SlideShare a Scribd company logo

Centralized log-management-with-elastic-stack

Download as PPTX, PDF
R
Rich Lee

Centralized log management is implemented using the Elastic Stack including Filebeat, Logstash, Elasticsearch, and Kibana. Filebeat ships logs to Logstash which transforms and indexes the data into Elasticsearch. Logs can then be queried and visualized in Kibana. For large volumes of logs, Kafka may be used as a buffer between the shipper and indexer. Backups are performed using Elasticsearch snapshots to a shared file system or cloud storage. Logs are indexed into time-based indices and a cron job deletes old indices to control storage usage.

1 of 34
Downloaded 49 times
CentralizedLogManagement with ElasticStack
Outline • Problem Statement • Elastic Stack • Log Management Service – Architecture Design – Implementation Details – Advanced Design • Querying Data • Data Backup/Restore • Management & Monitoring Tools
Problem Statement • Context – In Microservices architecture, an application consists of multiple services and service instances that are running on multiple machines. – Each service instance generates writes information about what it is doing to a log file. • Problem – How to query information related to system operation from the data efficiently. – How to troubleshoot bugs from multiple log files • Solution – Build a log management service with Elastic Stack, because it is a mature and complete open source tool.
What is the ELK Stack? ref The ELK Stack is a collection of multiple open-source products, all developed, managed and maintained by Elastic.
What is the ELK Stack? However, we only need to use the following modules for this solution. • Beats: agents to ship log data • Logstash: processing log data • Elasticsearch: storing log data • Kibana: UI for visualizing
Elasticsearch Basic Concepts • Index – An index contains one or multiple types – An Elasticsearch index is an independent chunk of document and stored on the disk in the same set of files • Type – A type can be thought of as a table in a RDB – A type has one or more documents • Document – A document is normally a JSON representation of your data
Elasticsearch Basic Concepts • Cluster – A cluster has one or more nodes. Clusters are identified by their names. (default cluster name= elasticsearch) • Node – A node is an instance of Elasticsearch – Multiple nodes can join the same cluster. With a cluster of multiple nodes, the same data can be spread across multiple servers. • Shard – An index can be divided into shards. – There are two types of shards • primary • replica
Elasticsearch Basic Concepts • Node types – Master node: in charge of cluster management – Data node: Data nodes hold data and perform CRUD, search, and aggregations. – Ingest node: for pre-processing documents before indexing – Machine learning node Each document, when indexed, is first added to the primary shard and then to one or more replica shards ref Elasticsearch in action 2015
Elasticsearch Basic Concepts • Minimum master nodes – We can specify a property that Elasticsearch evaluates to find out the minimum number of nodes that are needed as master eligible • Split Brain Problem – To avoid this problem, we can use discovery.zen.minimum_master_nodes setting for cluster setup. – The value of this setting can be derived as: ( Total number of nodes / 2 ) + 1 For example: If we have 4 nodes, so we should keep this value to 3 discovery.zen.minimum_master_nodes=3
Log Management Architecture Design 1 2 3 Data processing flow: 1. Filebeat will ship all the logs to Logstash 2. Logstash transform data format and output to Elasticsearch 3. view logs on Kibana and query by specific field
Implementation Details Installing Elastic Stack using Docker Compose
Implementation Details • Filebeat – is a lightweight log data shipper for local files – monitors all the logs in the log directory and forwards to Logstash – configuration: Because Java stack traces consist of multiple lines, so we need consolidate these lines into a single event in Filebeat Logstash output sends events directly to Logstash byTCP
Implementation Details • Logstash – An open source, server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite “stash.” – configuration: The Logstash event processing pipeline has three stages: 1. input 2. filters (optional) 3. outputs
Implementation Details • Kibana – The Discover page allows you to perform different types of searches on the log data.
Advanced Design for Large Amounts of Logs • Context: – When the service increases, the amount of data in the log will become larger – Following a production incident, logs can suddenly surge • Problem: – The receiving end (Logstash or Elasticsearch) will be the main bottleneck. – Suddenly surge logs will overwhelm your logging infrastructure. • Solution: – To protect Logstash and Elasticsearch against such data bursts, users deploy buffering mechanisms to act as message brokers.
Advanced Design for Large Amounts of Logs • Apache Kafka is a Publish-Subscribe messaging system, originated at Linkedin in 2009, open sourced in 2011. Apache Kafka has some characteristics such as: – Kafka was designed to be distributed inherently.This makes Kakfa be very easy to scale out. – High throughput, high performance – Guarantee the fault-tolerant in term of machine failure.
Advanced Design for Large Amounts of Logs • Apache Kafka is the most common broker solution deployed together the ELK Stack. • Usually, Kafka is deployed between the shipper and the indexer, acting as an entrypoint for the data being collected
