SlideShare ist ein Scribd-Unternehmen logo

2 Million Audit Logs to Elasticsearch Daily

Als PPTX, PDF herunterladen
T
Taswar Bhatti

The document discusses using Elastic Stack to store and analyze 2 million audit logs per day from distributed systems. It introduces Elastic Stack components like Logstash, Kibana, Elasticsearch and Beats. It describes how the speaker's company Gemalto used Logstash and Elasticsearch to ingest logs from .NET applications into Elasticsearch at speeds of 1000 logs/second. Future plans include using Elasticsearch's machine learning and integrating with Kafka for cross data center replication.

Software
1 von 50
STORE 2 MILLION OF AUDIT LOGS A DAY INTO ELASTICSEARCH Taswar Bhatti (Microsoft MVP) GEMALTO @taswarbhatti http://taswar.zeytinsoft.co m taswar@gmail.com
WHO AM I? - 4 years Microsoft MVP - 17 years in software industry - Currently working as System Architect in Enterprise Security Space (Gemalto) - You may not have heard of Gemalto but 1/3 of the world population uses Gemalto they just dont know it - Gemalto has stacks build in many environnent .NET, Java, Node, Lua, Python, mobile (Android, IOS), ebanking etc 9/22/2017 2
AGENDA - Problem we had and wanted to solve with Elastic Stack - Intro to Elastic Stack (Ecosystem) - Logstash - Kibana - Beats - Elastic Search flows designs that we have considered - Future plans of using Elastic Search 9/22/2017 3
QUESTION & POLL - How many of you are using Elastic or some other logging solution? - How do you normally log? Where do you log? - Do you log in Relational Database? 9/22/2017 4
HOW DO YOU TROUBLESHOOT OR FIND YOUR BUGS - Typically in a distributed environment one has to go through the logs to find out where the issue is - Could be multiple systems that you have to go through which machine/server generated the log or monitoring multiple logs - Even monitor firewall logs to find traffic routing through which data center - Chuck Norris never troubleshoot; the trouble kills themselves when they see him coming 9/22/2017 5
9/22/2017 6
OUR PROBLEM - We had distributed systems (microservices) that would generate many different types of logs, in different data centers - We also had authentication audit logs that had to be secure and stored for 1 year - We generate around 2 millions records of audit logs a day, 4TB with replications - We need to generate reports out of our data for customers - We were still using Monolith Solution in some core parts of the application - Growing pains of a successful application - We want to use a centralized scalable logging system for all our9/22/2017 7
FINDING BUGS THROUGH LOGS 9/22/2017 8
A LITTLE HISTORY OF ELASTICSEARCH - Shay Banon created Compass in 2004 - Released Elastic Search 1.0 in 2010 - ElasticSearch the company was formed in 2012 - Shay wife is still waiting for her receipe app 9/22/2017 9
9/22/2017 10
ELASTIC STACK 9/22/2017 11
ELASTICSEARCH - Written in Java backed by Lucene - Schema free, REST & JSON based document store - Search Engine - Distributed, Horizontally Scalable - No database storage, storage is Lucene - Apache 2.0 License 9/22/2017 12
COMPANIES USING ELASTIC STACK 9/22/2017 13
ELASTICSEARCH INDICES - Elastic organizes document in indices - Lucene writes and maintains the index files - ElasticSearch writes and maintains metadata on top of Lucene - Example: field mappings, index settings and other cluster metadata 9/22/2017 14
DATABASE VS ELASTIC 9/22/2017 15
ELASTIC CONCEPTS - Cluster : A cluster is a collection of one or more nodes (servers) - Node : A node is a single server that is part of your cluster, stores your data, and participates in the cluster’s indexing and search capabilities - Index : An index is a collection of documents that have somewhat similar characteristics. (e.g Product, Customer, etc) - Type : Within an index, you can define one or more types. A type is a logical category/partition of your index. - Document : A document is a basic unit of information that can be indexed - Shard/Replica: Index divided into multiple pieces called shards, replicas are copy of your shards9/22/2017 16
