SlideShare a Scribd company logo

ELK-Stack-Grid-KA-School.pptx

Download as PPTX, PDF
A
abenyeung1

ELK for School

Software
1 of 46
KIT – University of Baden-Württemberg and National Research Center of the Helmholtz Alliance Institute of Applied Computer Science (IAI) www.kit.edu ElasticSearch and the ELK stack for monitoring and data analysis Clemens Düpmeier (KIT / IAI)
Institute for Applied Computer Science (IAI) 2 09/09/2015 Overview Introduction to the ELK stack Use Cases Summary Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 3 09/09/2015 Elasticsearch ELK Software Stack ELK consists of three open source software products provided by the company “Elastic” (formerly Elasticsearch) E => Elasticsearch (Highly scalable search index server) L => Logstash (Tool for the collection, enrichment, filtering and forwarding of data, e.g. log data) K => Kibana (Tool for the exploration and visualization of data) Research group “ Web based Information Systems“ Logstash Log Kibana
Institute for Applied Computer Science (IAI) 4 09/09/2015 Logstash Open source software to collect, transform, filter and forward data (e.g. log data) from input sources to output sources (e.g. Elasticsearch) Implemented in JRuby and runs on a JVM (Java Virtual Machine) Simple message based architecture Extendable by plugins (e.g. input, output, filter plugins) Research group “ Web based Information Systems“
Configuration Multiple inputs of different types Forward to multiple outputs Conditionally filter and transform data; some common formats are already known
Institute for Applied Computer Science (IAI) 6 09/09/2015 Console output processing apache log files Research group “ Web based Information Systems“ Run logstash with: bin/logstash -f logstash.conf
Configuration for parsing syslog messages Input filter receives messages directly from tcp and udp ports Filter splits messages and adds fields
Institute for Applied Computer Science (IAI) 8 09/09/2015 Console output processing syslog messages Research group “ Web based Information Systems“ Run logstash with: bin/logstash -f logstash.conf
Institute for Applied Computer Science (IAI) 9 09/09/2015 Input Plugins file -> for processing files tcp, udp, unix -> reading directly from network sockets http -> for processing HTTP POST requests http_poller -> for polling HTTP services as input sources imap -> accessing and processing imap mail Different input plugins to access MOM (message queues) Rabbitmq, stomp, … Different plugins for accessing database systems jdbc, elasticsearch, … Plugins to read data from system log services and from command line syslog, eventlog, pipe, exec And more Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 10 09/09/2015 Lumberjack plugin + Logstash forwarder The “Logstash forwarder” application allows to forward input from one “data source” host to another host for processing The “Lumberjack input plugin” can then be configured to consume the messages of the “Logstash forwarder” Transfer can be secured by “security certificate” and encrypted transmission Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 11 09/09/2015 Output plugins stdout, pipe, exec -> show output on console, feed to command file -> store output in file email -> send output as email tcp, udp, websocket -> send output over network connections http -> send output as HTTP request Different plugins for sending output to database systems, index server or cloud storage elasticsearch, solr_http, mongodb, google_bigquery, google_cloud_storage, opentsdb Different output plugins to send output to MOM (message queues) Rabbitmq, stomp, … Different output plugins for forwarding messages to metrics applications graphite, graphtastic, ganglic, metriccatcher Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 12 09/09/2015 Multiple node writes The Elasticsearch output plugin can write to multiple nodes It will distribute output objects to different nodes (“load balancing”) A Logstash instance can also be part of a Elasticsearch cluster and write data through the cluster protocol Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 13 09/09/2015 Filter plugins grok -> parse and structure arbitrary text: best generic option to interpret text as (semi-)structured objects Filter for parsing different data formats csv, json, kv (key-valued paired messages), xml, … multiline -> collapse multiline messages to one logstash event split -> split multiline messages into several logstash events aggregate -> aggregate several separate message lines into one Logstash event mutate -> perform mutations of fields (rename, remove, replace, modify) dns -> lookup DNS entry for IP address geoip -> find geolocation of IP address And more Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 14 09/09/2015 grok usage example Input: 55.3.244.1 GET /index.html 15824 0.043 grok filter filter { grok { match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } } Then the output will contain fields like: client: 55.3.244.1 method: GET request: /index.html bytes: 15824 duration: 0.043 Research group “ Web based Information Systems“
Scaling and high availability
Institute for Applied Computer Science (IAI) 16 09/09/2015 Elasticsearch Server environment for storing large scale structured index entries and query them Written in Java Based on Apache Lucene Uses Lucene for index creation and management Document-oriented (structured) index entries which can (but must not) be associated with a schema Combines “full text”-oriented search options for text fields with more precise search options for other types of fields, like date + time fields, geolocation fields, etc. Near real-time search and analysis capabilities Provides Restful API as JSON over HTTP Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 17 09/09/2015 Scalability of Elasticsearch Elasticsearch can run as one integrated application on multiple nodes of a cluster Indexes are stored in Lucene instances called “Shards” which can be distributed over several nodes There a two types of “Shards” Primary Shards Replica Replicas of “Primary Shards” provide Failure tolerance and therefore protect data Make queries (search faster) faster Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 18 09/09/2015 Indexing data with Elasticsearch Send JSON documents to server, e.g. use REST API No schema necessary => ElasticSearch determines type of attributes But’s possible to explicitly specify schema, i.e. types for attributes Like string, byte, short, integer, long, float, double, boolean, date Analysis of text attributes for “full text”-oriented search Word extraction, reduction of words to their base form (stemming) Stop words Support for multiple languages Automatically generate identifier for data sets or specify them while indexing Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 19 09/09/2015 Indexing data using the REST API PUT request inserts the JSON payload into the index with name “megacorp” as object of type “employee” Schema for type can be explicitly defined (at time of index creation or automatically determined) Text field (e.g. “about”) will be analyzed if analyzers are configured for that field Request URL specifies the identifier “1” for the index entry Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 20 09/09/2015 Retrieval of a index entry A “GET” REST API call with “/megacorp/employee/1” will retrieve the entry with id 1 as JSON object Research group “ Web based Information Systems“ GET /megacorp/employee/1
GET request with “_search” at the end of the URL performs query Search results are returned in JSON response as “hits” array Further metadata specifies count of search results (“total”) and max_score Simple Query GET /megacorp/employee/_search
Simple Query with search string GET /megacorp/employee/_search?q=last_name:Smith
