SlideShare a Scribd company logo

Using Logstash, elasticsearch & kibana

Download as ODP, PDF
A
Alejandro E Brito Monedero

A tale of my adventures to process logs in a production environment. Soon I will link the demo video (in spanish)

TechnologyEducation
1 of 21
Using Logstash, ElasticSearch and Kibana Alejandro E Brito Monedero @ae_bm 2013 / 05 / 23
Business as usual
So many hosts to check Is there life out there? http://upload.wikimedia.org/wikipedia/commons/a/aa/ESO-The_Milky_Way_above_La_Silla-phot-27-04-hires.jpg
Time to play whack a log http://i102.photobucket.com/albums/m109/niceperson907/121331d1253497450-animated-gif-thre.gif
http://brotality.com/wp-content/uploads/2012/12/madness.jpg
I need a new toy http://www.youtube.com/watch?v=8L6Dpq5kY_A Video time
Logstash ✔ collects logs ✔ parses logs ✔ stores logs ✔ indexes logs ✔ searches logs ✔ and fixes timestamps You only need ● JVM ● logstash.jar
$ log_producer | grep ... | sed … | awk … | tee output | sort | uniq -c | sort -n Log source Logstash Logstash (optional) ElasticSearch DB statsd Pipes
Inputs Filters Outputs File Redis Syslog Lumberjack Rabbitmq SQS … Alter Date Grok Multiline Grep ... AMQP Cloudwatch Elasticsearch Mongodb Redis File ... Plugins Not here yet? JRuby to the rescue
ElasticSearch Distributed RESTful search server ● Near real-time search ● RESTful API ● Easy to scale horizontally ● HA ● Full text search ● YAML config file / JSON format!! ● Document oriented JSON Getting started: Logstash JAR includes it / download and set cluster.name This is where it will be worth to spend some time tuning
Kibana ✔ Nice UI ✔ Better than the old frontend logstash included ✔ Ruby / framework Sinatra Web frontend to search / graph and more
Original plan Apache (ligthweight shipper) Tomcat (ligthweight shipper) broker logstash ElasticSearch Kibana
After a few workarounds Apache (logstash shipper) Tomcat (logstash shipper) Logstash ElasticSearch Kibana SSH tunnels
Example config 1/3 Logstash-httpd.conf input { file { type => "httpd" path => ["/var/log/httpd/*-logstash.log"] exclude => ["*.gz"] start_position => "beginning" format => "json_event" } } output { tcp { host => "0.0.0.0" mode => "server" port => 1666 } } Logstash-server.conf input { tcp { type => "httpd" format => "json_event" host => "127.0.0.1" mode => "client" port => "1666" } tcp { type => "app" format => "json_event" host => "127.0.0.1" mode => "client" port => "2666" } } output { elasticsearch { cluster => "logstash" } }
Example config 2/3 Logstash-tomcat.conf filter { # Tomcat # Remove blank lines grep { type => "tomcat" match => [ "@message", "(.+)" ] drop => true add_tag => [ "no_blank_lines" ] } # make the multilines be treated like a single line multiline { type => "tomcat" pattern => "^dddd" negate => true what => "previous" }
Example config 3/3 Logstash-tomcat.conf # mark the exceptions (multiline) grep { type => "tomcat" tags => [ "multiline" ] match => [ "@message", ".+Exception: .+" ] drop => false add_tag => [ "java_exception" ] } # get the log level, operation id, module and timestamp as separated fields grok { type => "tomcat" pattern => "%{TIMESTAMP_ISO8601:timestamp} [%{OPERATION_ID:operation_id}]..." add_tag => [ "groked" ] } # fix the timestamp date { type => "tomcat" match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSSZZ" ] add_tag => [ "timestamp_fix" ] } }
I need a new toy Demo
Some remarks ● Don't forget about security ● The applications should be flexible enough for allowing to publish their logs using brokers or other methods beyond files and syslog ● Logging in JSON format is a nice to have ● Share the log visualization ● Use the brokers Luke ● If you develop internalize this http://www.masterzen.fr/2013/01/13/the-10- commandments-of-logging/
Extras ● http://logstash.net/ ● http://www.logstashbook.com/code/ only $10.09 ● https://github.com/logstash/logstash/blob/v1.1.12/patterns/grok-patterns ● http://grokdebug.herokuapp.com/ ● http://www.infoq.com/articles/review-the-logstash-book (better diagrams) ● http://www.elasticsearch.org/tutorials/using-elasticsearch-for-logs/ ● http://kibana.org/ ● https://lucene.apache.org/core/old_versioned_docs/versions/3_5_0/queryparsersyntax.html ● http://www.elasticsearch.org/tutorials/elasticsearch-on-ec2/ ● http://blog.lusis.org/blog/2012/01/31/load-balancing-logstash-with-amqp/
Do you want to join the <some fancy words here> team? I am not hiring, but I can tell you about some places where it is better to stay away Have a nice day All the images, videos and stuff are property of their respective owners, look at the cat and don't sue me http://stuffpoint.com/cats/image/41633/cute-cat-picture/