Advanced Design for Large Amounts of Logs • Logstash config: aggregates the data from the Kafka topic, processes it and ships to Elasticsearch. Logstash Kafka input plugin to define the Kafka host and the topic we want Logstash to pull from.
Advanced Design for Large Amounts of Logs • Filebeat config: collects logs and forwards them to a Kafka topic. forward the data to Kafka server and the relevant topic
Querying Data • Elasticsearch Query DSL – Get mapping field of index – Get document by id – URI Search curl -XGET 'http://localhost:9200/api-2019.05.06?pretty' curl -XGET 'http://localhost:9200/api-2019.05.06/_doc/sxXZi2oB-PgPWl1Y9Cl1?pretty=true' curl -XGET 'http://localhost:9200/api-2019.05.06 /_search?q=message:ERROR&from=0&size=10&sort=@timestamp:desc&pretty’
Querying Data • Elasticsearch Query DSL – Request Body Search – Count query curl -H "Content-Type: application/json" -XGET 'http://localhost:9200/api-2019.05.06/_search?pretty' -d '{ "query" : { "match" : { "message": "ERROR"} } }' curl -H "Content-Type: application/json" -XGET 'http://localhost:9200/api-2019.05.06/_doc/_count?pretty' -d '{ "query" : { "term" : {"message" : "ERROR"} } }'
Querying Data • Elasticsearch Query DSL – Validate DSL result: curl -H "Content-Type: application/json" -XGET 'http://localhost:9200/api-2019.05.06/_doc/_validate/query?pretty' -d '{ "query" : { "term" : {"message" : "ERROR"} } }' { "_shards" : { "total" : 1, "successful" : 1, "failed" : 0 }, "valid" : true }
Querying Data • Kibana – is the front end for Elasticsearch and provides visualizations for data, that can be used to search, view, and analyze data. • Kibana User Interface – Discover – Visualize – Dashboard • Kibana Query Language (KQL) – Release from version 6.3 – If a default field is not set these terms will be matched against all fields
Querying Data • Kibana Query Language (KQL) – Match query message:"info” – Token analyzer query message:"info error" – Multiple values query message:(info or error) – Wildcard query container.name: *api – Field exist querie fields.doc:*
Backing Up Data • Backup Snapshot – Using the snapshot API to back up the cluster. – The current state and data in the cluster are saved in a shared repository. – The first snapshot is a complete copy of the data, but all subsequent snapshots are incremental backups • There are several options to choose from for a repository: – Shared filesystem such as NAS – Azure Cloud – Amazon S3 – HDFS
Backing Up Data • Performing a cluster backup entails executing three steps: 1. Define a repository (Instruct Elasticsearch on how you want the repository structured) 2. Confirm the existence of the repository 3. Execute the backup • Backup/restore example: – Step1: Defining a new repository curl -XPUT 'localhost:9200/_snapshot/foo_backup' -d '{ “type” : “fs”, //shared file system type "settings" : { "location" : "/usr/share/elasticsearch/data/backups/foo_backup" } }'
Backing Up Data – Step2: Check the repository existence – Step3: Create a snapshot of particular index (api-2019.05.23) – Step4: Monitoring snapshot progress curl -XGET 'localhost:9200/_snapshot/foo_backup?pretty' curl -XPUT 'localhost:9200/_snapshot/foo_backup/snapshot_api-2019.05.23' -d ' { "indices" : "api-2019.05.23” //Comma-separated list of index names to snapshot }' curl -XGET 'localhost:9200/_snapshot/foo_backup/snapshot_api-2019.05.23/_status'
Backing Up Data – Step5: Retrieving information on the state of a given snapshot response: curl -XGET 'localhost:9200/_snapshot/foo_backup/snapshot_api-2019.05.23' { "snapshots": [ { "snapshot": "napshot_api-2019.05.23", "uuid": "knM5TEZrRxKhIqvpPQO74w", "version_id": 7000099, "version": "7.0.0", "indices": [“api-2019.05.23"], "include_global_state": true, "state": "SUCCESS", "start_time": "2019-05-24T06:30:11.737Z", "start_time_in_millis": 1558679411737, "end_time": "2019-05-24T06:30:11.791Z", "end_time_in_millis": 1558679411791, "duration_in_millis": 54, "failures": [], "shards": { "total": 1, "failed": 0, "successful": 1 } } ] }
Backing Up Data – Step6: Restoring from a snapshot The default action is to restore all the indices present in the snapshot or set wait_for_completion flag=true (executes in the foreground) curl -XPOST 'localhost:9200/_snapshot/foo_backup/snapshot_2/_restore' curl -XGET 'localhost:9200/_snapshot/foo_backup/snapshot_api- 2019.05.23'?wait_for_completion=true
Housekeeping Strategy • Time-based indices – Index name pattern: <index_name>.yyyy.MM.dd – faster and reduces to remove documents and reduces memory CPU and overhead (delete by index directly) – large amounts of bulk deletions can result in large Lucene index segments • Cron Job: delete the index seven days before every AM 2:oo For example: if housekeeping is 7 days and today is 2019/06/08, then delete 6/01 index Indices: [ “api-2019.06.01”, (deleted) “api-2019.06.02”, “api-2019.06.03”, “api-2019.06.04”, “api-2019.06.05”, “api-2019.06.06”, “api-2019.06.07”, “api-2019.06.08” ] keep 7 days
Management & Monitoring Tools • Elasticsearch Admin GUI Tools: – ElasticHQ : as a monitoring and management platform for Elasticsearch clusters. – Cerebro: is a elasticsearch web admin tool built using Scala, Play Framework, AngularJS and Bootstrap. ElasticHQ Cerebro Apache Software License MIT License Can monitor and manage many clusters at the same time Observe the index shards allocation Monitor and manage clusters, nodes, indices, aliases, and shards Manage cluster settings, aliases and index templates Easy-to-Use Querying capabilities Create snapshot Saves monitored clusters
Management & Monitoring Tools • ElasticHQ
Management & Monitoring Tools • Cerebro
Management & Monitoring Tools • Cerebro (snapshot management)
Ad