Institute for Applied Computer Science (IAI) 23 09/09/2015 More complex queries with Query DSL Query DSL is a JSON language for more complex queries Will be send as payload with the search request Match clause has same semantics as in simple query Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 24 09/09/2015 More complex queries with Query DSL Consist of a query and a filter part Query part matches all entries with last_name “smith” (2) Filter will then only select entries which fulfill the range filter (1) “age”: {“gt” : 30 } Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 25 09/09/2015 Some query possibilities Combined search on different attributes and different indices Many possibilities for full-text search on attribute values Exact, non-exact, proximity (phrases), partial match Support well-known logical operators (And / or, …) Range queries (i.e. date ranges) … Control relevance and ranking of search results, sort them Boost relevance while indexing Boost or ignore relevance while querying Different possibilities to sort search results otherwise Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 26 09/09/2015 More advanced features Multi-tenant Spatial data queries Search suggestions Real time aggregation of search data Statistical calculations (sums, mean value, max, min, …) Faceting By using terms Statistical calculations Classification ( Grouping by using ranges Filter rules By geographical distance … Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 27 09/09/2015 Kibana Web-based application for exploring and visualizing data Modern Browser-based interface (HTML5 + JavaScript) Ships with its own web server for easy setup Seamless integration with Elasticsearch Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 28 09/09/2015 Configure Kibana After installation first configure Kibana to access Elasticsearch server(s) Should be done by editing the Kibana config file Then use web UI to configure indexes to use Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 29 09/09/2015 Discover data Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 30 09/09/2015 Create a visualization Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 31 09/09/2015 Different types of visualizations Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 32 09/09/2015 Combine visualizations to a Dashboard Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 33 09/09/2015 USE CASES Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 34 09/09/2015 Some use cases of the ELK stack Log data management and analysis Monitor systems and / or applications and notify operators about critical events Collect and analyze other (mass) data i.e. business data for business analytics Energy management data or event data from smart grids Environmental data Use the ELK stack for search driven access to mass data in web based information systems Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 35 09/09/2015 Log data management and analysis Many different types of logs Application logs Operating system logs Network traffic logs from routers, etc. Different goals for analysis Detect errors at runtime or while testing applications Find and analyze security threats Aggregate statistical data / metrics Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 36 09/09/2015 Problems of log data analysis No centralization Log data could be everywhere on different servers and different places within the same server Accessibility Problems Logs can be difficult to find Access to server / device is often difficult for analyst High expertise for accessing logs on different platforms necessary Logs can be big and therefore difficult to copy SSH access and grep on logs doesn’t scale or reach No Consistency Structure of log entries is different for each app, system, or device Specific knowledge is necessary for interpreting different log types Variation in formats makes it challenging to search Many different types of time formats Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 37 09/09/2015 The ELK stack provides solutions Logstash allows to collect all log entries at a central place (e.g. Elasticsearch) End users don’t need to know where the log files are located Big log files will be transferred continuously in smaller chunks Log file entries can be transformed into harmonized event objects Easy access for end users via Browser based interfaces (e.g. Kibana) Elasticsearch / Kibana provide advanced functionality for analyzing and visualizing the log data Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 38 09/09/2015 Monitoring The ELK stack also provides good solutions for monitoring data and alerting users Logstash can check conditions on log file entries and even aggregated metrics And conditionally sent notification events to certain output plugins if monitoring criteria are met E.g. forward notification event to email output plugin for notifying user (e.g. operators) about the condition Forwarding notification event to a dedicated monitoring application Elasticsearch in combination with Watcher (another product of Elastic) Can instrument arbitrary Elasticsearch queries to produce alerts and notifications These queries can be run at certain time intervals When the watch condition happens, actions can be taken (sent an email or forwarding an event to another system) Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 39 09/09/2015 Log analysis examples from the Internet Logging and analyzing network traffic http://www.networkassassin.com/elk-stack-for-network- operations-reloaded/ How to Use ELK to Monitor Performance http://logz.io/blog/elk-monitor-platform-performance/ How Blueliv Uses the Elastic Stack to Combat Cyber Threats https://www.elastic.co/blog/how-blueliv-uses-the-elastic- stack-to-combat-cyber-threats Centralized System and Docker Logging with ELK Stack http://www.javacodegeeks.com/2015/05/centralized- system-and-docker-logging-with-elk-stack.html Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 40 09/09/2015 Summary The ELK stack is easy to use and has many use cases Log data management and analysis Monitor systems and / or applications and notify operators about critical events Collect and analyze other (mass) data Providing access to big data in large scale web applications Thereby solving many problems with these types of use cases compared to “hand-made”-solutions Because of its service orientation and cluster readiness it fits nicely into bigger service (microservice) oriented applications Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 41 09/09/2015 BACKUP SLIDES Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 42 09/09/2015 Search based web applications Use search engine technology as key element for data access (e.g. ElasticSearch) Available data is a mixture of unstructured semi-structured structured information coming from different sources Use Logstash and similar technologies for aggregation, normalization and classification of data And a natural language approach for data access based on ElasticSearch Queries Research group “ Web based Information Systems“ Search based environmental information portal
Institute for Applied Computer Science (IAI) 43 09/09/2015 The openTA portal: www.openta.net DfG project with partners (IAI, ITAS, KIT library) from KIT Web portal for the Network Technology Assessment (NTA) Aggregates and provides information about members, organizations news and events scientific publications Provides services and web technology (widgets) to use the aggregated information remotely Research group “ Web based Information Systems“ Homepage of openTA with aggregated news feed and calendar
Institute for Applied Computer Science (IAI) 44 09/09/2015 Search driven architecture (example openTA) Research group “ Web based Information Systems“ Search Engine (Aggregation, Analysis) Structured indices OpenTA Calendar News Service Data Services Portal Web UI Portal Service APIs Standard Functionalities (User Management, CMS, Social) Data and Service Access RSS / Atom ICalendar Pub.-Form. NTA Organization NTA Organization NTA Organization NTA Organization User User Most information will be ingested using service interfaces and crawling. Data Import / Crawler Publication Service
Institute for Applied Computer Science (IAI) 45 09/09/2015 Example: www.openta.net Research group “ Web based Information Systems“
Institute for Applied Computer Science (IAI) 46 09/09/2015 Prototype: Search with „Energie –Rohracher“ Research group “ Web based Information Systems“

