Submit Search
Upload
Don’t turn your logs into cuneiform
•
Download as PPT, PDF
•
0 likes
•
520 views
Andrey Rebrov
Follow
Don’t turn your logs into cuneiform
Read less
Read more
Software
Report
Share
Report
Share
1 of 43
Download now
Recommended
Logstash: Get to know your logs
Logstash: Get to know your logs
SmartLogic
Caching in Docker - the hardest thing in computer science
Caching in Docker - the hardest thing in computer science
Jarek Potiuk
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfile
Rainer Gerhards
Fluentd 101
Fluentd 101
SATOSHI TAGOMORI
Golang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war story
Aerospike
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
Configuring Syslog by Octavio
Configuring Syslog by Octavio
Rowell Dionicio
Writing External Rsyslog Plugins
Writing External Rsyslog Plugins
Rainer Gerhards
Recommended
Logstash: Get to know your logs
Logstash: Get to know your logs
SmartLogic
Caching in Docker - the hardest thing in computer science
Caching in Docker - the hardest thing in computer science
Jarek Potiuk
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfile
Rainer Gerhards
Fluentd 101
Fluentd 101
SATOSHI TAGOMORI
Golang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war story
Aerospike
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
Configuring Syslog by Octavio
Configuring Syslog by Octavio
Rowell Dionicio
Writing External Rsyslog Plugins
Writing External Rsyslog Plugins
Rainer Gerhards
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
James Turnbull
Mongo db - How we use Go and MongoDB by Sam Helman
Mongo db - How we use Go and MongoDB by Sam Helman
Hakka Labs
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
dknx01
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Waldemar Neto
Life of an Fluentd event
Life of an Fluentd event
Kiyoto Tamura
Node.js
Node.js
hotrannam
HTML5 Programming
HTML5 Programming
hotrannam
Fluentd meetup #2
Fluentd meetup #2
Treasure Data, Inc.
Easy access to open stack object storage
Easy access to open stack object storage
Juan José Martínez
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
INSIGHT FORENSIC
解密解密
解密解密
Tom Chen
Python的50道陰影
Python的50道陰影
Tim (文昌)
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0
Zabbix
rsyslog meets docker
rsyslog meets docker
Rainer Gerhards
Building Awesome CLI apps in Go
Building Awesome CLI apps in Go
Steven Francia
Administration
Administration
MongoSF
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)
Rainer Gerhards
Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18
Pierre Joye
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Codemotion
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uring
ShapeBlue
Logstash
Logstash
琛琳 饶
Engage 2019: Introduction to Node-Red
Engage 2019: Introduction to Node-Red
Paul Withers
More Related Content
What's hot
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
James Turnbull
Mongo db - How we use Go and MongoDB by Sam Helman
Mongo db - How we use Go and MongoDB by Sam Helman
Hakka Labs
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
dknx01
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Waldemar Neto
Life of an Fluentd event
Life of an Fluentd event
Kiyoto Tamura
Node.js
Node.js
hotrannam
HTML5 Programming
HTML5 Programming
hotrannam
Fluentd meetup #2
Fluentd meetup #2
Treasure Data, Inc.
