Guardian: social network - real time feedback ! •StackOverflow: full-text search with geolocation and « more like » ! •Goldman Sacks: 5TB logs/day + analysis stock market ! •…
Elasticsearch - NoSQL 62 SQL Partitions DB Table Ligne Colonne ES Cluster Indices Type Document Champ
Elasticsearch - Types de noeuds 63 ! •master •data •search
Elasticsearch - Shard & Replica 64 ! •shards → +indexing, +distribution (one-time setting) ! •replicas → +search, +availability
Elasticsearch - Health 65 ! •GREEN → all primaries/replicas shards active •YELLOW → all primaries shards active •RED → not all primaries shards
Cluster Elasticsearch 66 http://www.cubrid.org/blog/dev-platform/our-experience-creating-large-scale-log-search-system-using-elasticsearch/
es-cluster Cluster Elasticsearch 67 Démo
Vagrant (Démos)
Pré-requis Démo 69 ! Virtual Box ! ! ! Vagrant

 ! ! ! Git *
Démo @ Home 70 ! ! • https://github.com/vspiewak/elk-devops-day-2014 ! $ tree -L 1 . . "## README.md "## demo-all "## es-cluster "## eshop-survey "## flume-jmx "## slides "## syslog $## system-survey
Vagrant - Shortcuts 71 ! • cd demo-all ! • vagrant up • vagrant ssh • sudo jconsole • vagrant halt* • vagrant destroy
Vagrant VM 72 ! • config.vm.box = "hashicorp/precise64" ! • config.vm.network "forwarded_port", guest: 80, host: 10080 • config.vm.network "forwarded_port", guest: 9200, host: 19200 ! • config.ssh.forward_x11 = true ! • vb.customize ["modifyvm", :id, "--ioapic", "on", "--cpuexecutioncap", "40", "-- cpus", "2", "--memory", "1024" ] ! • bootstrap.sh
Questions ? 73 THANK YOUFOR watching

Recommandé

Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 
LogStash in action
LogStash in actionLogStash in action
LogStash in actionManuj Aggarwal
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
Advanced troubleshooting linux performance
Advanced troubleshooting linux performanceAdvanced troubleshooting linux performance
Advanced troubleshooting linux performanceForthscale
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com琛琳 饶
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 

Recommandé

Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 
LogStash in action
LogStash in actionLogStash in action
LogStash in actionManuj Aggarwal
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
Advanced troubleshooting linux performance
Advanced troubleshooting linux performanceAdvanced troubleshooting linux performance
Advanced troubleshooting linux performanceForthscale
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com琛琳 饶
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
{{more}} Kibana4
{{more}} Kibana4{{more}} Kibana4
{{more}} Kibana4琛琳 饶
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Prajal Kulkarni
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnasAlexander Szalonnas
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK hypto
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaAlejandro E Brito Monedero
 
Elk scilifelab
Elk scilifelabElk scilifelab
Elk scilifelabGuillermo Carrasco Hernández
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introductionOwen Wu
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Application Logging With The ELK Stack
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stackbenwaine
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Airat Khisamov
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'Cloud Elements
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibanainovex GmbH
 
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Gaurav Bhardwaj
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring WebinarSematext Group, Inc.
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKYoungHeon (Roy) Kim
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Steve Howe
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupLogstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupStartit
 
Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
"How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics."How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics.Vladimir Pavkin
 

Contenu connexe

Tendances

{{more}} Kibana4
{{more}} Kibana4{{more}} Kibana4
{{more}} Kibana4琛琳 饶
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Prajal Kulkarni
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK hypto
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introductionOwen Wu
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Application Logging With The ELK Stack
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stackbenwaine
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Airat Khisamov
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'Cloud Elements
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibanainovex GmbH
 
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Gaurav Bhardwaj
 
MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKYoungHeon (Roy) Kim
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Steve Howe
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupLogstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupStartit
 

Tendances (20)

{{more}} Kibana4
{{more}} Kibana4{{more}} Kibana4
{{more}} Kibana4
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnas
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibana
 
Elk scilifelab
Elk scilifelabElk scilifelab
Elk scilifelab
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introduction
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
 
Application Logging With The ELK Stack
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stack
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?
 