Recommended

Linked data based semantic annotation using Drupal and Apache Stanbol
Linked data based semantic annotation using Drupal and Apache StanbolLinked data based semantic annotation using Drupal and Apache Stanbol
Linked data based semantic annotation using Drupal and Apache StanbolGabriel Dragomir
 
Ado.Net Data Services (Astoria)
Ado.Net Data Services (Astoria)Ado.Net Data Services (Astoria)
Ado.Net Data Services (Astoria)Igor Moochnick
 
Environment Canada's Data Management Service
Environment Canada's Data Management ServiceEnvironment Canada's Data Management Service
Environment Canada's Data Management ServiceSafe Software
 
Azure: Lessons From The Field
Azure: Lessons From The FieldAzure: Lessons From The Field
Azure: Lessons From The FieldRob Gillen
 
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyInstrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyDaniel Hochman
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Small Data in the large with Oppidum
Small Data in the large with OppidumSmall Data in the large with Oppidum
Small Data in the large with Oppidumstsire
 
Elasticsearch as a Database?
Elasticsearch as a Database?Elasticsearch as a Database?
Elasticsearch as a Database?Amazon Web Services
 

Recommended

Linked data based semantic annotation using Drupal and Apache Stanbol
Linked data based semantic annotation using Drupal and Apache StanbolLinked data based semantic annotation using Drupal and Apache Stanbol
Linked data based semantic annotation using Drupal and Apache StanbolGabriel Dragomir
 
Ado.Net Data Services (Astoria)
Ado.Net Data Services (Astoria)Ado.Net Data Services (Astoria)
Ado.Net Data Services (Astoria)Igor Moochnick
 
Environment Canada's Data Management Service
Environment Canada's Data Management ServiceEnvironment Canada's Data Management Service
Environment Canada's Data Management ServiceSafe Software
 
Azure: Lessons From The Field
Azure: Lessons From The FieldAzure: Lessons From The Field
Azure: Lessons From The FieldRob Gillen
 
Instrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyInstrumenting and Scaling Databases with Envoy
Instrumenting and Scaling Databases with EnvoyDaniel Hochman
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Small Data in the large with Oppidum
Small Data in the large with OppidumSmall Data in the large with Oppidum
Small Data in the large with Oppidumstsire
 
Elasticsearch as a Database?
Elasticsearch as a Database?Elasticsearch as a Database?
Elasticsearch as a Database?Amazon Web Services
 
Elasticsearch as a Database?
Elasticsearch as a Database?Elasticsearch as a Database?
Elasticsearch as a Database?Amazon Web Services
 
Windows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldWindows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldRob Gillen
 
Digitisation and institutional repositories 3
Digitisation and institutional repositories 3Digitisation and institutional repositories 3
Digitisation and institutional repositories 3Libsoul Technologies Pvt. Ltd.
 