Recommended

Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack Presentation
Amr Alaa Yassen
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
Vikram Shinde
 
Présentation pfe Développement d'une application bancaire mobile
Présentation pfe Développement d'une application bancaire mobilePrésentation pfe Développement d'une application bancaire mobile
Présentation pfe Développement d'une application bancaire mobile
Nader Somrani
 
ELK Stack
ELK StackELK Stack
ELK Stack
Phuc Nguyen
 
ElasticSearch Basic Introduction
ElasticSearch Basic IntroductionElasticSearch Basic Introduction
ElasticSearch Basic Introduction
Mayur Rathod
 
CHATGPT.pptx
CHATGPT.pptxCHATGPT.pptx
CHATGPT.pptx
SajedRahman2
 
Introduction to elasticsearch
Introduction to elasticsearchIntroduction to elasticsearch
Introduction to elasticsearch
pmanvi
 
AI Chatbot
AI ChatbotAI Chatbot
AI Chatbot
Alex G. Lee, Ph.D. Esq. CLP
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
Hossein Shemshadi
 
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Edureka!
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK Stack
Rohit Sharma
 
Elasticsearch Introduction
Elasticsearch IntroductionElasticsearch Introduction
Elasticsearch Introduction
Roopendra Vishwakarma
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log Management
El Mahdi Benzekri
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Shagun Rathore
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elk
Rushika Shah
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overview
ABC Talks
 
Deep Dive Into Elasticsearch
Deep Dive Into ElasticsearchDeep Dive Into Elasticsearch
Deep Dive Into Elasticsearch
Knoldus Inc.
 
ELK introduction
ELK introductionELK introduction
ELK introduction
Waldemar Neto
 
Elk
Elk Elk
Elk
Caleb Wang
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
Geert Pante
 
An Introduction to Elastic Search.
An Introduction to Elastic Search.An Introduction to Elastic Search.
An Introduction to Elastic Search.
Jurriaan Persyn
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
Ruslan Zavacky
 
Introducing ELK
Introducing ELKIntroducing ELK
Introducing ELK
AllBits BVBA (freelancer)
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Divij Sehgal
 
Elasticsearch in Netflix
Elasticsearch in NetflixElasticsearch in Netflix
Elasticsearch in Netflix
Danny Yuan
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Hermeto Romano
 