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibana
 
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
 
ELK Stack
ELK StackELK Stack
ELK Stack
 
MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELK
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupLogstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
 

Similaire à Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
"How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics."How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics.Vladimir Pavkin
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek PROIDEA
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackJakub Hajek
 
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Apex
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3uzzal basak
 
Flink Streaming Hadoop Summit San Jose
Flink Streaming Hadoop Summit San JoseFlink Streaming Hadoop Summit San Jose
Flink Streaming Hadoop Summit San JoseKostas Tzoumas
 
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석INSIGHT FORENSIC
 
Real-time Stream Processing with Apache Flink @ Hadoop Summit
Real-time Stream Processing with Apache Flink @ Hadoop SummitReal-time Stream Processing with Apache Flink @ Hadoop Summit
Real-time Stream Processing with Apache Flink @ Hadoop SummitGyula Fóra
 
K. Tzoumas & S. Ewen – Flink Forward Keynote
K. Tzoumas & S. Ewen – Flink Forward KeynoteK. Tzoumas & S. Ewen – Flink Forward Keynote
K. Tzoumas & S. Ewen – Flink Forward KeynoteFlink Forward
 
Continuous Application with Structured Streaming 2.0
Continuous Application with Structured Streaming 2.0Continuous Application with Structured Streaming 2.0
Continuous Application with Structured Streaming 2.0Anyscale
 
Webinar: Index Tuning and Evaluation
Webinar: Index Tuning and EvaluationWebinar: Index Tuning and Evaluation
Webinar: Index Tuning and EvaluationMongoDB
 
ETL with SPARK - First Spark London meetup
ETL with SPARK - First Spark London meetupETL with SPARK - First Spark London meetup
ETL with SPARK - First Spark London meetupRafal Kwasny
 
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...HostedbyConfluent
 
eBay Pulsar: Real-time analytics platform
eBay Pulsar: Real-time analytics platformeBay Pulsar: Real-time analytics platform
eBay Pulsar: Real-time analytics platformKyoungMo Yang
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.
 
JSLT: JSON querying and transformation
JSLT: JSON querying and transformationJSLT: JSON querying and transformation
JSLT: JSON querying and transformationLars Marius Garshol
 
Presto anatomy
Presto anatomyPresto anatomy
Presto anatomyDongmin Yu
 

Similaire à Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana (20)

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with Openstack
 
"How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics."How about no grep and zabbix?". ELK based alerts and metrics.
"How about no grep and zabbix?". ELK based alerts and metrics.
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
 
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
 
Flink Streaming Hadoop Summit San Jose
Flink Streaming Hadoop Summit San JoseFlink Streaming Hadoop Summit San Jose
Flink Streaming Hadoop Summit San Jose
 
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
 
Real-time Stream Processing with Apache Flink @ Hadoop Summit
Real-time Stream Processing with Apache Flink @ Hadoop SummitReal-time Stream Processing with Apache Flink @ Hadoop Summit
Real-time Stream Processing with Apache Flink @ Hadoop Summit
 
K. Tzoumas & S. Ewen – Flink Forward Keynote
K. Tzoumas & S. Ewen – Flink Forward KeynoteK. Tzoumas & S. Ewen – Flink Forward Keynote
K. Tzoumas & S. Ewen – Flink Forward Keynote
 
Logstash
LogstashLogstash
Logstash
 
Continuous Application with Structured Streaming 2.0
Continuous Application with Structured Streaming 2.0Continuous Application with Structured Streaming 2.0
Continuous Application with Structured Streaming 2.0
 
Webinar: Index Tuning and Evaluation
Webinar: Index Tuning and EvaluationWebinar: Index Tuning and Evaluation
Webinar: Index Tuning and Evaluation
 
Stress test data pipeline
Stress test data pipelineStress test data pipeline
Stress test data pipeline
 
ETL with SPARK - First Spark London meetup
ETL with SPARK - First Spark London meetupETL with SPARK - First Spark London meetup
ETL with SPARK - First Spark London meetup
 
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...
 
eBay Pulsar: Real-time analytics platform
eBay Pulsar: Real-time analytics platformeBay Pulsar: Real-time analytics platform
eBay Pulsar: Real-time analytics platform
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
 
JSLT: JSON querying and transformation
JSLT: JSON querying and transformationJSLT: JSON querying and transformation
JSLT: JSON querying and transformation
 
Presto anatomy
Presto anatomyPresto anatomy
Presto anatomy
 

Plus de Publicis Sapient Engineering

XebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humain
XebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humainXebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humain
XebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humainPublicis Sapient Engineering
 
Xebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveur
Xebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveurXebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveur
Xebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveurPublicis Sapient Engineering
 
XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...
XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...
XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...Publicis Sapient Engineering
 
XebiCon'18 - Des notebook pour le monitoring avec Zeppelin
XebiCon'18 - Des notebook pour le monitoring avec Zeppelin XebiCon'18 - Des notebook pour le monitoring avec Zeppelin
XebiCon'18 - Des notebook pour le monitoring avec Zeppelin Publicis Sapient Engineering
 
XebiCon'18 - Event Sourcing et RGPD, incompatibles ?
XebiCon'18 - Event Sourcing et RGPD, incompatibles ?XebiCon'18 - Event Sourcing et RGPD, incompatibles ?
XebiCon'18 - Event Sourcing et RGPD, incompatibles ?Publicis Sapient Engineering
 
XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?
XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?
XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?Publicis Sapient Engineering
 
XebiCon'18 - Boostez vos modèles avec du Deep Learning distribué
XebiCon'18 - Boostez vos modèles avec du Deep Learning distribuéXebiCon'18 - Boostez vos modèles avec du Deep Learning distribué
XebiCon'18 - Boostez vos modèles avec du Deep Learning distribuéPublicis Sapient Engineering
 
XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...
XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...
XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...Publicis Sapient Engineering
 
XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !
XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !
XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !Publicis Sapient Engineering
 
XebiCon'18 - Comment fausser l'interprétation de vos résultats avec des dataviz
XebiCon'18 - Comment fausser l'interprétation de vos résultats avec des datavizXebiCon'18 - Comment fausser l'interprétation de vos résultats avec des dataviz
XebiCon'18 - Comment fausser l'interprétation de vos résultats avec des datavizPublicis Sapient Engineering
 
XebiCon'18 - Architecturer son application mobile pour la durabilité
XebiCon'18 - Architecturer son application mobile pour la durabilitéXebiCon'18 - Architecturer son application mobile pour la durabilité
XebiCon'18 - Architecturer son application mobile pour la durabilitéPublicis Sapient Engineering
 
XebiCon'18 - Sécuriser son API avec OpenID Connect
XebiCon'18 - Sécuriser son API avec OpenID ConnectXebiCon'18 - Sécuriser son API avec OpenID Connect
XebiCon'18 - Sécuriser son API avec OpenID ConnectPublicis Sapient Engineering
 
XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...
XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...
XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...Publicis Sapient Engineering
 
XebiCon'18 - La sécurité, douce illusion même en 2018
XebiCon'18 - La sécurité, douce illusion même en 2018XebiCon'18 - La sécurité, douce illusion même en 2018
XebiCon'18 - La sécurité, douce illusion même en 2018Publicis Sapient Engineering
 
XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...
XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...
XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...Publicis Sapient Engineering
 
XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...
XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...
XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...Publicis Sapient Engineering
 

Plus de Publicis Sapient Engineering (20)

XebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humain
XebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humainXebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humain
XebiCon'18 - L'algorithme de reconnaissance de formes par le cerveau humain
 
Xebicon'18 - IoT: From Edge to Cloud
Xebicon'18 - IoT: From Edge to CloudXebicon'18 - IoT: From Edge to Cloud
Xebicon'18 - IoT: From Edge to Cloud
 
Xebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveur
Xebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveurXebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveur
Xebicon'18 - Spark in jail : conteneurisez vos traitements data sans serveur
 
XebiCon'18 - Modern Infrastructure
XebiCon'18 - Modern InfrastructureXebiCon'18 - Modern Infrastructure
XebiCon'18 - Modern Infrastructure
 
XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...
XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...
XebiCon'18 - La Web App d'aujourd'hui et de demain : état de l'art et bleedin...
 
XebiCon'18 - Des notebook pour le monitoring avec Zeppelin
XebiCon'18 - Des notebook pour le monitoring avec Zeppelin XebiCon'18 - Des notebook pour le monitoring avec Zeppelin
XebiCon'18 - Des notebook pour le monitoring avec Zeppelin
 
XebiCon'18 - Event Sourcing et RGPD, incompatibles ?
XebiCon'18 - Event Sourcing et RGPD, incompatibles ?XebiCon'18 - Event Sourcing et RGPD, incompatibles ?
XebiCon'18 - Event Sourcing et RGPD, incompatibles ?
 
XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?
XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?
XebiCon'18 - Deno, le nouveau NodeJS qui inverse la tendance ?
 
XebiCon'18 - Boostez vos modèles avec du Deep Learning distribué
XebiCon'18 - Boostez vos modèles avec du Deep Learning distribuéXebiCon'18 - Boostez vos modèles avec du Deep Learning distribué
XebiCon'18 - Boostez vos modèles avec du Deep Learning distribué
 
XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...
XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...
XebiCon'18 - Comment j'ai développé un jeu vidéo avec des outils de développe...
 
XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !
XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !
XebiCon'18 - Les utilisateurs finaux, les oubliés de nos produits !
 
XebiCon'18 - Comment fausser l'interprétation de vos résultats avec des dataviz
XebiCon'18 - Comment fausser l'interprétation de vos résultats avec des datavizXebiCon'18 - Comment fausser l'interprétation de vos résultats avec des dataviz
XebiCon'18 - Comment fausser l'interprétation de vos résultats avec des dataviz
 
XebiCon'18 - Le développeur dans la Pop Culture
XebiCon'18 - Le développeur dans la Pop Culture XebiCon'18 - Le développeur dans la Pop Culture
XebiCon'18 - Le développeur dans la Pop Culture
 
XebiCon'18 - Architecturer son application mobile pour la durabilité
XebiCon'18 - Architecturer son application mobile pour la durabilitéXebiCon'18 - Architecturer son application mobile pour la durabilité
XebiCon'18 - Architecturer son application mobile pour la durabilité
 
XebiCon'18 - Sécuriser son API avec OpenID Connect
XebiCon'18 - Sécuriser son API avec OpenID ConnectXebiCon'18 - Sécuriser son API avec OpenID Connect
XebiCon'18 - Sécuriser son API avec OpenID Connect
 
XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...
XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...
XebiCon'18 - Structuration du Temps et Dynamique de Groupes, Théorie organisa...
 
XebiCon'18 - Spark NLP, un an après
XebiCon'18 - Spark NLP, un an aprèsXebiCon'18 - Spark NLP, un an après
XebiCon'18 - Spark NLP, un an après
 
XebiCon'18 - La sécurité, douce illusion même en 2018
XebiCon'18 - La sécurité, douce illusion même en 2018XebiCon'18 - La sécurité, douce illusion même en 2018
XebiCon'18 - La sécurité, douce illusion même en 2018
 
XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...
XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...
XebiCon'18 - Utiliser Hyperledger Fabric pour la création d'une blockchain pr...
 
XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...
XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...
XebiCon'18 - Ce que l'histoire du métro Parisien m'a enseigné sur la création...
 

Dernier

Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 

Dernier (20)

Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 

Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana

  • 1. Des dashboards pour tous avec ELK 10 Juin 2014 Vincent Spiewak - @vspiewak
  • 3. Speaker 3 Vincent Spiewak @vspiewak •5 ans XP •Master TA (UPMC) •http://blog.xebia.fr •@vspiewak
  • 4. Agenda 4 •Introduction •Logstash •Monitoring Système •Monitoring JMX •Log As A Service •Monitoring Métier / BI •Cluster ELK •Vagrant (démos)
  • 6. Logstash 6 41 » stdin » file » udp » tcp » rabbitmq » s3 » … 20 » plain » json » line » multiline » dots » msgpack » … 50 » grok » date » drop » mutate » geoip » anonymize » … 55 » stdout » file » udp » tcp » rabbitmq » elasticsearch » … OutputsInputs Codecs Filters
  • 7. Elasticsearch 7 Schema Free Full Text REST Document Real Time Distributed HA Multi-tenancy
  • 9. Dashboards Adaptés 9 Infrastructure » serveur » charge Application » stacktrace » warn, error Business » client » produit Objectifs » résultat » progression DirectionOps Dev Métier
  • 12. Logstash - Entrée/Sortie 12 input {! stdin {}! }! ! # filters! ! output {! stdout { codec => json }! }!
  • 13. Logstash - Run 13 $ java -jar logstash.jar agent —f app.conf! 2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043! {! "message" => "2011-04-19T03:44:01.103Z GET /index.html 15824 0.043",! "@timestamp" => "2013-11-03T19:48:53.175Z",! "@version" => "1",! "host" => "macbook"! }!
  • 14. Logstash - Patterns 14 USERNAME [a-zA-Z0-9._-]+! USER %{USERNAME}! INT (?:[+-]?(?:[0-9]+))! WORD bw+b! NOTSPACE S+! DATA .*?! GREEDYDATA .*! HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}! COMBINEDAPACHELOG %{IPORHOST:clientip} … https://github.com/logstash/logstash/blob/master/patterns
  • 15. Logstash - Filtre Grok 15 2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043! 
 filter { grok { match => 
 [ "message", "%{TIMESTAMP_ISO8601:date} %{IP:client} %{WORD:method} %{URIPATHPARAM:uri} %{NUMBER:bytes} %{NUMBER:duration}" ] } }
  • 16. Filtre Grok - Sortie 16 2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043! ! {! "@timestamp" => "2013-12-01T21:19:11.303Z",! "@version" => "1",! "@bytes" => "15824",! "@client" => "55.3.244.1",! "date" => "2011-04-19T03:44:01.103Z",! "@duration" => "0.043",! "host" => "macbookpro",! "message" => "2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043",! "method" => "GET",! "uri" => "/index.html",! }!
  • 17. Filtre Date - @Timestamp 17 filter {! date {! match => [ "date", "ISO8601" ],! }! }!
  • 18. Filtre Date - @Timestamp 18 {! "@timestamp" => "2011-04-19T03:44:01.103Z",! "@version" => "1",! "@bytes" => "15824",! "@client" => "55.3.244.1",! "date" => "2011-04-19T03:44:01.103Z",! "@duration" => "0.043",! "host" => "macbookpro",! "message" => "2011-04-19T03:44:01.103Z 55.3.244.1 GET /index.html 15824 0.043",! "method" => "GET",! "uri" => "/index.html",! }
  • 20. Filtres 20 •ajout d’un champ / type / tag •suppression d’un champ •split d’un champ •conversion de type (string, int, float) •IP => géolocation •UA => device, browser, os, versions •conditions •etc…
  • 21. Logstash - Sortie Elasticsearch 21 •host •port •cluster •index => "logstash-%{+YYYY.MM.dd}" •protocol •…
  • 24. Collectd - Plugins 24 •cpu (jiffies) •process •users •disk •memory •swap •network •Java / JMX •MySQL •…
  • 25. Collectd - Configuration 25 FQDNLookup true LoadPlugin syslog <Plugin syslog> LogLevel info </Plugin> LoadPlugin cpu LoadPlugin df LoadPlugin disk LoadPlugin entropy LoadPlugin interface LoadPlugin irq LoadPlugin load LoadPlugin memory LoadPlugin network LoadPlugin processes LoadPlugin rrdtool LoadPlugin swap LoadPlugin users <Plugin interface> Interface "eth0" IgnoreSelected false </Plugin> <Plugin network> <Server "127.0.0.1" "25826"> </Server> </Plugin> <Plugin rrdtool> DataDir "/var/lib/collectd/rrd" </Plugin> Include "/etc/collectd/filters.conf" Include "/etc/collectd/thresholds.conf"
  • 26. Collectd - Logstash Conf 26 input { collectd { host => "127.0.0.1" } } ! output { elasticsearch {} }