Writing Continuous Applications with Structured Streaming in PySpark
Writing Continuous Applications with Structured Streaming in PySparkWriting Continuous Applications with Structured Streaming in PySpark
Writing Continuous Applications with Structured Streaming in PySparkDatabricks
 
247th ACS Meeting: The Eureka Research Workbench
247th ACS Meeting: The Eureka Research Workbench247th ACS Meeting: The Eureka Research Workbench
247th ACS Meeting: The Eureka Research WorkbenchStuart Chalk
 
ElasticSearch.pptx
ElasticSearch.pptxElasticSearch.pptx
ElasticSearch.pptxTrnHiu748002
 
How to Find a Needle in the Haystack
How to Find a Needle in the HaystackHow to Find a Needle in the Haystack
How to Find a Needle in the HaystackAdrian Stevenson
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkIJERA Editor
 
The JISC Information Environment and collection description
The JISC Information Environment and collection descriptionThe JISC Information Environment and collection description
The JISC Information Environment and collection descriptionAndy Powell
 
A Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemA Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemChris Mattmann
 
DataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementDataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementAndreas Schreiber
 
OSFair2017 Workshop | EGI applications database
OSFair2017 Workshop | EGI applications databaseOSFair2017 Workshop | EGI applications database
OSFair2017 Workshop | EGI applications databaseOpen Science Fair
 
Diminuendo! Tactics in Support of FaaS Migrations Slides
Diminuendo! Tactics in Support of FaaS Migrations SlidesDiminuendo! Tactics in Support of FaaS Migrations Slides
Diminuendo! Tactics in Support of FaaS Migrations SlidesSebastian Werner
 
CDI, Seam & RESTEasy: You haven't seen REST yet!
CDI, Seam & RESTEasy: You haven't seen REST yet!CDI, Seam & RESTEasy: You haven't seen REST yet!
CDI, Seam & RESTEasy: You haven't seen REST yet!Dan Allen
 
Leveraging Hadoop in Polyglot Architectures
Leveraging Hadoop in Polyglot ArchitecturesLeveraging Hadoop in Polyglot Architectures
Leveraging Hadoop in Polyglot ArchitecturesThanigai Vellore
 
Adcom2006 Full 6
Adcom2006 Full 6Adcom2006 Full 6
Adcom2006 Full 6umavanth
 
Presentation
PresentationPresentation
PresentationVideoguy
 
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817Ben Busby
 
Overview of RESTful web services
Overview of RESTful web servicesOverview of RESTful web services
Overview of RESTful web servicesnbuddharaju
 
Leveraging mesos as the ultimate distributed data science platform
Leveraging mesos as the ultimate distributed data science platformLeveraging mesos as the ultimate distributed data science platform
Leveraging mesos as the ultimate distributed data science platformAndy Petrella
 
ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction abenyeung1
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxabenyeung1
 

More Related Content

Similar to ELK-Stack-Grid-KA-School.pptx

Windows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldWindows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldRob Gillen
 
Writing Continuous Applications with Structured Streaming in PySpark
Writing Continuous Applications with Structured Streaming in PySparkWriting Continuous Applications with Structured Streaming in PySpark
Writing Continuous Applications with Structured Streaming in PySparkDatabricks
 
247th ACS Meeting: The Eureka Research Workbench
247th ACS Meeting: The Eureka Research Workbench247th ACS Meeting: The Eureka Research Workbench
247th ACS Meeting: The Eureka Research WorkbenchStuart Chalk
 
ElasticSearch.pptx
ElasticSearch.pptxElasticSearch.pptx
ElasticSearch.pptxTrnHiu748002
 
How to Find a Needle in the Haystack
How to Find a Needle in the HaystackHow to Find a Needle in the Haystack
How to Find a Needle in the HaystackAdrian Stevenson
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkIJERA Editor
 
The JISC Information Environment and collection description
The JISC Information Environment and collection descriptionThe JISC Information Environment and collection description
The JISC Information Environment and collection descriptionAndy Powell
 
A Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemA Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemChris Mattmann
 
DataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementDataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementAndreas Schreiber
 
OSFair2017 Workshop | EGI applications database
OSFair2017 Workshop | EGI applications databaseOSFair2017 Workshop | EGI applications database
OSFair2017 Workshop | EGI applications databaseOpen Science Fair
 
Diminuendo! Tactics in Support of FaaS Migrations Slides
Diminuendo! Tactics in Support of FaaS Migrations SlidesDiminuendo! Tactics in Support of FaaS Migrations Slides
Diminuendo! Tactics in Support of FaaS Migrations SlidesSebastian Werner
 
CDI, Seam & RESTEasy: You haven't seen REST yet!
CDI, Seam & RESTEasy: You haven't seen REST yet!CDI, Seam & RESTEasy: You haven't seen REST yet!
CDI, Seam & RESTEasy: You haven't seen REST yet!Dan Allen
 
Leveraging Hadoop in Polyglot Architectures
Leveraging Hadoop in Polyglot ArchitecturesLeveraging Hadoop in Polyglot Architectures
Leveraging Hadoop in Polyglot ArchitecturesThanigai Vellore
 
Adcom2006 Full 6
Adcom2006 Full 6Adcom2006 Full 6
Adcom2006 Full 6umavanth
 
Presentation
PresentationPresentation
PresentationVideoguy
 
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817Ben Busby
 
Overview of RESTful web services
Overview of RESTful web servicesOverview of RESTful web services
Overview of RESTful web servicesnbuddharaju
 
Leveraging mesos as the ultimate distributed data science platform
Leveraging mesos as the ultimate distributed data science platformLeveraging mesos as the ultimate distributed data science platform
Leveraging mesos as the ultimate distributed data science platformAndy Petrella
 

Similar to ELK-Stack-Grid-KA-School.pptx (20)

Elasticsearch as a Database?
Elasticsearch as a Database?Elasticsearch as a Database?
Elasticsearch as a Database?
 