Elasticsearch From the Bottom Up
Elasticsearch From the Bottom UpElasticsearch From the Bottom Up
Elasticsearch From the Bottom Up
foundsearch
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
YuHsuan Chen
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Streamsets Inc.
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Rick Bilodeau
 
Ad

More Related Content

What's hot (20)

Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
Hossein Shemshadi
 
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Edureka!
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK Stack
Rohit Sharma
 
Elasticsearch Introduction
Elasticsearch IntroductionElasticsearch Introduction
Elasticsearch Introduction
Roopendra Vishwakarma
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log Management
El Mahdi Benzekri
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Shagun Rathore
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elk
Rushika Shah
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overview
ABC Talks
 
Deep Dive Into Elasticsearch
Deep Dive Into ElasticsearchDeep Dive Into Elasticsearch
Deep Dive Into Elasticsearch
Knoldus Inc.
 
ELK introduction
ELK introductionELK introduction
ELK introduction
Waldemar Neto
 
Elk
Elk Elk
Elk
Caleb Wang
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
Geert Pante
 
An Introduction to Elastic Search.
An Introduction to Elastic Search.An Introduction to Elastic Search.
An Introduction to Elastic Search.
Jurriaan Persyn
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
Ruslan Zavacky
 
Introducing ELK
Introducing ELKIntroducing ELK
Introducing ELK
AllBits BVBA (freelancer)
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Divij Sehgal
 
Elasticsearch in Netflix
Elasticsearch in NetflixElasticsearch in Netflix
Elasticsearch in Netflix
Danny Yuan
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Hermeto Romano
 
Elasticsearch From the Bottom Up
Elasticsearch From the Bottom UpElasticsearch From the Bottom Up
Elasticsearch From the Bottom Up
foundsearch
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
YuHsuan Chen
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
Hossein Shemshadi
 
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Edureka!
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK Stack
Rohit Sharma
 
Elasticsearch Introduction
Elasticsearch IntroductionElasticsearch Introduction
Elasticsearch Introduction
Roopendra Vishwakarma
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log Management
El Mahdi Benzekri
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Shagun Rathore
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elk
Rushika Shah
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overview
ABC Talks
 
Deep Dive Into Elasticsearch
Deep Dive Into ElasticsearchDeep Dive Into Elasticsearch
Deep Dive Into Elasticsearch
Knoldus Inc.
 
ELK introduction
ELK introductionELK introduction
ELK introduction
Waldemar Neto
 
Elk
Elk Elk
Elk
Caleb Wang
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
Geert Pante
 
An Introduction to Elastic Search.
An Introduction to Elastic Search.An Introduction to Elastic Search.
An Introduction to Elastic Search.
Jurriaan Persyn
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
Ruslan Zavacky
 
Introducing ELK
Introducing ELKIntroducing ELK
Introducing ELK
AllBits BVBA (freelancer)
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Divij Sehgal
 
Elasticsearch in Netflix
Elasticsearch in NetflixElasticsearch in Netflix
Elasticsearch in Netflix
Danny Yuan
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
Hermeto Romano
 
Elasticsearch From the Bottom Up
Elasticsearch From the Bottom UpElasticsearch From the Bottom Up
Elasticsearch From the Bottom Up
foundsearch
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
YuHsuan Chen
 

Similar to Centralized log-management-with-elastic-stack (20)

Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Streamsets Inc.
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Rick Bilodeau
 
Elk presentation1#3
Elk presentation1#3Elk presentation1#3
Elk presentation1#3
uzzal basak
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)
Mathew Beane
 
Kafka streams decoupling with stores
Kafka streams decoupling with storesKafka streams decoupling with stores
Kafka streams decoupling with stores
Yoni Farin
 
AWS (Hadoop) Meetup 30.04.09
AWS (Hadoop) Meetup 30.04.09AWS (Hadoop) Meetup 30.04.09
AWS (Hadoop) Meetup 30.04.09
Chris Purrington
 
Big Data_Architecture.pptx
Big Data_Architecture.pptxBig Data_Architecture.pptx
Big Data_Architecture.pptx
betalab
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
uzzal basak
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache Spark
Rahul Jain
 
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingSnowflake Datawarehouse Architecturing
Snowflake Datawarehouse Architecturing
Ishan Bhawantha Hewanayake
 