  • 27. Elasticsearch - Samples 27 { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "precise64", "plugin": "memory", "collectd_type": "memory", "type_instance": "cached", "value": 267845632 } ! { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "precise64", "plugin": "memory", "collectd_type": "memory", "type_instance": "used", "value": 703348736 }
  • 31. Monitoring JMX: Collectd JMX 31 PORT 25826
  • 32. Collectd - Setup Java & JMX 32 ! ! ! ! # check dynamic libraries ! ldd /usr/lib/collectd/java.so ! ! ! ! ! # fix libjvm.so not found error ! ln -s /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/server/libjvm.so /usr/lib/libjvm.so
  • 34. Collectd - Plugin Java & JMX 34 <Plugin "java"> JVMARG "-Djava.class.path=/usr/share/collectd/java/collectd-api.jar:/usr/share/collectd/java/generic-jmx.jar" LoadPlugin "org.collectd.java.GenericJMX" <Plugin "GenericJMX"> <MBean "os"> ObjectName "java.lang:type=OperatingSystem" ! <Value> Type "gauge" InstancePrefix "system_cpu_load" Attribute "SystemCpuLoad" </Value> ! </MBean> ! <Connection> ServiceURL "service:jmx:rmi:///jndi/rmi://localhost:9010/jmxrmi" Collect "os" </Connection> ! </Plugin> </Plugin>
  • 35. Elasticsearch - Samples 35 { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "localhost", "plugin": "GenericJMX", "collectd_type": "gauge", "type_instance": "system_cpu_load", "value": 0.5587837837837838 }
  • 37. Collectd - JMX - Type Table 37 # Heap memory usage <MBean "memory-heap"> ObjectName "java.lang:type=Memory" #InstanceFrom "" InstancePrefix "memory-heap" # Creates four values: committed, init, max, used <Value> Type "jmx_memory" Table true Attribute "HeapMemoryUsage" </Value> </MBean> !
  • 38. Collectd - Types 38 ! /usr/share/collectd/types.db ! ! gauge value:GAUGE:U:U ! load shortterm:GAUGE:0:100, midterm:GAUGE:0:100, longterm:GAUGE:0:100 ! percent percent:GAUGE:0:100.1 ! jmx_memory value:GAUGE:0:U
  • 39. Elasticsearch - Samples 39 { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "localhost", "plugin": "GenericJMX", "plugin_instance": "memory-heap", "collectd_type": "jmx_memory", "type_instance": "used", "value": 62282808 } ! { "@version": "1", "@timestamp": "2014-06-09T23:01:11.000Z", "host": "localhost", "plugin": "GenericJMX", "plugin_instance": "memory-heap", "collectd_type": "jmx_memory", "type_instance": "init", "value": 104857600 }
  • 40. Collectd - Custom MBean 40 <MBean "flume-source"> ObjectName "org.apache.flume.source:type=source-1" InstancePrefix "flume-source-1" <Value> Type "gauge" InstancePrefix "event_received_count" Attribute "EventReceivedCount" </Value> <Value> Type "gauge" InstancePrefix "event_accepted_count" Table false Attribute "EventAcceptedCount" </Value> </MBean>
  • 41. Elasticsearch - Samples 41 { "@version": "1", "@timestamp": "2014-06-09T23:09:41.000Z", "host": "localhost", "plugin": "GenericJMX", "plugin_instance": "flume-source-1", "collectd_type": "gauge", "type_instance": "event_accepted_count", "value": 1246501 }
  • 42. Flume JMX Monitoring JVM / JMX 42 Démo
  • 45. Log As A Service: SyslogAppender 45 PORT 5514
  • 46. SyslogAppender Log As A Service - Logback 46
  • 47. Logstash - Syslog configuration 47 input { udp { port => "5514" } } ! filter { grok { patterns_dir => "./patterns" match => ["message","%{LOGBACK_SYSLOG}"] } } ! filter { date { match => ["log_date","dd-MM-YYYY HH:mm:ss.SSS"] } } ! output { elasticsearch {} }
  • 48. Logstash - Pattern 48 ! ! ! ! LOG_DATE %{MONTHDAY}-%{MONTHNUM}-%{YEAR} %{HOUR}:%{MINUTE}:%{SECOND}.[0-9]{3} ! SYSLOG_BASE %{SYSLOG5424PRI}%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_host} SYSLOG %{SYSLOG_BASE} %{GREEDYDATA:syslog_message} ! LOGBACK_SYSLOG_BASE %{SYSLOG_BASE} %{LOG_DATE:log_date} [%{NOTSPACE:thread}] %{LOGLEVEL:log_level} %{NOTSPACE:classname} LOGBACK_SYSLOG %{LOGBACK_SYSLOG_BASE} %{GREEDYDATA:log_msg}
  • 52. Problème GeekShop 52 •Quels sont les produits les plus achetés ? •Quelle est la répartition H/F de mes clients ? •Quels sont mes clients les plus fidèles ? •Combien de femmes à Paris ont acheté un iPod Touch Bleu 32 Go entre le 12 octobre 2012 à 14h30 et le 4 novembre 2013 à 19h ?