Windows Azure: Lessons From The Field
Windows Azure: Lessons From The FieldWindows Azure: Lessons From The Field
Windows Azure: Lessons From The Field
 
Digitisation and institutional repositories 3
Digitisation and institutional repositories 3Digitisation and institutional repositories 3
Digitisation and institutional repositories 3
 
Writing Continuous Applications with Structured Streaming in PySpark
Writing Continuous Applications with Structured Streaming in PySparkWriting Continuous Applications with Structured Streaming in PySpark
Writing Continuous Applications with Structured Streaming in PySpark
 
247th ACS Meeting: The Eureka Research Workbench
247th ACS Meeting: The Eureka Research Workbench247th ACS Meeting: The Eureka Research Workbench
247th ACS Meeting: The Eureka Research Workbench
 
ElasticSearch.pptx
ElasticSearch.pptxElasticSearch.pptx
ElasticSearch.pptx
 
How to Find a Needle in the Haystack
How to Find a Needle in the HaystackHow to Find a Needle in the Haystack
How to Find a Needle in the Haystack
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using Splunk
 
The JISC Information Environment and collection description
The JISC Information Environment and collection descriptionThe JISC Information Environment and collection description
The JISC Information Environment and collection description
 
A Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemA Look into the Apache OODT Ecosystem
A Look into the Apache OODT Ecosystem
 
DataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data ManagementDataFinder: A Python Application for Scientific Data Management
DataFinder: A Python Application for Scientific Data Management
 
OSFair2017 Workshop | EGI applications database
OSFair2017 Workshop | EGI applications databaseOSFair2017 Workshop | EGI applications database
OSFair2017 Workshop | EGI applications database
 
Diminuendo! Tactics in Support of FaaS Migrations Slides
Diminuendo! Tactics in Support of FaaS Migrations SlidesDiminuendo! Tactics in Support of FaaS Migrations Slides
Diminuendo! Tactics in Support of FaaS Migrations Slides
 
CDI, Seam & RESTEasy: You haven't seen REST yet!
CDI, Seam & RESTEasy: You haven't seen REST yet!CDI, Seam & RESTEasy: You haven't seen REST yet!
CDI, Seam & RESTEasy: You haven't seen REST yet!
 
Leveraging Hadoop in Polyglot Architectures
Leveraging Hadoop in Polyglot ArchitecturesLeveraging Hadoop in Polyglot Architectures
Leveraging Hadoop in Polyglot Architectures
 
Adcom2006 Full 6
Adcom2006 Full 6Adcom2006 Full 6
Adcom2006 Full 6
 
Presentation
PresentationPresentation
Presentation
 
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
 
Overview of RESTful web services
Overview of RESTful web servicesOverview of RESTful web services
Overview of RESTful web services
 
Leveraging mesos as the ultimate distributed data science platform
Leveraging mesos as the ultimate distributed data science platformLeveraging mesos as the ultimate distributed data science platform
Leveraging mesos as the ultimate distributed data science platform
 

More from abenyeung1

ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction abenyeung1
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxabenyeung1
 
Why use Gitlab
Why use GitlabWhy use Gitlab
Why use Gitlababenyeung1
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloudabenyeung1
 
7130 layer-1-datasheet
7130 layer-1-datasheet7130 layer-1-datasheet
7130 layer-1-datasheetabenyeung1
 
Itt provision of wi fi network design and implementation services
Itt provision of wi fi network design and implementation servicesItt provision of wi fi network design and implementation services
Itt provision of wi fi network design and implementation servicesabenyeung1
 
Ccs 720 xp-datasheet
Ccs 720 xp-datasheetCcs 720 xp-datasheet
Ccs 720 xp-datasheetabenyeung1
 
Wifi rfp-sample1
Wifi rfp-sample1Wifi rfp-sample1
Wifi rfp-sample1abenyeung1
 

More from abenyeung1 (9)

ELK stack introduction
ELK stack introduction ELK stack introduction
ELK stack introduction
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptx
 
Why use Gitlab
Why use GitlabWhy use Gitlab
Why use Gitlab
 
HashiTalk
HashiTalkHashiTalk
HashiTalk
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloud
 
7130 layer-1-datasheet
7130 layer-1-datasheet7130 layer-1-datasheet
7130 layer-1-datasheet
 
Itt provision of wi fi network design and implementation services
Itt provision of wi fi network design and implementation servicesItt provision of wi fi network design and implementation services
Itt provision of wi fi network design and implementation services
 
Ccs 720 xp-datasheet
Ccs 720 xp-datasheetCcs 720 xp-datasheet
Ccs 720 xp-datasheet
 