Microsoft Azure Cloud Master-Cheat-Sheet
Microsoft Azure Cloud Master-Cheat-SheetMicrosoft Azure Cloud Master-Cheat-Sheet
Microsoft Azure Cloud Master-Cheat-Sheet
Mohan Arumugam
 
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
SolarWinds Loggly
 
IBM Cloud Day January 2021 Data Lake Deep Dive
IBM Cloud Day January 2021 Data Lake Deep DiveIBM Cloud Day January 2021 Data Lake Deep Dive
IBM Cloud Day January 2021 Data Lake Deep Dive
Torsten Steinbach
 
ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction
abenyeung1
 
OSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life Examples
OSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life ExamplesOSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life Examples
OSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life Examples
NETWAYS
 
Cassandra
CassandraCassandra
Cassandra
exsuns
 
Data Analysis on AWS
Data Analysis on AWSData Analysis on AWS
Data Analysis on AWS
Paolo latella
 
Managing Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using ElasticsearchManaging Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using Elasticsearch
Joe Alex
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructure
harendra_pathak
 
Real time data pipline with kafka streams
Real time data pipline with kafka streamsReal time data pipline with kafka streams
Real time data pipline with kafka streams
Yoni Farin
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Streamsets Inc.
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Rick Bilodeau
 
Elk presentation1#3
Elk presentation1#3Elk presentation1#3
Elk presentation1#3
uzzal basak
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)
Mathew Beane
 
Kafka streams decoupling with stores
Kafka streams decoupling with storesKafka streams decoupling with stores
Kafka streams decoupling with stores
Yoni Farin
 
AWS (Hadoop) Meetup 30.04.09
AWS (Hadoop) Meetup 30.04.09AWS (Hadoop) Meetup 30.04.09
AWS (Hadoop) Meetup 30.04.09
Chris Purrington
 
Big Data_Architecture.pptx
Big Data_Architecture.pptxBig Data_Architecture.pptx
Big Data_Architecture.pptx
betalab
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
uzzal basak
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache Spark
Rahul Jain
 
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingSnowflake Datawarehouse Architecturing
Snowflake Datawarehouse Architecturing
Ishan Bhawantha Hewanayake
 
Microsoft Azure Cloud Master-Cheat-Sheet
Microsoft Azure Cloud Master-Cheat-SheetMicrosoft Azure Cloud Master-Cheat-Sheet
Microsoft Azure Cloud Master-Cheat-Sheet
Mohan Arumugam
 
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
SolarWinds Loggly
 
IBM Cloud Day January 2021 Data Lake Deep Dive
IBM Cloud Day January 2021 Data Lake Deep DiveIBM Cloud Day January 2021 Data Lake Deep Dive
IBM Cloud Day January 2021 Data Lake Deep Dive
Torsten Steinbach
 
ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction
abenyeung1
 
OSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life Examples
OSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life ExamplesOSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life Examples
OSMC 2021 | Monitoring Open Infrastructure Logs – With Real Life Examples
NETWAYS
 
Cassandra
CassandraCassandra
Cassandra
exsuns
 
Data Analysis on AWS
Data Analysis on AWSData Analysis on AWS
Data Analysis on AWS
Paolo latella
 
Managing Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using ElasticsearchManaging Security At 1M Events a Second using Elasticsearch
Managing Security At 1M Events a Second using Elasticsearch
Joe Alex
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructure
harendra_pathak
 
Real time data pipline with kafka streams
Real time data pipline with kafka streamsReal time data pipline with kafka streams
Real time data pipline with kafka streams
Yoni Farin
 
Ad

More from Rich Lee (11)

COSCUP 2023 Building Portable and Reliable Applications on Google Cloud
COSCUP 2023 Building Portable and Reliable Applications on Google CloudCOSCUP 2023 Building Portable and Reliable Applications on Google Cloud
COSCUP 2023 Building Portable and Reliable Applications on Google Cloud
Rich Lee
 
2021 JCConf 使用Dapr簡化Java微服務應用開發
2021 JCConf 使用Dapr簡化Java微服務應用開發2021 JCConf 使用Dapr簡化Java微服務應用開發
2021 JCConf 使用Dapr簡化Java微服務應用開發
Rich Lee
 
GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...
GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...
GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...
Rich Lee
 
JCConf.tw 2020 - Building cloud-native applications with Quarkus
JCConf.tw 2020 - Building cloud-native applications with QuarkusJCConf.tw 2020 - Building cloud-native applications with Quarkus
JCConf.tw 2020 - Building cloud-native applications with Quarkus
Rich Lee
 