ELASTIC NODES - Master Node : which controls the cluster - Data Node : Data nodes hold data and perform data related operations such as CRUD, search, and aggregations. - Ingest Node : Ingest nodes are able to apply an ingest pipeline to a document in order to transform and enrich the document before indexing - Coordinating Node : only route requests, handle the search reduce phase, and distribute bulk indexing. 9/22/2017 17
SAMPLE JSON DOCUMENT HTTP CALL JSON DOCUMENT 9/22/2017 18
ELASTICSEARCH CLUSTER 9/22/2017 19
TYPICAL CLUSTER SHARD & REPLICA 9/22/2017 20
SHARD SEARCH AND INDEX 9/22/2017 21
DEMO OF ELASTICSEARCH 9/22/2017 22
LOGSTASH - Ruby application runs under JRuby on the JVM - Collects, parse, enrich data - Horizontally scalable - Apache 2.0 License - Large amount of public plugins written by Community https://github.com/logstash- plugins 9/22/2017 23
TYPICAL USAGE OF LOGSTASH 9/22/2017 24
9/22/2017 25
LOGSTASH INPUT 9/22/2017 26
LOGSTASH FILTER 9/22/2017 27
LOGSTASH OUTPUT 9/22/2017 28
DEMO LOGSTASH 9/22/2017 29
BEATS 9/22/2017 30
BEATS - Lightweight shippers written in Golang (Non JVM shops can use them) - They follow unix philosophy; do one specific thing, and do it well - Filebeat : Logfile (think of it tail –f on steroids) - Metricbeat : CPU, Memory (like top), redis, mongodb usage - Packetbeat : Wireshark uses libpcap, monitoring packet http etc - Winlogbeat : Windows event logs to elastic - Dockbeat : Monitoring docker - Large community lots of other beats offered as opensource 9/22/2017 31
9/22/2017 32
FILEBEAT 9/22/2017 33
X-PACK - Elastic commercial offering (This is one of the ways they make money) - X-Pack is an Elastic Stack extension that bundles - Security (https to elastic, password to access Kibana) - Alerting - Monitoring - Reporting - Graph capabilities - Machine Learning 9/22/2017 34
9/22/2017 35
KIBANA - Visual Application for Elastic Search (JS, Angular, D3) - Powerful frontend for dashboard for visualizing index information from elastic search - Historical data to form charts, graphs etc - Realtime search for index information 9/22/2017 36
9/22/2017 37
DEMO KIBANA 9/22/2017 38
DESIGNS WE WENT THROUGH - We started with simple design to measure throughput - One instance of logstash and one instance of ElasticSearch with filebeat 9/22/2017 39
DOTNET CORE APP - We used a dotnetcore application to generate logs - Serilog to generate into json format and stored on file - Filebeat was installed on the linux machine to ship the logs to logstash 9/22/2017 40
PERFORMANCE ELASTIC - 250 logs item per second for 30 minutes 9/22/2017 41
OVERVIEW 9/22/2017 42
LOGSTASH 9/22/2017 43
ELASTIC SEARCH RUN TWO - 1000 logs per second, run for 30 minutes 9/22/2017 44
PERFORMANCE 9/22/2017 45
OTHER DESIGNS 9/22/2017 46
WHAT WE ARE GOING WITH FOR NOW, UNTIL….. 9/22/2017 47
CONSIDERATIONS OF DATA - Index by day make sense in some cases - In other you may want to index by size rather (Black Friday more traffic than other days) when Shards are not balance ElasticSearch doesn’t like that - Don’t index everything, if you are not going to search on specific fields mark them as text 9/22/2017 48
FUTURE CONSIDERATIONS - Investigate into Elastic Search Machine learning - ElasticSearch with Kafka for cross data center replication 9/22/2017 49
THANK YOU & OPEN TO QUESTIONS - Questions??? - Contact: Taswar@gmail.com - Blog: http://Taswar.zeytinsoft.com - Twitter: @taswarbhatti - LinkedIn (find me and add me) 9/22/2017 50