Wifi rfp-sample1
Wifi rfp-sample1Wifi rfp-sample1
Wifi rfp-sample1
 

Recently uploaded

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 

Recently uploaded (20)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 

ELK-Stack-Grid-KA-School.pptx

  • 1. KIT – University of Baden-Württemberg and National Research Center of the Helmholtz Alliance Institute of Applied Computer Science (IAI) www.kit.edu ElasticSearch and the ELK stack for monitoring and data analysis Clemens Düpmeier (KIT / IAI)
  • 2. Institute for Applied Computer Science (IAI) 2 09/09/2015 Overview Introduction to the ELK stack Use Cases Summary Research group “ Web based Information Systems“
  • 3. Institute for Applied Computer Science (IAI) 3 09/09/2015 Elasticsearch ELK Software Stack ELK consists of three open source software products provided by the company “Elastic” (formerly Elasticsearch) E => Elasticsearch (Highly scalable search index server) L => Logstash (Tool for the collection, enrichment, filtering and forwarding of data, e.g. log data) K => Kibana (Tool for the exploration and visualization of data) Research group “ Web based Information Systems“ Logstash Log Kibana
  • 4. Institute for Applied Computer Science (IAI) 4 09/09/2015 Logstash Open source software to collect, transform, filter and forward data (e.g. log data) from input sources to output sources (e.g. Elasticsearch) Implemented in JRuby and runs on a JVM (Java Virtual Machine) Simple message based architecture Extendable by plugins (e.g. input, output, filter plugins) Research group “ Web based Information Systems“
  • 5. Configuration Multiple inputs of different types Forward to multiple outputs Conditionally filter and transform data; some common formats are already known
  • 6. Institute for Applied Computer Science (IAI) 6 09/09/2015 Console output processing apache log files Research group “ Web based Information Systems“ Run logstash with: bin/logstash -f logstash.conf
  • 7. Configuration for parsing syslog messages Input filter receives messages directly from tcp and udp ports Filter splits messages and adds fields
  • 8. Institute for Applied Computer Science (IAI) 8 09/09/2015 Console output processing syslog messages Research group “ Web based Information Systems“ Run logstash with: bin/logstash -f logstash.conf
  • 9. Institute for Applied Computer Science (IAI) 9 09/09/2015 Input Plugins file -> for processing files tcp, udp, unix -> reading directly from network sockets http -> for processing HTTP POST requests http_poller -> for polling HTTP services as input sources imap -> accessing and processing imap mail Different input plugins to access MOM (message queues) Rabbitmq, stomp, … Different plugins for accessing database systems jdbc, elasticsearch, … Plugins to read data from system log services and from command line syslog, eventlog, pipe, exec And more Research group “ Web based Information Systems“
  • 10. Institute for Applied Computer Science (IAI) 10 09/09/2015 Lumberjack plugin + Logstash forwarder The “Logstash forwarder” application allows to forward input from one “data source” host to another host for processing The “Lumberjack input plugin” can then be configured to consume the messages of the “Logstash forwarder” Transfer can be secured by “security certificate” and encrypted transmission Research group “ Web based Information Systems“
  • 11. Institute for Applied Computer Science (IAI) 11 09/09/2015 Output plugins stdout, pipe, exec -> show output on console, feed to command file -> store output in file email -> send output as email tcp, udp, websocket -> send output over network connections http -> send output as HTTP request Different plugins for sending output to database systems, index server or cloud storage elasticsearch, solr_http, mongodb, google_bigquery, google_cloud_storage, opentsdb Different output plugins to send output to MOM (message queues) Rabbitmq, stomp, … Different output plugins for forwarding messages to metrics applications graphite, graphtastic, ganglic, metriccatcher Research group “ Web based Information Systems“
  • 12. Institute for Applied Computer Science (IAI) 12 09/09/2015 Multiple node writes The Elasticsearch output plugin can write to multiple nodes It will distribute output objects to different nodes (“load balancing”) A Logstash instance can also be part of a Elasticsearch cluster and write data through the cluster protocol Research group “ Web based Information Systems“
  • 13. Institute for Applied Computer Science (IAI) 13 09/09/2015 Filter plugins grok -> parse and structure arbitrary text: best generic option to interpret text as (semi-)structured objects Filter for parsing different data formats csv, json, kv (key-valued paired messages), xml, … multiline -> collapse multiline messages to one logstash event split -> split multiline messages into several logstash events aggregate -> aggregate several separate message lines into one Logstash event mutate -> perform mutations of fields (rename, remove, replace, modify) dns -> lookup DNS entry for IP address geoip -> find geolocation of IP address And more Research group “ Web based Information Systems“
  • 14. Institute for Applied Computer Science (IAI) 14 09/09/2015 grok usage example Input: 55.3.244.1 GET /index.html 15824 0.043 grok filter filter { grok { match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } } Then the output will contain fields like: client: 55.3.244.1 method: GET request: /index.html bytes: 15824 duration: 0.043 Research group “ Web based Information Systems“
  • 15. Scaling and high availability
  • 16. Institute for Applied Computer Science (IAI) 16 09/09/2015 Elasticsearch Server environment for storing large scale structured index entries and query them Written in Java Based on Apache Lucene Uses Lucene for index creation and management Document-oriented (structured) index entries which can (but must not) be associated with a schema Combines “full text”-oriented search options for text fields with more precise search options for other types of fields, like date + time fields, geolocation fields, etc. Near real-time search and analysis capabilities Provides Restful API as JSON over HTTP Research group “ Web based Information Systems“