Recommended

Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
ELK introduction
ELK introductionELK introduction
ELK introductionWaldemar Neto
 
Elk
Elk Elk
Elk Caleb Wang
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Monitoring Oracle Database Instances with Zabbix
Monitoring Oracle Database Instances with ZabbixMonitoring Oracle Database Instances with Zabbix
Monitoring Oracle Database Instances with ZabbixGerger
 
Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stackAWS User Group Bengaluru
 
Open source APM Scouter로 모니터링 잘 하기
Open source APM Scouter로 모니터링 잘 하기Open source APM Scouter로 모니터링 잘 하기
Open source APM Scouter로 모니터링 잘 하기GunHee Lee
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 

Recommended

Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
ELK introduction
ELK introductionELK introduction
ELK introductionWaldemar Neto
 
Elk
Elk Elk
Elk Caleb Wang
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Monitoring Oracle Database Instances with Zabbix
Monitoring Oracle Database Instances with ZabbixMonitoring Oracle Database Instances with Zabbix
Monitoring Oracle Database Instances with ZabbixGerger
 
Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stackAWS User Group Bengaluru
 
Open source APM Scouter로 모니터링 잘 하기
Open source APM Scouter로 모니터링 잘 하기Open source APM Scouter로 모니터링 잘 하기
Open source APM Scouter로 모니터링 잘 하기GunHee Lee
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Elk devops
Elk devopsElk devops
Elk devopsIdeato
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912Yooseok Choi
 
Little Big Data #1. 바닥부터 시작하는 데이터 인프라
Little Big Data #1. 바닥부터 시작하는 데이터 인프라Little Big Data #1. 바닥부터 시작하는 데이터 인프라
Little Big Data #1. 바닥부터 시작하는 데이터 인프라Seongyun Byeon
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentdTreasure Data, Inc.
 
Data pipeline and data lake
Data pipeline and data lakeData pipeline and data lake
Data pipeline and data lakeDaeMyung Kang
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Data discovery & metadata management (amundsen installation)
Data discovery & metadata management (amundsen installation)Data discovery & metadata management (amundsen installation)
Data discovery & metadata management (amundsen installation)창언 정
 
Fastapi
FastapiFastapi
FastapiVikasYadav314092
 
NiFi 시작하기
NiFi 시작하기NiFi 시작하기
NiFi 시작하기Byunghwa Yoon
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELKYuHsuan Chen
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeperSaurav Haloi
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stackVikrant Chauhan
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introductionHossein Shemshadi
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsDamien Dallimore
 
Serving ML easily with FastAPI
Serving ML easily with FastAPIServing ML easily with FastAPI
Serving ML easily with FastAPISebastián Ramírez Montaño
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to ElasticsearchRuslan Zavacky
 
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]MongoDB
 
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석INSIGHT FORENSIC
 
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang MeetupДоклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang MeetupBadoo Development
 

More Related Content

What's hot

Elk devops
Elk devopsElk devops
Elk devopsIdeato
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912Yooseok Choi
 
Little Big Data #1. 바닥부터 시작하는 데이터 인프라
Little Big Data #1. 바닥부터 시작하는 데이터 인프라Little Big Data #1. 바닥부터 시작하는 데이터 인프라
Little Big Data #1. 바닥부터 시작하는 데이터 인프라Seongyun Byeon
 
Data pipeline and data lake
Data pipeline and data lakeData pipeline and data lake
Data pipeline and data lakeDaeMyung Kang
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Data discovery & metadata management (amundsen installation)
Data discovery & metadata management (amundsen installation)Data discovery & metadata management (amundsen installation)
Data discovery & metadata management (amundsen installation)창언 정
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELKYuHsuan Chen
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeperSaurav Haloi
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stackVikrant Chauhan
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsDamien Dallimore
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to ElasticsearchRuslan Zavacky
 