Empfohlen

Serverless data lake architecture
Serverless data lake architectureServerless data lake architecture
Serverless data lake architectureMaik Wiesmüller
 
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAApache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAAdam Doyle
 
Your data layer - Choosing the right database solutions for the future
Your data layer - Choosing the right database solutions for the futureYour data layer - Choosing the right database solutions for the future
Your data layer - Choosing the right database solutions for the futureObjectRocket
 
Expert Roundtable: The Future of Metadata After Hive Metastore
Expert Roundtable: The Future of Metadata After Hive MetastoreExpert Roundtable: The Future of Metadata After Hive Metastore
Expert Roundtable: The Future of Metadata After Hive MetastorelakeFS
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introductionHossein Shemshadi
 
Presto Summit 2018 - 09 - Netflix Iceberg
Presto Summit 2018 - 09 - Netflix IcebergPresto Summit 2018 - 09 - Netflix Iceberg
Presto Summit 2018 - 09 - Netflix Icebergkbajda
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 

Empfohlen

Serverless data lake architecture
Serverless data lake architectureServerless data lake architecture
Serverless data lake architectureMaik Wiesmüller
 
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAApache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAAdam Doyle
 
Your data layer - Choosing the right database solutions for the future
Your data layer - Choosing the right database solutions for the futureYour data layer - Choosing the right database solutions for the future
Your data layer - Choosing the right database solutions for the futureObjectRocket
 
Expert Roundtable: The Future of Metadata After Hive Metastore
Expert Roundtable: The Future of Metadata After Hive MetastoreExpert Roundtable: The Future of Metadata After Hive Metastore
Expert Roundtable: The Future of Metadata After Hive MetastorelakeFS
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introductionHossein Shemshadi
 
Presto Summit 2018 - 09 - Netflix Iceberg
Presto Summit 2018 - 09 - Netflix IcebergPresto Summit 2018 - 09 - Netflix Iceberg
Presto Summit 2018 - 09 - Netflix Icebergkbajda
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
Building an open data platform with apache iceberg
Building an open data platform with apache icebergBuilding an open data platform with apache iceberg
Building an open data platform with apache icebergAlluxio, Inc.
 
Scaling ELK Stack - DevOpsDays Singapore
Scaling ELK Stack - DevOpsDays SingaporeScaling ELK Stack - DevOpsDays Singapore
Scaling ELK Stack - DevOpsDays SingaporeAngad Singh
 
Presto Summit 2018 - 08 - FINRA
Presto Summit 2018 - 08 - FINRAPresto Summit 2018 - 08 - FINRA
Presto Summit 2018 - 08 - FINRAkbajda
 
Visualizing Austin's data with Elasticsearch and Kibana
Visualizing Austin's data with Elasticsearch and KibanaVisualizing Austin's data with Elasticsearch and Kibana
Visualizing Austin's data with Elasticsearch and KibanaObjectRocket
 
Hugfr SPARK & RIAK -20160114_hug_france
Hugfr SPARK & RIAK -20160114_hug_franceHugfr SPARK & RIAK -20160114_hug_france
Hugfr SPARK & RIAK -20160114_hug_franceModern Data Stack France
 
Release webinar: Sansa and Ontario
Release webinar: Sansa and OntarioRelease webinar: Sansa and Ontario
Release webinar: Sansa and OntarioBigData_Europe
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELKManuj Aggarwal
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
 
So we all have ORCID integrations, now what?
So we all have ORCID integrations, now what?So we all have ORCID integrations, now what?
So we all have ORCID integrations, now what?Bram Luyten
 
Presto talk @ Global AI conference 2018 Boston
Presto talk @ Global AI conference 2018 BostonPresto talk @ Global AI conference 2018 Boston
Presto talk @ Global AI conference 2018 Bostonkbajda
 
NATE-Central-Log
NATE-Central-LogNATE-Central-Log
NATE-Central-LogStefan Coetzee
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackSylvain Wallez
 
Introduction to basic data analytics tools
Introduction to basic data analytics toolsIntroduction to basic data analytics tools
Introduction to basic data analytics toolsNascenia IT
 
Alexander Pavlenko, Java Software Engineer, DataArt.
Alexander Pavlenko, Java Software Engineer, DataArt.Alexander Pavlenko, Java Software Engineer, DataArt.
Alexander Pavlenko, Java Software Engineer, DataArt.Alina Vilk
 
Druid meetup @ Netflix (11/14/2018 )
Druid meetup @ Netflix (11/14/2018 )Druid meetup @ Netflix (11/14/2018 )
Druid meetup @ Netflix (11/14/2018 )Jaebin Yoon
 
MongoDB for Spatio-Behavioral Data Analysis and Visualization
MongoDB for Spatio-Behavioral Data Analysis and VisualizationMongoDB for Spatio-Behavioral Data Analysis and Visualization
MongoDB for Spatio-Behavioral Data Analysis and VisualizationMongoDB
 
Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Karanjeet Singh
 
Open source log analytics
Open source log analyticsOpen source log analytics
Open source log analyticsVinod Nayal
 
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...4Science
 
Ruby on Rails with Active Record
Ruby on Rails with Active RecordRuby on Rails with Active Record
Ruby on Rails with Active RecordBurak ince
 
Intro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiIntro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiTaswar Bhatti
 
Framework for IoT Interoperability
Framework for IoT InteroperabilityFramework for IoT Interoperability
Framework for IoT InteroperabilitySamsung Open Source Group
 

Weitere ähnliche Inhalte

Was ist angesagt?