Easy access to open stack object storage
Easy access to open stack object storage
Juan José Martínez
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
INSIGHT FORENSIC
解密解密
解密解密
Tom Chen
Python的50道陰影
Python的50道陰影
Tim (文昌)
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0
Zabbix
rsyslog meets docker
rsyslog meets docker
Rainer Gerhards
Building Awesome CLI apps in Go
Building Awesome CLI apps in Go
Steven Francia
Administration
Administration
MongoSF
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)
Rainer Gerhards
Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18
Pierre Joye
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Codemotion
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uring
ShapeBlue
What's hot
(20)
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesome
Mongo db - How we use Go and MongoDB by Sam Helman
Mongo db - How we use Go and MongoDB by Sam Helman
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
Life of an Fluentd event
Life of an Fluentd event
Node.js
Node.js
HTML5 Programming
HTML5 Programming
Fluentd meetup #2
Fluentd meetup #2
Easy access to open stack object storage
Easy access to open stack object storage
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
解密解密
解密解密
Python的50道陰影
Python的50道陰影
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0
rsyslog meets docker
rsyslog meets docker
Building Awesome CLI apps in Go
Building Awesome CLI apps in Go
Administration
Administration
The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)
Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Asynchronous IO in Rust - Enrico Risa - Codemotion Rome 2017
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uring
Similar to Don’t turn your logs into cuneiform
Logstash
Logstash
琛琳 饶
Engage 2019: Introduction to Node-Red
Engage 2019: Introduction to Node-Red
Paul Withers
Open Source Tools for Leveling Up Operations FOSSET 2014
Open Source Tools for Leveling Up Operations FOSSET 2014
Mandi Walls
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
PROIDEA
Open Source Logging and Metrics Tools
Open Source Logging and Metrics Tools
Phase2
Open Source Logging and Monitoring Tools
Open Source Logging and Monitoring Tools
Phase2
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 Talk
Rainer Gerhards
Burp suite
Burp suite
Yashar Shahinzadeh
Docker and Fluentd
Docker and Fluentd
N Masahiro
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
WO Community
Logging & Docker - Season 2
Logging & Docker - Season 2
Christian Beedgen
PostgreSQL and Linux Containers
PostgreSQL and Linux Containers
Jignesh Shah
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh Shah
PivotalOpenSourceHub
introduction to node.js
introduction to node.js
orkaplan
CPAN 模組二三事
CPAN 模組二三事
Lin Yo-An
Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCS
Vlatko Kosturjak
Open Source Logging and Metric Tools
Open Source Logging and Metric Tools
Phase2
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
DefconRussia
Docker introduction
Docker introduction
Walter Liu
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
Altoros
Similar to Don’t turn your logs into cuneiform
(20)
Logstash
Logstash
Engage 2019: Introduction to Node-Red
Engage 2019: Introduction to Node-Red
Open Source Tools for Leveling Up Operations FOSSET 2014
Open Source Tools for Leveling Up Operations FOSSET 2014
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
Open Source Logging and Metrics Tools
Open Source Logging and Metrics Tools
Open Source Logging and Monitoring Tools
Open Source Logging and Monitoring Tools
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 Talk
Burp suite
Burp suite
Docker and Fluentd
Docker and Fluentd
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
Logging & Docker - Season 2
Logging & Docker - Season 2
PostgreSQL and Linux Containers
PostgreSQL and Linux Containers
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh Shah
introduction to node.js
introduction to node.js
CPAN 模組二三事
CPAN 模組二三事
Wonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCS
Open Source Logging and Metric Tools
Open Source Logging and Metric Tools
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Vorontsov, golovko ssrf attacks and sockets. smorgasbord of vulnerabilities
Docker introduction
Docker introduction
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
More from Andrey Rebrov
Agile Testing in Enterprise: Way to transform - SQA Days 2014
Agile Testing in Enterprise: Way to transform - SQA Days 2014
Andrey Rebrov
Spec By Example or How to teach people talk to each other
Spec By Example or How to teach people talk to each other
Andrey Rebrov
Test Automation Canvas
Test Automation Canvas
Andrey Rebrov
How engineering practices help business
How engineering practices help business
Andrey Rebrov
DevOps tools cargo tools
DevOps tools cargo tools
Andrey Rebrov
Agile Games
Agile Games
Andrey Rebrov
Agile тестирование в enterpise проектов: путь трансформации
Agile тестирование в enterpise проектов: путь трансформации
Andrey Rebrov
Building deployment pipeline - DevOps way
Building deployment pipeline - DevOps way
Andrey Rebrov
Test Automation Canvas - не наступайте на глабли автоматизации
Test Automation Canvas - не наступайте на глабли автоматизации
Andrey Rebrov
Не превращайте ваши логи в клинопись
Не превращайте ваши логи в клинопись
Andrey Rebrov
Карго культ инструментов в DevOps
Карго культ инструментов в DevOps
Andrey Rebrov
как инженерные практики помогают экономить бизнесу
как инженерные практики помогают экономить бизнесу