Redis Cache design
Redis Cache designRedis Cache design
Redis Cache design
Rich Lee
 
Couchbase & FTS
Couchbase & FTSCouchbase & FTS
Couchbase & FTS
Rich Lee
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
Rich Lee
 
Apache Spark Introduction
Apache Spark IntroductionApache Spark Introduction
Apache Spark Introduction
Rich Lee
 
AWS IoT in action
AWS IoT in actionAWS IoT in action
AWS IoT in action
Rich Lee
 
Realtime web development
Realtime web developmentRealtime web development
Realtime web development
Rich Lee
 
Event sourcing
Event sourcingEvent sourcing
Event sourcing
Rich Lee
 
COSCUP 2023 Building Portable and Reliable Applications on Google Cloud
COSCUP 2023 Building Portable and Reliable Applications on Google CloudCOSCUP 2023 Building Portable and Reliable Applications on Google Cloud
COSCUP 2023 Building Portable and Reliable Applications on Google Cloud
Rich Lee
 
2021 JCConf 使用Dapr簡化Java微服務應用開發
2021 JCConf 使用Dapr簡化Java微服務應用開發2021 JCConf 使用Dapr簡化Java微服務應用開發
2021 JCConf 使用Dapr簡化Java微服務應用開發
Rich Lee
 
GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...
GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...
GDG Taipei 2020 - Cloud and On-premises Applications Integration Using Event-...
Rich Lee
 
JCConf.tw 2020 - Building cloud-native applications with Quarkus
JCConf.tw 2020 - Building cloud-native applications with QuarkusJCConf.tw 2020 - Building cloud-native applications with Quarkus
JCConf.tw 2020 - Building cloud-native applications with Quarkus
Rich Lee
 
Redis Cache design
Redis Cache designRedis Cache design
Redis Cache design
Rich Lee
 
Couchbase & FTS
Couchbase & FTSCouchbase & FTS
Couchbase & FTS
Rich Lee
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
Rich Lee
 
Apache Spark Introduction
Apache Spark IntroductionApache Spark Introduction
Apache Spark Introduction
Rich Lee
 
AWS IoT in action
AWS IoT in actionAWS IoT in action
AWS IoT in action
Rich Lee
 
Realtime web development
Realtime web developmentRealtime web development
Realtime web development
Rich Lee
 
Event sourcing
Event sourcingEvent sourcing
Event sourcing
Rich Lee
 
Ad

Recently uploaded (20)

Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 

Centralized log-management-with-elastic-stack

  • 2. Outline • Problem Statement • Elastic Stack • Log Management Service – Architecture Design – Implementation Details – Advanced Design • Querying Data • Data Backup/Restore • Management & Monitoring Tools
  • 3. Problem Statement • Context – In Microservices architecture, an application consists of multiple services and service instances that are running on multiple machines. – Each service instance generates writes information about what it is doing to a log file. • Problem – How to query information related to system operation from the data efficiently. – How to troubleshoot bugs from multiple log files • Solution – Build a log management service with Elastic Stack, because it is a mature and complete open source tool.
  • 4. What is the ELK Stack? ref The ELK Stack is a collection of multiple open-source products, all developed, managed and maintained by Elastic.
  • 5. What is the ELK Stack? However, we only need to use the following modules for this solution. • Beats: agents to ship log data • Logstash: processing log data • Elasticsearch: storing log data • Kibana: UI for visualizing
  • 6. Elasticsearch Basic Concepts • Index – An index contains one or multiple types – An Elasticsearch index is an independent chunk of document and stored on the disk in the same set of files • Type – A type can be thought of as a table in a RDB – A type has one or more documents • Document – A document is normally a JSON representation of your data
  • 7. Elasticsearch Basic Concepts • Cluster – A cluster has one or more nodes. Clusters are identified by their names. (default cluster name= elasticsearch) • Node – A node is an instance of Elasticsearch – Multiple nodes can join the same cluster. With a cluster of multiple nodes, the same data can be spread across multiple servers. • Shard – An index can be divided into shards. – There are two types of shards • primary • replica
  • 8. Elasticsearch Basic Concepts • Node types – Master node: in charge of cluster management – Data node: Data nodes hold data and perform CRUD, search, and aggregations. – Ingest node: for pre-processing documents before indexing – Machine learning node Each document, when indexed, is first added to the primary shard and then to one or more replica shards ref Elasticsearch in action 2015
  • 9. Elasticsearch Basic Concepts • Minimum master nodes – We can specify a property that Elasticsearch evaluates to find out the minimum number of nodes that are needed as master eligible • Split Brain Problem – To avoid this problem, we can use discovery.zen.minimum_master_nodes setting for cluster setup. – The value of this setting can be derived as: ( Total number of nodes / 2 ) + 1 For example: If we have 4 nodes, so we should keep this value to 3 discovery.zen.minimum_master_nodes=3
  • 10. Log Management Architecture Design 1 2 3 Data processing flow: 1. Filebeat will ship all the logs to Logstash 2. Logstash transform data format and output to Elasticsearch 3. view logs on Kibana and query by specific field
  • 11. Implementation Details Installing Elastic Stack using Docker Compose
  • 12. Implementation Details • Filebeat – is a lightweight log data shipper for local files – monitors all the logs in the log directory and forwards to Logstash – configuration: Because Java stack traces consist of multiple lines, so we need consolidate these lines into a single event in Filebeat Logstash output sends events directly to Logstash byTCP
  • 13. Implementation Details • Logstash – An open source, server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite “stash.” – configuration: The Logstash event processing pipeline has three stages: 1. input 2. filters (optional) 3. outputs
  • 14. Implementation Details • Kibana – The Discover page allows you to perform different types of searches on the log data.
  • 15. Advanced Design for Large Amounts of Logs • Context: – When the service increases, the amount of data in the log will become larger – Following a production incident, logs can suddenly surge • Problem: – The receiving end (Logstash or Elasticsearch) will be the main bottleneck. – Suddenly surge logs will overwhelm your logging infrastructure. • Solution: – To protect Logstash and Elasticsearch against such data bursts, users deploy buffering mechanisms to act as message brokers.
  • 16. Advanced Design for Large Amounts of Logs • Apache Kafka is a Publish-Subscribe messaging system, originated at Linkedin in 2009, open sourced in 2011. Apache Kafka has some characteristics such as: – Kafka was designed to be distributed inherently.This makes Kakfa be very easy to scale out. – High throughput, high performance – Guarantee the fault-tolerant in term of machine failure.
  • 17. Advanced Design for Large Amounts of Logs • Apache Kafka is the most common broker solution deployed together the ELK Stack. • Usually, Kafka is deployed between the shipper and the indexer, acting as an entrypoint for the data being collected
  • 18. Advanced Design for Large Amounts of Logs • Logstash config: aggregates the data from the Kafka topic, processes it and ships to Elasticsearch. Logstash Kafka input plugin to define the Kafka host and the topic we want Logstash to pull from.
  • 19. Advanced Design for Large Amounts of Logs • Filebeat config: collects logs and forwards them to a Kafka topic. forward the data to Kafka server and the relevant topic