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]MongoDB
 

What's hot (20)

Elk devops
Elk devopsElk devops
Elk devops
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack Presentation
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
 
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912
Bigquery와 airflow를 이용한 데이터 분석 시스템 구축 v1 나무기술(주) 최유석 20170912
 
Little Big Data #1. 바닥부터 시작하는 데이터 인프라
Little Big Data #1. 바닥부터 시작하는 데이터 인프라Little Big Data #1. 바닥부터 시작하는 데이터 인프라
Little Big Data #1. 바닥부터 시작하는 데이터 인프라
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentd
 
Data pipeline and data lake
Data pipeline and data lakeData pipeline and data lake
Data pipeline and data lake
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
 
Data discovery & metadata management (amundsen installation)
Data discovery & metadata management (amundsen installation)Data discovery & metadata management (amundsen installation)
Data discovery & metadata management (amundsen installation)
 
Fastapi
FastapiFastapi
Fastapi
 
NiFi 시작하기
NiFi 시작하기NiFi 시작하기
NiFi 시작하기
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeper
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stack
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stack
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring Applications
 
Serving ML easily with FastAPI
Serving ML easily with FastAPIServing ML easily with FastAPI
Serving ML easily with FastAPI
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
 
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
 

Similar to Using Logstash, elasticsearch & kibana

(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석INSIGHT FORENSIC
 
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang MeetupДоклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang MeetupBadoo Development
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
 
Shrimp: A Rather Practical Example Of Application Development With RESTinio a...
Shrimp: A Rather Practical Example Of Application Development With RESTinio a...Shrimp: A Rather Practical Example Of Application Development With RESTinio a...
Shrimp: A Rather Practical Example Of Application Development With RESTinio a...Yauheni Akhotnikau
 
Machine Learning Game Changer for IT - Maartens Lourens
Machine Learning Game Changer for IT - Maartens LourensMachine Learning Game Changer for IT - Maartens Lourens
Machine Learning Game Changer for IT - Maartens LourensOpenCredo
 
Troubleshooting real production problems
Troubleshooting real production problemsTroubleshooting real production problems
Troubleshooting real production problemsTier1 app
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logsStefan Krawczyk
 
#OOP_D_ITS - 9th - Template
#OOP_D_ITS - 9th - Template#OOP_D_ITS - 9th - Template
#OOP_D_ITS - 9th - TemplateHadziq Fabroyir
 
Troubleshooting performanceavailabilityproblems (1)
Troubleshooting performanceavailabilityproblems (1)Troubleshooting performanceavailabilityproblems (1)
Troubleshooting performanceavailabilityproblems (1)Tier1 app
 
Java/Spring과 Node.js의공존
Java/Spring과 Node.js의공존Java/Spring과 Node.js의공존
Java/Spring과 Node.js의공존동수 장
 
Undelete (and more) rows from the binary log
Undelete (and more) rows from the binary logUndelete (and more) rows from the binary log
Undelete (and more) rows from the binary logFrederic Descamps
 
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak PROIDEA
 
Fixing Web Data in Production
Fixing Web Data in ProductionFixing Web Data in Production
Fixing Web Data in ProductionAaron Knight
 
Hartwarming lightning talk in winter Sapporo
Hartwarming lightning talk in winter SapporoHartwarming lightning talk in winter Sapporo
Hartwarming lightning talk in winter SapporoJun OHWADA
 
Introduction of RiotJS
Introduction of RiotJSIntroduction of RiotJS
Introduction of RiotJSRyo Iinuma
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com琛琳 饶
 

Similar to Using Logstash, elasticsearch & kibana (20)

(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
 
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang MeetupДоклад Антона Поварова "Go in Badoo" с Golang Meetup
Доклад Антона Поварова "Go in Badoo" с Golang Meetup
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
 
Shrimp: A Rather Practical Example Of Application Development With RESTinio a...
Shrimp: A Rather Practical Example Of Application Development With RESTinio a...Shrimp: A Rather Practical Example Of Application Development With RESTinio a...
Shrimp: A Rather Practical Example Of Application Development With RESTinio a...
 