Building an open data platform with apache iceberg
Building an open data platform with apache icebergBuilding an open data platform with apache iceberg
Building an open data platform with apache icebergAlluxio, Inc.
 
Scaling ELK Stack - DevOpsDays Singapore
Scaling ELK Stack - DevOpsDays SingaporeScaling ELK Stack - DevOpsDays Singapore
Scaling ELK Stack - DevOpsDays SingaporeAngad Singh
 
Presto Summit 2018 - 08 - FINRA
Presto Summit 2018 - 08 - FINRAPresto Summit 2018 - 08 - FINRA
Presto Summit 2018 - 08 - FINRAkbajda
 
Visualizing Austin's data with Elasticsearch and Kibana
Visualizing Austin's data with Elasticsearch and KibanaVisualizing Austin's data with Elasticsearch and Kibana
Visualizing Austin's data with Elasticsearch and KibanaObjectRocket
 
Release webinar: Sansa and Ontario
Release webinar: Sansa and OntarioRelease webinar: Sansa and Ontario
Release webinar: Sansa and OntarioBigData_Europe
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
 
So we all have ORCID integrations, now what?
So we all have ORCID integrations, now what?So we all have ORCID integrations, now what?
So we all have ORCID integrations, now what?Bram Luyten
 
Presto talk @ Global AI conference 2018 Boston
Presto talk @ Global AI conference 2018 BostonPresto talk @ Global AI conference 2018 Boston
Presto talk @ Global AI conference 2018 Bostonkbajda
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackSylvain Wallez
 
Introduction to basic data analytics tools
Introduction to basic data analytics toolsIntroduction to basic data analytics tools
Introduction to basic data analytics toolsNascenia IT
 
Alexander Pavlenko, Java Software Engineer, DataArt.
Alexander Pavlenko, Java Software Engineer, DataArt.Alexander Pavlenko, Java Software Engineer, DataArt.
Alexander Pavlenko, Java Software Engineer, DataArt.Alina Vilk
 
Druid meetup @ Netflix (11/14/2018 )
Druid meetup @ Netflix (11/14/2018 )Druid meetup @ Netflix (11/14/2018 )
Druid meetup @ Netflix (11/14/2018 )Jaebin Yoon
 
MongoDB for Spatio-Behavioral Data Analysis and Visualization
MongoDB for Spatio-Behavioral Data Analysis and VisualizationMongoDB for Spatio-Behavioral Data Analysis and Visualization
MongoDB for Spatio-Behavioral Data Analysis and VisualizationMongoDB
 
Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Karanjeet Singh
 
Open source log analytics
Open source log analyticsOpen source log analytics
Open source log analyticsVinod Nayal
 
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...4Science
 
Ruby on Rails with Active Record
Ruby on Rails with Active RecordRuby on Rails with Active Record
Ruby on Rails with Active RecordBurak ince
 

Was ist angesagt? (20)

Building an open data platform with apache iceberg
Building an open data platform with apache icebergBuilding an open data platform with apache iceberg
Building an open data platform with apache iceberg
 
Scaling ELK Stack - DevOpsDays Singapore
Scaling ELK Stack - DevOpsDays SingaporeScaling ELK Stack - DevOpsDays Singapore
Scaling ELK Stack - DevOpsDays Singapore
 
Presto Summit 2018 - 08 - FINRA
Presto Summit 2018 - 08 - FINRAPresto Summit 2018 - 08 - FINRA
Presto Summit 2018 - 08 - FINRA
 
Visualizing Austin's data with Elasticsearch and Kibana
Visualizing Austin's data with Elasticsearch and KibanaVisualizing Austin's data with Elasticsearch and Kibana
Visualizing Austin's data with Elasticsearch and Kibana
 
Hugfr SPARK & RIAK -20160114_hug_france
Hugfr SPARK & RIAK -20160114_hug_franceHugfr SPARK & RIAK -20160114_hug_france
Hugfr SPARK & RIAK -20160114_hug_france
 
Release webinar: Sansa and Ontario
Release webinar: Sansa and OntarioRelease webinar: Sansa and Ontario
Release webinar: Sansa and Ontario
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
 
So we all have ORCID integrations, now what?
So we all have ORCID integrations, now what?So we all have ORCID integrations, now what?
So we all have ORCID integrations, now what?
 