  • 17. Institute for Applied Computer Science (IAI) 17 09/09/2015 Scalability of Elasticsearch Elasticsearch can run as one integrated application on multiple nodes of a cluster Indexes are stored in Lucene instances called “Shards” which can be distributed over several nodes There a two types of “Shards” Primary Shards Replica Replicas of “Primary Shards” provide Failure tolerance and therefore protect data Make queries (search faster) faster Research group “ Web based Information Systems“
  • 18. Institute for Applied Computer Science (IAI) 18 09/09/2015 Indexing data with Elasticsearch Send JSON documents to server, e.g. use REST API No schema necessary => ElasticSearch determines type of attributes But’s possible to explicitly specify schema, i.e. types for attributes Like string, byte, short, integer, long, float, double, boolean, date Analysis of text attributes for “full text”-oriented search Word extraction, reduction of words to their base form (stemming) Stop words Support for multiple languages Automatically generate identifier for data sets or specify them while indexing Research group “ Web based Information Systems“
  • 19. Institute for Applied Computer Science (IAI) 19 09/09/2015 Indexing data using the REST API PUT request inserts the JSON payload into the index with name “megacorp” as object of type “employee” Schema for type can be explicitly defined (at time of index creation or automatically determined) Text field (e.g. “about”) will be analyzed if analyzers are configured for that field Request URL specifies the identifier “1” for the index entry Research group “ Web based Information Systems“
  • 20. Institute for Applied Computer Science (IAI) 20 09/09/2015 Retrieval of a index entry A “GET” REST API call with “/megacorp/employee/1” will retrieve the entry with id 1 as JSON object Research group “ Web based Information Systems“ GET /megacorp/employee/1
  • 21. GET request with “_search” at the end of the URL performs query Search results are returned in JSON response as “hits” array Further metadata specifies count of search results (“total”) and max_score Simple Query GET /megacorp/employee/_search
  • 22. Simple Query with search string GET /megacorp/employee/_search?q=last_name:Smith
  • 23. Institute for Applied Computer Science (IAI) 23 09/09/2015 More complex queries with Query DSL Query DSL is a JSON language for more complex queries Will be send as payload with the search request Match clause has same semantics as in simple query Research group “ Web based Information Systems“
  • 24. Institute for Applied Computer Science (IAI) 24 09/09/2015 More complex queries with Query DSL Consist of a query and a filter part Query part matches all entries with last_name “smith” (2) Filter will then only select entries which fulfill the range filter (1) “age”: {“gt” : 30 } Research group “ Web based Information Systems“
  • 25. Institute for Applied Computer Science (IAI) 25 09/09/2015 Some query possibilities Combined search on different attributes and different indices Many possibilities for full-text search on attribute values Exact, non-exact, proximity (phrases), partial match Support well-known logical operators (And / or, …) Range queries (i.e. date ranges) … Control relevance and ranking of search results, sort them Boost relevance while indexing Boost or ignore relevance while querying Different possibilities to sort search results otherwise Research group “ Web based Information Systems“
  • 26. Institute for Applied Computer Science (IAI) 26 09/09/2015 More advanced features Multi-tenant Spatial data queries Search suggestions Real time aggregation of search data Statistical calculations (sums, mean value, max, min, …) Faceting By using terms Statistical calculations Classification ( Grouping by using ranges Filter rules By geographical distance … Research group “ Web based Information Systems“
  • 27. Institute for Applied Computer Science (IAI) 27 09/09/2015 Kibana Web-based application for exploring and visualizing data Modern Browser-based interface (HTML5 + JavaScript) Ships with its own web server for easy setup Seamless integration with Elasticsearch Research group “ Web based Information Systems“
  • 28. Institute for Applied Computer Science (IAI) 28 09/09/2015 Configure Kibana After installation first configure Kibana to access Elasticsearch server(s) Should be done by editing the Kibana config file Then use web UI to configure indexes to use Research group “ Web based Information Systems“
  • 29. Institute for Applied Computer Science (IAI) 29 09/09/2015 Discover data Research group “ Web based Information Systems“
  • 30. Institute for Applied Computer Science (IAI) 30 09/09/2015 Create a visualization Research group “ Web based Information Systems“
  • 31. Institute for Applied Computer Science (IAI) 31 09/09/2015 Different types of visualizations Research group “ Web based Information Systems“
  • 32. Institute for Applied Computer Science (IAI) 32 09/09/2015 Combine visualizations to a Dashboard Research group “ Web based Information Systems“
  • 33. Institute for Applied Computer Science (IAI) 33 09/09/2015 USE CASES Research group “ Web based Information Systems“
  • 34. Institute for Applied Computer Science (IAI) 34 09/09/2015 Some use cases of the ELK stack Log data management and analysis Monitor systems and / or applications and notify operators about critical events Collect and analyze other (mass) data i.e. business data for business analytics Energy management data or event data from smart grids Environmental data Use the ELK stack for search driven access to mass data in web based information systems Research group “ Web based Information Systems“