Machine Learning Game Changer for IT - Maartens Lourens
Machine Learning Game Changer for IT - Maartens LourensMachine Learning Game Changer for IT - Maartens Lourens
Machine Learning Game Changer for IT - Maartens Lourens
 
Elk scilifelab
Elk scilifelabElk scilifelab
Elk scilifelab
 
Troubleshooting real production problems
Troubleshooting real production problemsTroubleshooting real production problems
Troubleshooting real production problems
 
Mario
MarioMario
Mario
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logs
 
#OOP_D_ITS - 9th - Template
#OOP_D_ITS - 9th - Template#OOP_D_ITS - 9th - Template
#OOP_D_ITS - 9th - Template
 
Troubleshooting performanceavailabilityproblems (1)
Troubleshooting performanceavailabilityproblems (1)Troubleshooting performanceavailabilityproblems (1)
Troubleshooting performanceavailabilityproblems (1)
 
Java/Spring과 Node.js의공존
Java/Spring과 Node.js의공존Java/Spring과 Node.js의공존
Java/Spring과 Node.js의공존
 
Undelete (and more) rows from the binary log
Undelete (and more) rows from the binary logUndelete (and more) rows from the binary log
Undelete (and more) rows from the binary log
 
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
 
Fixing Web Data in Production
Fixing Web Data in ProductionFixing Web Data in Production
Fixing Web Data in Production
 
Openstack 簡介
Openstack 簡介Openstack 簡介
Openstack 簡介
 
Kommons
KommonsKommons
Kommons
 
Hartwarming lightning talk in winter Sapporo
Hartwarming lightning talk in winter SapporoHartwarming lightning talk in winter Sapporo
Hartwarming lightning talk in winter Sapporo
 
Introduction of RiotJS
Introduction of RiotJSIntroduction of RiotJS
Introduction of RiotJS
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
 

More from Alejandro E Brito Monedero

Así que pusiste MongoDB. Dime ¿cómo lo administras?
Así que pusiste MongoDB. Dime ¿cómo lo administras?Así que pusiste MongoDB. Dime ¿cómo lo administras?
Así que pusiste MongoDB. Dime ¿cómo lo administras?Alejandro E Brito Monedero
 

More from Alejandro E Brito Monedero (14)

Mad scalability (perfomance debugging)
Mad scalability (perfomance debugging)Mad scalability (perfomance debugging)
Mad scalability (perfomance debugging)
 
Tres historias
Tres historiasTres historias
Tres historias
 
AMQP vs GRAPHITE
AMQP vs GRAPHITEAMQP vs GRAPHITE
AMQP vs GRAPHITE
 
Sysdig
SysdigSysdig
Sysdig
 
Sysdig SRECon 16 Europe
Sysdig SRECon 16 EuropeSysdig SRECon 16 Europe
Sysdig SRECon 16 Europe
 
Funcional para trollear
Funcional para trollearFuncional para trollear
Funcional para trollear
 
Top Bug
Top BugTop Bug
Top Bug
 
Fabric más allá de lo básico
Fabric más allá de lo básicoFabric más allá de lo básico
Fabric más allá de lo básico
 
Experiencias con PostgreSQL en AWS
Experiencias con PostgreSQL en AWSExperiencias con PostgreSQL en AWS
Experiencias con PostgreSQL en AWS
 
Fabric Fast & Furious edition
Fabric Fast & Furious editionFabric Fast & Furious edition
Fabric Fast & Furious edition
 
Así que pusiste MongoDB. Dime ¿cómo lo administras?
Así que pusiste MongoDB. Dime ¿cómo lo administras?Así que pusiste MongoDB. Dime ¿cómo lo administras?
Así que pusiste MongoDB. Dime ¿cómo lo administras?
 
AWS Baby steps circa 2008
AWS Baby steps circa 2008AWS Baby steps circa 2008
AWS Baby steps circa 2008
 
Wireshark tips
Wireshark tipsWireshark tips
Wireshark tips
 
Mi experiencia con Amazon AWS EC2 y S3
Mi experiencia con Amazon AWS EC2 y S3Mi experiencia con Amazon AWS EC2 y S3
Mi experiencia con Amazon AWS EC2 y S3
 

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Using Logstash, elasticsearch & kibana