Presto talk @ Global AI conference 2018 Boston
Presto talk @ Global AI conference 2018 BostonPresto talk @ Global AI conference 2018 Boston
Presto talk @ Global AI conference 2018 Boston
 
NATE-Central-Log
NATE-Central-LogNATE-Central-Log
NATE-Central-Log
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stack
 
Introduction to basic data analytics tools
Introduction to basic data analytics toolsIntroduction to basic data analytics tools
Introduction to basic data analytics tools
 
Alexander Pavlenko, Java Software Engineer, DataArt.
Alexander Pavlenko, Java Software Engineer, DataArt.Alexander Pavlenko, Java Software Engineer, DataArt.
Alexander Pavlenko, Java Software Engineer, DataArt.
 
Druid meetup @ Netflix (11/14/2018 )
Druid meetup @ Netflix (11/14/2018 )Druid meetup @ Netflix (11/14/2018 )
Druid meetup @ Netflix (11/14/2018 )
 
MongoDB for Spatio-Behavioral Data Analysis and Visualization
MongoDB for Spatio-Behavioral Data Analysis and VisualizationMongoDB for Spatio-Behavioral Data Analysis and Visualization
MongoDB for Spatio-Behavioral Data Analysis and Visualization
 
Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017Sparkler Presentation for Spark Summit East 2017
Sparkler Presentation for Spark Summit East 2017
 
Open source log analytics
Open source log analyticsOpen source log analytics
Open source log analytics
 
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...
Extending DSpace 7: DSpace-CRIS and DSpace-GLAM for empowered repositories an...
 
Ruby on Rails with Active Record
Ruby on Rails with Active RecordRuby on Rails with Active Record
Ruby on Rails with Active Record
 

Ähnlich wie 2 Million Audit Logs to Elasticsearch Daily

Intro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiIntro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiTaswar Bhatti
 
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botifyapidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botifyapidays
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaObjectRocket
 
Exploring MongoDB & Elasticsearch: Better Together
Exploring MongoDB & Elasticsearch: Better TogetherExploring MongoDB & Elasticsearch: Better Together
Exploring MongoDB & Elasticsearch: Better TogetherObjectRocket
 
Cytoscape: Now and Future
Cytoscape: Now and FutureCytoscape: Now and Future
Cytoscape: Now and FutureKeiichiro Ono
 
Alluxio Mesos Meetup - SMACK to SMAACK
Alluxio Mesos Meetup - SMACK to SMAACKAlluxio Mesos Meetup - SMACK to SMAACK
Alluxio Mesos Meetup - SMACK to SMAACKAlluxio, Inc.
 
Zenko @Cloud Native Foundation London Meetup March 6th 2018
Zenko @Cloud Native Foundation London Meetup March 6th 2018Zenko @Cloud Native Foundation London Meetup March 6th 2018
Zenko @Cloud Native Foundation London Meetup March 6th 2018Laure Vergeron
 
What's New in Cytoscape
What's New in CytoscapeWhat's New in Cytoscape
What's New in CytoscapeKeiichiro Ono
 
Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...
Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...
Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...Spark Summit
 
SDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford Consortium
SDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford ConsortiumSDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford Consortium
SDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford ConsortiumKeiichiro Ono
 
BDE SC3.3 Workshop - BDE Platform: Technical overview
BDE SC3.3 Workshop - BDE Platform: Technical overview BDE SC3.3 Workshop - BDE Platform: Technical overview
BDE SC3.3 Workshop - BDE Platform: Technical overviewBigData_Europe
 
Apricot2017 Request tracing in distributed environment
Apricot2017 Request tracing in distributed environmentApricot2017 Request tracing in distributed environment
Apricot2017 Request tracing in distributed environmentHieu LE ☁
 
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...Spark Summit
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
What to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformWhat to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformMario Juric
 
Logging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed EnvironmentLogging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed EnvironmentAPNIC
 
Whowas: History of resources at APNIC
Whowas: History of resources at APNICWhowas: History of resources at APNIC
Whowas: History of resources at APNICAPNIC
 

Ähnlich wie 2 Million Audit Logs to Elasticsearch Daily (20)

Intro elasticsearch taswarbhatti
Intro elasticsearch taswarbhattiIntro elasticsearch taswarbhatti
Intro elasticsearch taswarbhatti
 
Framework for IoT Interoperability
Framework for IoT InteroperabilityFramework for IoT Interoperability
Framework for IoT Interoperability
 
DBONE
DBONEDBONE
DBONE
 
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botifyapidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and Kibana
 
Exploring MongoDB & Elasticsearch: Better Together
Exploring MongoDB & Elasticsearch: Better TogetherExploring MongoDB & Elasticsearch: Better Together
Exploring MongoDB & Elasticsearch: Better Together
 