  • 20. Querying Data • Elasticsearch Query DSL – Get mapping field of index – Get document by id – URI Search curl -XGET 'http://localhost:9200/api-2019.05.06?pretty' curl -XGET 'http://localhost:9200/api-2019.05.06/_doc/sxXZi2oB-PgPWl1Y9Cl1?pretty=true' curl -XGET 'http://localhost:9200/api-2019.05.06 /_search?q=message:ERROR&from=0&size=10&sort=@timestamp:desc&pretty’
  • 21. Querying Data • Elasticsearch Query DSL – Request Body Search – Count query curl -H "Content-Type: application/json" -XGET 'http://localhost:9200/api-2019.05.06/_search?pretty' -d '{ "query" : { "match" : { "message": "ERROR"} } }' curl -H "Content-Type: application/json" -XGET 'http://localhost:9200/api-2019.05.06/_doc/_count?pretty' -d '{ "query" : { "term" : {"message" : "ERROR"} } }'
  • 22. Querying Data • Elasticsearch Query DSL – Validate DSL result: curl -H "Content-Type: application/json" -XGET 'http://localhost:9200/api-2019.05.06/_doc/_validate/query?pretty' -d '{ "query" : { "term" : {"message" : "ERROR"} } }' { "_shards" : { "total" : 1, "successful" : 1, "failed" : 0 }, "valid" : true }
  • 23. Querying Data • Kibana – is the front end for Elasticsearch and provides visualizations for data, that can be used to search, view, and analyze data. • Kibana User Interface – Discover – Visualize – Dashboard • Kibana Query Language (KQL) – Release from version 6.3 – If a default field is not set these terms will be matched against all fields
  • 24. Querying Data • Kibana Query Language (KQL) – Match query message:"info” – Token analyzer query message:"info error" – Multiple values query message:(info or error) – Wildcard query container.name: *api – Field exist querie fields.doc:*
  • 25. Backing Up Data • Backup Snapshot – Using the snapshot API to back up the cluster. – The current state and data in the cluster are saved in a shared repository. – The first snapshot is a complete copy of the data, but all subsequent snapshots are incremental backups • There are several options to choose from for a repository: – Shared filesystem such as NAS – Azure Cloud – Amazon S3 – HDFS
  • 26. Backing Up Data • Performing a cluster backup entails executing three steps: 1. Define a repository (Instruct Elasticsearch on how you want the repository structured) 2. Confirm the existence of the repository 3. Execute the backup • Backup/restore example: – Step1: Defining a new repository curl -XPUT 'localhost:9200/_snapshot/foo_backup' -d '{ “type” : “fs”, //shared file system type "settings" : { "location" : "/usr/share/elasticsearch/data/backups/foo_backup" } }'
  • 27. Backing Up Data – Step2: Check the repository existence – Step3: Create a snapshot of particular index (api-2019.05.23) – Step4: Monitoring snapshot progress curl -XGET 'localhost:9200/_snapshot/foo_backup?pretty' curl -XPUT 'localhost:9200/_snapshot/foo_backup/snapshot_api-2019.05.23' -d ' { "indices" : "api-2019.05.23” //Comma-separated list of index names to snapshot }' curl -XGET 'localhost:9200/_snapshot/foo_backup/snapshot_api-2019.05.23/_status'
  • 28. Backing Up Data – Step5: Retrieving information on the state of a given snapshot response: curl -XGET 'localhost:9200/_snapshot/foo_backup/snapshot_api-2019.05.23' { "snapshots": [ { "snapshot": "napshot_api-2019.05.23", "uuid": "knM5TEZrRxKhIqvpPQO74w", "version_id": 7000099, "version": "7.0.0", "indices": [“api-2019.05.23"], "include_global_state": true, "state": "SUCCESS", "start_time": "2019-05-24T06:30:11.737Z", "start_time_in_millis": 1558679411737, "end_time": "2019-05-24T06:30:11.791Z", "end_time_in_millis": 1558679411791, "duration_in_millis": 54, "failures": [], "shards": { "total": 1, "failed": 0, "successful": 1 } } ] }
  • 29. Backing Up Data – Step6: Restoring from a snapshot The default action is to restore all the indices present in the snapshot or set wait_for_completion flag=true (executes in the foreground) curl -XPOST 'localhost:9200/_snapshot/foo_backup/snapshot_2/_restore' curl -XGET 'localhost:9200/_snapshot/foo_backup/snapshot_api- 2019.05.23'?wait_for_completion=true
  • 30. Housekeeping Strategy • Time-based indices – Index name pattern: <index_name>.yyyy.MM.dd – faster and reduces to remove documents and reduces memory CPU and overhead (delete by index directly) – large amounts of bulk deletions can result in large Lucene index segments • Cron Job: delete the index seven days before every AM 2:oo For example: if housekeeping is 7 days and today is 2019/06/08, then delete 6/01 index Indices: [ “api-2019.06.01”, (deleted) “api-2019.06.02”, “api-2019.06.03”, “api-2019.06.04”, “api-2019.06.05”, “api-2019.06.06”, “api-2019.06.07”, “api-2019.06.08” ] keep 7 days
  • 31. Management & Monitoring Tools • Elasticsearch Admin GUI Tools: – ElasticHQ : as a monitoring and management platform for Elasticsearch clusters. – Cerebro: is a elasticsearch web admin tool built using Scala, Play Framework, AngularJS and Bootstrap. ElasticHQ Cerebro Apache Software License MIT License Can monitor and manage many clusters at the same time Observe the index shards allocation Monitor and manage clusters, nodes, indices, aliases, and shards Manage cluster settings, aliases and index templates Easy-to-Use Querying capabilities Create snapshot Saves monitored clusters
  • 32. Management & Monitoring Tools • ElasticHQ
  • 33. Management & Monitoring Tools • Cerebro
  • 34. Management & Monitoring Tools • Cerebro (snapshot management)