  • 35. Institute for Applied Computer Science (IAI) 35 09/09/2015 Log data management and analysis Many different types of logs Application logs Operating system logs Network traffic logs from routers, etc. Different goals for analysis Detect errors at runtime or while testing applications Find and analyze security threats Aggregate statistical data / metrics Research group “ Web based Information Systems“
  • 36. Institute for Applied Computer Science (IAI) 36 09/09/2015 Problems of log data analysis No centralization Log data could be everywhere on different servers and different places within the same server Accessibility Problems Logs can be difficult to find Access to server / device is often difficult for analyst High expertise for accessing logs on different platforms necessary Logs can be big and therefore difficult to copy SSH access and grep on logs doesn’t scale or reach No Consistency Structure of log entries is different for each app, system, or device Specific knowledge is necessary for interpreting different log types Variation in formats makes it challenging to search Many different types of time formats Research group “ Web based Information Systems“
  • 37. Institute for Applied Computer Science (IAI) 37 09/09/2015 The ELK stack provides solutions Logstash allows to collect all log entries at a central place (e.g. Elasticsearch) End users don’t need to know where the log files are located Big log files will be transferred continuously in smaller chunks Log file entries can be transformed into harmonized event objects Easy access for end users via Browser based interfaces (e.g. Kibana) Elasticsearch / Kibana provide advanced functionality for analyzing and visualizing the log data Research group “ Web based Information Systems“
  • 38. Institute for Applied Computer Science (IAI) 38 09/09/2015 Monitoring The ELK stack also provides good solutions for monitoring data and alerting users Logstash can check conditions on log file entries and even aggregated metrics And conditionally sent notification events to certain output plugins if monitoring criteria are met E.g. forward notification event to email output plugin for notifying user (e.g. operators) about the condition Forwarding notification event to a dedicated monitoring application Elasticsearch in combination with Watcher (another product of Elastic) Can instrument arbitrary Elasticsearch queries to produce alerts and notifications These queries can be run at certain time intervals When the watch condition happens, actions can be taken (sent an email or forwarding an event to another system) Research group “ Web based Information Systems“
  • 39. Institute for Applied Computer Science (IAI) 39 09/09/2015 Log analysis examples from the Internet Logging and analyzing network traffic http://www.networkassassin.com/elk-stack-for-network- operations-reloaded/ How to Use ELK to Monitor Performance http://logz.io/blog/elk-monitor-platform-performance/ How Blueliv Uses the Elastic Stack to Combat Cyber Threats https://www.elastic.co/blog/how-blueliv-uses-the-elastic- stack-to-combat-cyber-threats Centralized System and Docker Logging with ELK Stack http://www.javacodegeeks.com/2015/05/centralized- system-and-docker-logging-with-elk-stack.html Research group “ Web based Information Systems“
  • 40. Institute for Applied Computer Science (IAI) 40 09/09/2015 Summary The ELK stack is easy to use and has many use cases Log data management and analysis Monitor systems and / or applications and notify operators about critical events Collect and analyze other (mass) data Providing access to big data in large scale web applications Thereby solving many problems with these types of use cases compared to “hand-made”-solutions Because of its service orientation and cluster readiness it fits nicely into bigger service (microservice) oriented applications Research group “ Web based Information Systems“
  • 41. Institute for Applied Computer Science (IAI) 41 09/09/2015 BACKUP SLIDES Research group “ Web based Information Systems“
  • 42. Institute for Applied Computer Science (IAI) 42 09/09/2015 Search based web applications Use search engine technology as key element for data access (e.g. ElasticSearch) Available data is a mixture of unstructured semi-structured structured information coming from different sources Use Logstash and similar technologies for aggregation, normalization and classification of data And a natural language approach for data access based on ElasticSearch Queries Research group “ Web based Information Systems“ Search based environmental information portal
  • 43. Institute for Applied Computer Science (IAI) 43 09/09/2015 The openTA portal: www.openta.net DfG project with partners (IAI, ITAS, KIT library) from KIT Web portal for the Network Technology Assessment (NTA) Aggregates and provides information about members, organizations news and events scientific publications Provides services and web technology (widgets) to use the aggregated information remotely Research group “ Web based Information Systems“ Homepage of openTA with aggregated news feed and calendar
  • 44. Institute for Applied Computer Science (IAI) 44 09/09/2015 Search driven architecture (example openTA) Research group “ Web based Information Systems“ Search Engine (Aggregation, Analysis) Structured indices OpenTA Calendar News Service Data Services Portal Web UI Portal Service APIs Standard Functionalities (User Management, CMS, Social) Data and Service Access RSS / Atom ICalendar Pub.-Form. NTA Organization NTA Organization NTA Organization NTA Organization User User Most information will be ingested using service interfaces and crawling. Data Import / Crawler Publication Service
  • 45. Institute for Applied Computer Science (IAI) 45 09/09/2015 Example: www.openta.net Research group “ Web based Information Systems“
  • 46. Institute for Applied Computer Science (IAI) 46 09/09/2015 Prototype: Search with „Energie –Rohracher“ Research group “ Web based Information Systems“