Andrey Rebrov
грабли автоматизации тестирования мобильного веба с помощью Selenium 2
грабли автоматизации тестирования мобильного веба с помощью Selenium 2
Andrey Rebrov
DevOps от и до - что, зачем и почему
DevOps от и до - что, зачем и почему
Andrey Rebrov
Agile Testing: вопросы и ответы
Agile Testing: вопросы и ответы
Andrey Rebrov
DevOps модное слово или следующая ступень эволюции
DevOps модное слово или следующая ступень эволюции
Andrey Rebrov
Как научить людей общаться с помощью Spec By Example
Как научить людей общаться с помощью Spec By Example
Andrey Rebrov
Rebrov selenium camp2013
Rebrov selenium camp2013
Andrey Rebrov
Курс молодого бойца-автоматизатора - как остаться в живых и стать ветераном
Курс молодого бойца-автоматизатора - как остаться в живых и стать ветераном
Andrey Rebrov
Automation Functional Testing in Agile Projects
Automation Functional Testing in Agile Projects
Andrey Rebrov
More from Andrey Rebrov
(20)
Agile Testing in Enterprise: Way to transform - SQA Days 2014
Agile Testing in Enterprise: Way to transform - SQA Days 2014
Spec By Example or How to teach people talk to each other
Spec By Example or How to teach people talk to each other
Test Automation Canvas
Test Automation Canvas
How engineering practices help business
How engineering practices help business
DevOps tools cargo tools
DevOps tools cargo tools
Agile Games
Agile Games
Agile тестирование в enterpise проектов: путь трансформации
Agile тестирование в enterpise проектов: путь трансформации
Building deployment pipeline - DevOps way
Building deployment pipeline - DevOps way
Test Automation Canvas - не наступайте на глабли автоматизации
Test Automation Canvas - не наступайте на глабли автоматизации
Не превращайте ваши логи в клинопись
Не превращайте ваши логи в клинопись
Карго культ инструментов в DevOps
Карго культ инструментов в DevOps
как инженерные практики помогают экономить бизнесу
как инженерные практики помогают экономить бизнесу
грабли автоматизации тестирования мобильного веба с помощью Selenium 2
грабли автоматизации тестирования мобильного веба с помощью Selenium 2
DevOps от и до - что, зачем и почему
DevOps от и до - что, зачем и почему
Agile Testing: вопросы и ответы
Agile Testing: вопросы и ответы
DevOps модное слово или следующая ступень эволюции
DevOps модное слово или следующая ступень эволюции
Как научить людей общаться с помощью Spec By Example
Как научить людей общаться с помощью Spec By Example
Rebrov selenium camp2013
Rebrov selenium camp2013
Курс молодого бойца-автоматизатора - как остаться в живых и стать ветераном
Курс молодого бойца-автоматизатора - как остаться в живых и стать ветераном
Automation Functional Testing in Agile Projects
Automation Functional Testing in Agile Projects
Recently uploaded
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Ahmed Mohamed
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
andrehoraa
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
confluent
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Drew Moseley
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
RTS corp
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Natan Silnitsky
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
Dinusha Kumarasiri
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
qr0udbr0
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
AnoyGreter
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
Lionel Briand
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
Marharyta Nedzelska
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
FerryKemperman
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
Hanief Utama
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
smiwainfosol
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
VICTOR MAESTRE RAMIREZ
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
OnePlan Solutions
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
Łukasz Chruściel
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
Envertis Software Solutions
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
Diego Iván Oliveros Acosta
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
BradBedford3
Recently uploaded
(20)
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
Don’t turn your logs into cuneiform
1.
Don’t turn your
logs into cuneiform Andrei Rebrov
2.
3.
Cuneiform
4.
Logs
5.
What’s the difference?
6.
Let’s dig into •
Too much logs • Too much information inside • They are distributed across several machines • We are not supposed to read blogs
7.
Time for tools
8.
• Open source •
Collects and parses Logstash http://logstash.net
9.
Key feature Too many
sources? •syslog •nginx access log •application logs •database logs How about their format?
10.
11.
З parts of
Logstash •Inputs •Filters •Outputs
12.
http://logstash.net/docs/1.1.12/ Inputs • file • eventlog •
ganglia • heroku • syslog • tcp
13.
Filters http://logstash.net/docs/1.1.12/ • anonymize • date •
mutate • grok • grep
14.
http://logstash.net/docs/1.1.12/ Outputs • file • graphite •
http • irc • email • zabbix
15.
input { stdin
{ type => "stdin-type"} } output { stdout { debug => true debug_format => "json"} } java -jar logstash-1.1.9-monolithic.jar agent -f logstash-simple.conf Easy to adopt
16.
Example
17.
input { stdin
{ type => "stdin-type"} } filter { grok { type => "stdin-type" pattern => "Hello %{DATA:message}!" } } output { stdout { debug => true debug_format => "json"} } java -jar logstash-1.1.9-monolithic.jar agent -f logstash-simple.conf Time to parse
18.