Cytoscape: Now and Future
Cytoscape: Now and FutureCytoscape: Now and Future
Cytoscape: Now and Future
 
Alluxio Mesos Meetup - SMACK to SMAACK
Alluxio Mesos Meetup - SMACK to SMAACKAlluxio Mesos Meetup - SMACK to SMAACK
Alluxio Mesos Meetup - SMACK to SMAACK
 
Zenko @Cloud Native Foundation London Meetup March 6th 2018
Zenko @Cloud Native Foundation London Meetup March 6th 2018Zenko @Cloud Native Foundation London Meetup March 6th 2018
Zenko @Cloud Native Foundation London Meetup March 6th 2018
 
What's New in Cytoscape
What's New in CytoscapeWhat's New in Cytoscape
What's New in Cytoscape
 
Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...
Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...
Using Pluggable Apache Spark SQL Filters to Help GridPocket Users Keep Up wit...
 
SDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford Consortium
SDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford ConsortiumSDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford Consortium
SDCSB CYTOSCAPE AND NETWORK ANALYSIS WORKSHOP at Sanford Consortium
 
BDE SC3.3 Workshop - BDE Platform: Technical overview
BDE SC3.3 Workshop - BDE Platform: Technical overview BDE SC3.3 Workshop - BDE Platform: Technical overview
BDE SC3.3 Workshop - BDE Platform: Technical overview
 
Apricot2017 Request tracing in distributed environment
Apricot2017 Request tracing in distributed environmentApricot2017 Request tracing in distributed environment
Apricot2017 Request tracing in distributed environment
 
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
Powering Predictive Mapping at Scale with Spark, Kafka, and Elastic Search: S...
 
Big Data project
Big Data projectBig Data project
Big Data project
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
 
What to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformWhat to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science Platform
 
Logging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed EnvironmentLogging/Request Tracing in Distributed Environment
Logging/Request Tracing in Distributed Environment
 
Whowas: History of resources at APNIC
Whowas: History of resources at APNICWhowas: History of resources at APNIC
Whowas: History of resources at APNIC
 

Mehr von Taswar Bhatti

Get productive with python Visual Studio 2019
Get productive with python Visual Studio 2019Get productive with python Visual Studio 2019
Get productive with python Visual Studio 2019Taswar Bhatti
 
Nodejsvault austin2019
Nodejsvault austin2019Nodejsvault austin2019
Nodejsvault austin2019Taswar Bhatti
 
Cloud patterns forwardjs April Ottawa 2019
Cloud patterns forwardjs April Ottawa 2019Cloud patterns forwardjs April Ottawa 2019
Cloud patterns forwardjs April Ottawa 2019Taswar Bhatti
 
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to know
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to knowMicrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to know
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to knowTaswar Bhatti
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018Taswar Bhatti
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsTaswar Bhatti
 
Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsTaswar Bhatti
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
Cloud patterns at Carleton University
Cloud patterns at Carleton UniversityCloud patterns at Carleton University
Cloud patterns at Carleton UniversityTaswar Bhatti
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design PatternsTaswar Bhatti
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedTaswar Bhatti
 
An introduction to Microsoft Bot Framework
An introduction to Microsoft Bot FrameworkAn introduction to Microsoft Bot Framework
An introduction to Microsoft Bot FrameworkTaswar Bhatti
 
Dev days 1 Introduction to Xamarin Taswar Bhatti
Dev days 1 Introduction to Xamarin Taswar BhattiDev days 1 Introduction to Xamarin Taswar Bhatti
Dev days 1 Introduction to Xamarin Taswar BhattiTaswar Bhatti
 
Xamarin forms introduction by Taswar Bhatti and Ahmed Assad
Xamarin forms introduction by Taswar Bhatti and Ahmed AssadXamarin forms introduction by Taswar Bhatti and Ahmed Assad
Xamarin forms introduction by Taswar Bhatti and Ahmed AssadTaswar Bhatti
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET DevelopersTaswar Bhatti
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET DevelopersTaswar Bhatti
 
Akka.Net Ottawa .NET User Group Meetup
Akka.Net Ottawa .NET User Group Meetup Akka.Net Ottawa .NET User Group Meetup
Akka.Net Ottawa .NET User Group Meetup Taswar Bhatti
 

Mehr von Taswar Bhatti (18)

Get productive with python Visual Studio 2019
Get productive with python Visual Studio 2019Get productive with python Visual Studio 2019
Get productive with python Visual Studio 2019
 