  • 1. Using Logstash, ElasticSearch and Kibana Alejandro E Brito Monedero @ae_bm 2013 / 05 / 23
  • 3.
  • 4. So many hosts to check Is there life out there? http://upload.wikimedia.org/wikipedia/commons/a/aa/ESO-The_Milky_Way_above_La_Silla-phot-27-04-hires.jpg
  • 5. Time to play whack a log http://i102.photobucket.com/albums/m109/niceperson907/121331d1253497450-animated-gif-thre.gif
  • 7. I need a new toy http://www.youtube.com/watch?v=8L6Dpq5kY_A Video time
  • 8. Logstash ✔ collects logs ✔ parses logs ✔ stores logs ✔ indexes logs ✔ searches logs ✔ and fixes timestamps You only need ● JVM ● logstash.jar
  • 9. $ log_producer | grep ... | sed … | awk … | tee output | sort | uniq -c | sort -n Log source Logstash Logstash (optional) ElasticSearch DB statsd Pipes
  • 11. ElasticSearch Distributed RESTful search server ● Near real-time search ● RESTful API ● Easy to scale horizontally ● HA ● Full text search ● YAML config file / JSON format!! ● Document oriented JSON Getting started: Logstash JAR includes it / download and set cluster.name This is where it will be worth to spend some time tuning
  • 12. Kibana ✔ Nice UI ✔ Better than the old frontend logstash included ✔ Ruby / framework Sinatra Web frontend to search / graph and more
  • 13. Original plan Apache (ligthweight shipper) Tomcat (ligthweight shipper) broker logstash ElasticSearch Kibana
  • 14. After a few workarounds Apache (logstash shipper) Tomcat (logstash shipper) Logstash ElasticSearch Kibana SSH tunnels
  • 15. Example config 1/3 Logstash-httpd.conf input { file { type => "httpd" path => ["/var/log/httpd/*-logstash.log"] exclude => ["*.gz"] start_position => "beginning" format => "json_event" } } output { tcp { host => "0.0.0.0" mode => "server" port => 1666 } } Logstash-server.conf input { tcp { type => "httpd" format => "json_event" host => "127.0.0.1" mode => "client" port => "1666" } tcp { type => "app" format => "json_event" host => "127.0.0.1" mode => "client" port => "2666" } } output { elasticsearch { cluster => "logstash" } }
  • 16. Example config 2/3 Logstash-tomcat.conf filter { # Tomcat # Remove blank lines grep { type => "tomcat" match => [ "@message", "(.+)" ] drop => true add_tag => [ "no_blank_lines" ] } # make the multilines be treated like a single line multiline { type => "tomcat" pattern => "^dddd" negate => true what => "previous" }
  • 17. Example config 3/3 Logstash-tomcat.conf # mark the exceptions (multiline) grep { type => "tomcat" tags => [ "multiline" ] match => [ "@message", ".+Exception: .+" ] drop => false add_tag => [ "java_exception" ] } # get the log level, operation id, module and timestamp as separated fields grok { type => "tomcat" pattern => "%{TIMESTAMP_ISO8601:timestamp} [%{OPERATION_ID:operation_id}]..." add_tag => [ "groked" ] } # fix the timestamp date { type => "tomcat" match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSSZZ" ] add_tag => [ "timestamp_fix" ] } }
  • 18. I need a new toy Demo
  • 19. Some remarks ● Don't forget about security ● The applications should be flexible enough for allowing to publish their logs using brokers or other methods beyond files and syslog ● Logging in JSON format is a nice to have ● Share the log visualization ● Use the brokers Luke ● If you develop internalize this http://www.masterzen.fr/2013/01/13/the-10- commandments-of-logging/
  • 20. Extras ● http://logstash.net/ ● http://www.logstashbook.com/code/ only $10.09 ● https://github.com/logstash/logstash/blob/v1.1.12/patterns/grok-patterns ● http://grokdebug.herokuapp.com/ ● http://www.infoq.com/articles/review-the-logstash-book (better diagrams) ● http://www.elasticsearch.org/tutorials/using-elasticsearch-for-logs/ ● http://kibana.org/ ● https://lucene.apache.org/core/old_versioned_docs/versions/3_5_0/queryparsersyntax.html ● http://www.elasticsearch.org/tutorials/elasticsearch-on-ec2/ ● http://blog.lusis.org/blog/2012/01/31/load-balancing-logstash-with-amqp/
  • 21. Do you want to join the <some fancy words here> team? I am not hiring, but I can tell you about some places where it is better to stay away Have a nice day All the images, videos and stuff are property of their respective owners, look at the cat and don't sue me http://stuffpoint.com/cats/image/41633/cute-cat-picture/