Example
19.
input { stdin
{ type => "stdin-type" } } output { stdout { debug => true debug_format => "json" } elasticsearch { embedded => true } } java -jar logstash-1.1.9-monolithic.jar agent -f logstash-search.conf How to output
20.
Example
21.
Where to store ElasticSearch http://www.elasticsearch.org
22.
What is Elasticsearch? Distibuted
RESTful search server «Real-time» search RESTful API Fulltext search YAML/JSON configuration
23.
Beautiful UI http://kibana.org
24.
User-friendly UI
25.
Test Node Test Node Logstash
ElasticSearch Kibana ??? How to compose them
26.
We need shippers!
27.
Logstash shippers • beaver
- python, multiple outputs • woodchuck - ruby, multiple outputs • awesant - perl, multiple outputs supported • lumberjack - C, encrypted+compressed transport • syslog-shipper - ruby, syslog tcp • remote_syslog - ruby, syslog tcp/tls • Message::Passing - perl, multiple inputs and outputs • nxlog - C, multi platform including windows,
28.
Build time
29.
Lumberjack installation apt-get install
rubygems gem install fpm export PATH=$PATH:/var/lib/gems/1.8/bin git clone https://github.com/jordansissel/ lumberjack.git cd lumberjack make make deb dpkg -i lumberjack_0.0.8_amd64.deb
30.
Logstash installation mkdir /opt/logstash wget https://logstash.objects.dreamhost.com/ release/logstash-1.1.9-monolithic.jar
-O /opt/ logstash/logstash.jar
31.
Elasticsearch installation wget http://download.elasticsearch.org/ elasticsearch/elasticsearch/
elasticsearch- 0.20.2.tar.gz tar -zxf elasticsearch-0.20.2.tar.gz
32.
Kibana installation git clone
--branch=kibana-ruby https://github.com/ rashidkpc/Kibana.git /opt/kibana apt-get install rubygems libcurl4-openssl- dev export PATH=$PATH:/var/lib/gems/1.8/bin cd /opt/kibana bundle install
33.
Lumberjack startup /opt/lumberjack/bin/lumberjack -- host your.logstash.host
--port port-for- these-logs --ssl-ca-path /etc/ssl/ logstash.pub Для генерации ключей на logstash сервере: openssl req -x509 -newkey rsa:2048 -keyout /etc/ ssl/logstash.key -out /etc/ssl/logstash.pub - nodes -days 365
34.
Configuring Logstash #1 input
{ lumberjack { type => "apache-access" port => 3338 ssl_certificate => "/etc/ssl/logstash.pub" ssl_key => "/etc/ssl/logstash.key" } }
35.
Configuring Logstash #2 filter
{ date { type => "apache-access" timestamp => "dd/MMM/yyyy:HH:mm:ss Z" } }
36.
Configuring Logstash #3 output
{ elasticsearch { embedded => false cluster => logs host => "172.28.2.2" index => "apache-%{+YYYY.MM}" type => "apache-access" } }
37.
Logstash startup /usr/bin/java -jar
/opt/logstash/logstash.jar agent -f <path-to-your.conf> -l <path-to- where-you-want-the.log>
38.
Configuring Elasticsearch cluster.name: logs index.number_of_replicas:
0 path.data: /elasticsearch/data path.work: /elasticsearch/work path.logs: /elasticsearch/logs bootstrap.mlockall: true discovery.zen.ping.multicast.enabled: false
39.
Elasticsearch startup ./bin/elasticsearch –f or
as a daemon ./bin/elasticsearch
40.
Kibana startup ruby kibana.rb
41.
Profit!
42.
What to read http://www.logstashbook.com/code/ https://github.com/logstash/logstash/blob/v1.1.12/patter ns/grok-patterns http://grokdebug.herokuapp.com/ http://www.infoq.com/articles/review-the-logstash-booл http://www.elasticsearch.org/tutorials/using- elasticsearch-for-logs/ https://lucene.apache.org/core/old_versioned_docs/ver sions/3_5_0/queryparsersyntax.html http://www.elasticsearch.org/tutorials/elasticsearch-on- ec2/ http://blog.lusis.org/blog/2012/01/31/load-balancing- logstash-with-amqp/
43.
Twitter @andrebrov E-mail arebrov@scrumtrek.ru Skype rebrov.andrey Q&A
Download now