Nodejsvault austin2019
Nodejsvault austin2019Nodejsvault austin2019
Nodejsvault austin2019
 
Cloud patterns forwardjs April Ottawa 2019
Cloud patterns forwardjs April Ottawa 2019Cloud patterns forwardjs April Ottawa 2019
Cloud patterns forwardjs April Ottawa 2019
 
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to know
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to knowMicrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to know
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to know
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
 
Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs Secrets
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
Cloud patterns at Carleton University
Cloud patterns at Carleton UniversityCloud patterns at Carleton University
Cloud patterns at Carleton University
 
Cloud Design Patterns
Cloud Design PatternsCloud Design Patterns
Cloud Design Patterns
 
Devteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystifiedDevteach 2017 OAuth and Open id connect demystified
Devteach 2017 OAuth and Open id connect demystified
 
An introduction to Microsoft Bot Framework
An introduction to Microsoft Bot FrameworkAn introduction to Microsoft Bot Framework
An introduction to Microsoft Bot Framework
 
Dev days 1 Introduction to Xamarin Taswar Bhatti
Dev days 1 Introduction to Xamarin Taswar BhattiDev days 1 Introduction to Xamarin Taswar Bhatti
Dev days 1 Introduction to Xamarin Taswar Bhatti
 
Xamarin forms introduction by Taswar Bhatti and Ahmed Assad
Xamarin forms introduction by Taswar Bhatti and Ahmed AssadXamarin forms introduction by Taswar Bhatti and Ahmed Assad
Xamarin forms introduction by Taswar Bhatti and Ahmed Assad
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
 
Docker for .NET Developers
Docker for .NET DevelopersDocker for .NET Developers
Docker for .NET Developers
 
Akka.Net Ottawa .NET User Group Meetup
Akka.Net Ottawa .NET User Group Meetup Akka.Net Ottawa .NET User Group Meetup
Akka.Net Ottawa .NET User Group Meetup
 

Kürzlich hochgeladen

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 

Kürzlich hochgeladen (20)