  • 53. GeekShop - Format Logs 53 09-06-2014 21:27:42.228 [pool-32-thread-1] INFO com.github.vspiewak.loggenerator.SearchRequest - id=317&ua=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/ 534.24&ip=94.228.34.210&category=Mobile! ! 09-06-2014 21:27:42.227 [pool-32-thread-1] INFO com.github.vspiewak.loggenerator.SellRequest - id=313&ua=Mozilla/ 5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/ 20110420 Firefox/ 3.6.17&ip=202.46.52.35&email=client314@gmail.com&sex=M&brand=Appl e&name=iPod Touch&model=iPod Touch - Jaune - Disque 32Go&category=Baladeur&color=Jaune&options=Disque 32Go&price=329.0
  • 54. GeekShop - Après Logstash 54 {! "_index": "logstash-2014.06.09",! "_type": "app-log",! "_id": "gaQXRn9mROiAGjhBZ2h2Og",! "_version": 1,! "found": true,! "_source": {! "message": "09-06-2014 21:27:42.228 [pool-32-thread-1] INFO com.github.vspiewak.loggenerator.SearchRequest - id=317&ua=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24&ip=94.228.34.210&category=Mobile",! "@version": "1",! "@timestamp": "2014-06-09T19:27:42.228Z",! "type": "app-log",! "host": "precise64",! "path": "/home/vagrant/app.log",! "log_date": "09-06-2014 21:27:42.228",! "thread": "pool-32-thread-1",! "log_level": "INFO",! "classname": "com.github.vspiewak.loggenerator.SearchRequest",! "log_msg": "- id=317&ua=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/ 534.24&ip=94.228.34.210&category=Mobile",! "id": 317,! "ua": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24",! "ip": "94.228.34.210",! "category": "Mobile",! "tags": [! "search"! ],! "geoip": {! "ip": "94.228.34.210",! "country_code2": "GB",! "country_code3": "GBR",! "country_name": "United Kingdom",! "continent_code": "EU",! "latitude": 51.5,! "longitude": -0.12999999999999545,! "timezone": "Europe/London",! "location": [! -0.12999999999999545,! 51.5! ]! },! "useragent": {! "name": "Chrome",! "os": "Linux",! "os_name": "Linux",! "device": "Other",! "major": "11",! "minor": "0",! "patch": "696"! }! }! }
  • 55. Kibana: Terms & Analysers 55
  • 56. Change analyser on specific indexes & fields Elasticsearch Template Mapping 56 curl -XPUT http://localhost:9200/_template/logstash_per_index -d '{ "template" : "logstash*",! "mappings" : { ! "_default_" : {! "properties" : {! "@timestamp": { "type": "date", "index": "not_analyzed" },! "ip": { "type" : "ip", "index": "not_analyzed" },! "name": { "type" : "string", "index": "not_analyzed" },! "options": { "type" : "string", "index": "not_analyzed" },! "email": { "type" : "string", "index": "not_analyzed" }! } ! }! }! }'
  • 61. Elasticsearch - Feedbacks 61 ! •The Guardian: social network - real time feedback ! •StackOverflow: full-text search with geolocation and « more like » ! •Goldman Sacks: 5TB logs/day + analysis stock market ! •…
  • 62. Elasticsearch - NoSQL 62 SQL Partitions DB Table Ligne Colonne ES Cluster Indices Type Document Champ
  • 63. Elasticsearch - Types de noeuds 63 ! •master •data •search
  • 64. Elasticsearch - Shard & Replica 64 ! •shards → +indexing, +distribution (one-time setting) ! •replicas → +search, +availability
  • 65. Elasticsearch - Health 65 ! •GREEN → all primaries/replicas shards active •YELLOW → all primaries shards active •RED → not all primaries shards
  • 70. Démo @ Home 70 ! ! • https://github.com/vspiewak/elk-devops-day-2014 ! $ tree -L 1 . . "## README.md "## demo-all "## es-cluster "## eshop-survey "## flume-jmx "## slides "## syslog $## system-survey
  • 71. Vagrant - Shortcuts 71 ! • cd demo-all ! • vagrant up • vagrant ssh • sudo jconsole • vagrant halt* • vagrant destroy
  • 72. Vagrant VM 72 ! • config.vm.box = "hashicorp/precise64" ! • config.vm.network "forwarded_port", guest: 80, host: 10080 • config.vm.network "forwarded_port", guest: 9200, host: 19200 ! • config.ssh.forward_x11 = true ! • vb.customize ["modifyvm", :id, "--ioapic", "on", "--cpuexecutioncap", "40", "-- cpus", "2", "--memory", "1024" ] ! • bootstrap.sh