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 

2 Million Audit Logs to Elasticsearch Daily

  • 1. STORE 2 MILLION OF AUDIT LOGS A DAY INTO ELASTICSEARCH Taswar Bhatti (Microsoft MVP) GEMALTO @taswarbhatti http://taswar.zeytinsoft.co m taswar@gmail.com
  • 2. WHO AM I? - 4 years Microsoft MVP - 17 years in software industry - Currently working as System Architect in Enterprise Security Space (Gemalto) - You may not have heard of Gemalto but 1/3 of the world population uses Gemalto they just dont know it - Gemalto has stacks build in many environnent .NET, Java, Node, Lua, Python, mobile (Android, IOS), ebanking etc 9/22/2017 2
  • 3. AGENDA - Problem we had and wanted to solve with Elastic Stack - Intro to Elastic Stack (Ecosystem) - Logstash - Kibana - Beats - Elastic Search flows designs that we have considered - Future plans of using Elastic Search 9/22/2017 3
  • 4. QUESTION & POLL - How many of you are using Elastic or some other logging solution? - How do you normally log? Where do you log? - Do you log in Relational Database? 9/22/2017 4
  • 5. HOW DO YOU TROUBLESHOOT OR FIND YOUR BUGS - Typically in a distributed environment one has to go through the logs to find out where the issue is - Could be multiple systems that you have to go through which machine/server generated the log or monitoring multiple logs - Even monitor firewall logs to find traffic routing through which data center - Chuck Norris never troubleshoot; the trouble kills themselves when they see him coming 9/22/2017 5
  • 7. OUR PROBLEM - We had distributed systems (microservices) that would generate many different types of logs, in different data centers - We also had authentication audit logs that had to be secure and stored for 1 year - We generate around 2 millions records of audit logs a day, 4TB with replications - We need to generate reports out of our data for customers - We were still using Monolith Solution in some core parts of the application - Growing pains of a successful application - We want to use a centralized scalable logging system for all our9/22/2017 7
  • 8. FINDING BUGS THROUGH LOGS 9/22/2017 8
  • 9. A LITTLE HISTORY OF ELASTICSEARCH - Shay Banon created Compass in 2004 - Released Elastic Search 1.0 in 2010 - ElasticSearch the company was formed in 2012 - Shay wife is still waiting for her receipe app 9/22/2017 9
  • 12. ELASTICSEARCH - Written in Java backed by Lucene - Schema free, REST & JSON based document store - Search Engine - Distributed, Horizontally Scalable - No database storage, storage is Lucene - Apache 2.0 License 9/22/2017 12
  • 13. COMPANIES USING ELASTIC STACK 9/22/2017 13
  • 14. ELASTICSEARCH INDICES - Elastic organizes document in indices - Lucene writes and maintains the index files - ElasticSearch writes and maintains metadata on top of Lucene - Example: field mappings, index settings and other cluster metadata 9/22/2017 14
  • 16. ELASTIC CONCEPTS - Cluster : A cluster is a collection of one or more nodes (servers) - Node : A node is a single server that is part of your cluster, stores your data, and participates in the cluster’s indexing and search capabilities - Index : An index is a collection of documents that have somewhat similar characteristics. (e.g Product, Customer, etc) - Type : Within an index, you can define one or more types. A type is a logical category/partition of your index. - Document : A document is a basic unit of information that can be indexed - Shard/Replica: Index divided into multiple pieces called shards, replicas are copy of your shards9/22/2017 16
  • 17. ELASTIC NODES - Master Node : which controls the cluster - Data Node : Data nodes hold data and perform data related operations such as CRUD, search, and aggregations. - Ingest Node : Ingest nodes are able to apply an ingest pipeline to a document in order to transform and enrich the document before indexing - Coordinating Node : only route requests, handle the search reduce phase, and distribute bulk indexing. 9/22/2017 17
  • 18. SAMPLE JSON DOCUMENT HTTP CALL JSON DOCUMENT 9/22/2017 18
  • 20. TYPICAL CLUSTER SHARD & REPLICA 9/22/2017 20
  • 21. SHARD SEARCH AND INDEX 9/22/2017 21
  • 23. LOGSTASH - Ruby application runs under JRuby on the JVM - Collects, parse, enrich data - Horizontally scalable - Apache 2.0 License - Large amount of public plugins written by Community https://github.com/logstash- plugins 9/22/2017 23
  • 24. TYPICAL USAGE OF LOGSTASH 9/22/2017 24
  • 31. BEATS - Lightweight shippers written in Golang (Non JVM shops can use them) - They follow unix philosophy; do one specific thing, and do it well - Filebeat : Logfile (think of it tail –f on steroids) - Metricbeat : CPU, Memory (like top), redis, mongodb usage - Packetbeat : Wireshark uses libpcap, monitoring packet http etc - Winlogbeat : Windows event logs to elastic - Dockbeat : Monitoring docker - Large community lots of other beats offered as opensource 9/22/2017 31
  • 34. X-PACK - Elastic commercial offering (This is one of the ways they make money) - X-Pack is an Elastic Stack extension that bundles - Security (https to elastic, password to access Kibana) - Alerting - Monitoring - Reporting - Graph capabilities - Machine Learning 9/22/2017 34
  • 36. KIBANA - Visual Application for Elastic Search (JS, Angular, D3) - Powerful frontend for dashboard for visualizing index information from elastic search - Historical data to form charts, graphs etc - Realtime search for index information 9/22/2017 36
  • 39. DESIGNS WE WENT THROUGH - We started with simple design to measure throughput - One instance of logstash and one instance of ElasticSearch with filebeat 9/22/2017 39
  • 40. DOTNET CORE APP - We used a dotnetcore application to generate logs - Serilog to generate into json format and stored on file - Filebeat was installed on the linux machine to ship the logs to logstash 9/22/2017 40
  • 41. PERFORMANCE ELASTIC - 250 logs item per second for 30 minutes 9/22/2017 41
  • 44. ELASTIC SEARCH RUN TWO - 1000 logs per second, run for 30 minutes 9/22/2017 44
  • 47. WHAT WE ARE GOING WITH FOR NOW, UNTIL….. 9/22/2017 47
  • 48. CONSIDERATIONS OF DATA - Index by day make sense in some cases - In other you may want to index by size rather (Black Friday more traffic than other days) when Shards are not balance ElasticSearch doesn’t like that - Don’t index everything, if you are not going to search on specific fields mark them as text 9/22/2017 48
  • 49. FUTURE CONSIDERATIONS - Investigate into Elastic Search Machine learning - ElasticSearch with Kafka for cross data center replication 9/22/2017 49
  • 50. THANK YOU & OPEN TO QUESTIONS - Questions??? - Contact: Taswar@gmail.com - Blog: http://Taswar.zeytinsoft.com - Twitter: @taswarbhatti - LinkedIn (find me and add me) 9/22/2017 50