SlideShare ist ein Scribd-Unternehmen logo

Logstash-Elasticsearch-Kibana

dknx01
dknx01

How to use Logstash-Elasticsearch-Kibana (ELK) for analyse your server logs

Technologie
1 von 48
Downloaden Sie, um offline zu lesen
Logstash-Elasticsearch-Kibana How to manage logs E. Witthauer November 28, 2015
Why logging • Debugging
Why logging • Debugging • Metrics
Why logging • Debugging • Metrics • Monitoring
Old style • Tail: ssh example.org > tail -f /var/log/some.log
Old style • Tail: ssh example.org > tail -f /var/log/some.log • Tools for multiple les: like multitail
Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions
Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
Better style Better all in one place with option to later analysis
The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB)
The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data
The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data K ibana - WebUI for data visualisation and analysis (node.js based)
The infrastructure 1. Read the logs and put them into a Redis-DB 2. Read from Redis-DB, lter and put into Elasticsearch
The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active
The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second)
The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second) • Check the event format if we have some index problems (e.g. wrong eld value or tag)
Setup Logstash • Install Java (1.9)
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below)
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below) • Or install the deb package and run it
Setup Redis • Install Redis from your repository system
Setup Elasticsearch • Install Java (1.9) if not done yet
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch • Or install the deb package and run it
Setup Kibana • Install Java (1.9) if not done yet
Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana
Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le
Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le • Open cong/kibana.yml in editor • Set the elasticsearch.url to point at your Elasticsearch instance (e.g. loclhost or 1270.0.1) • Run it: bin/kibana • Open url http://yourhost.com:5601
Cong Shipper For the Shipper we create a cong le: 1 input { 2 f i l e { 3 path = / var / log / apache2 /∗ access ∗. log 4 s t a r t _ p o s i t i o n = beginning 5 type = apache 6 sincedb_path = / opt /. sincedb_apache_access 7 } 8 } 9 output { 10 r e d i s { 11 host = 1 2 7 . 0 . 0 . 1 12 data_type = l i s t 13 key = l o g s t a s h 14 } 15 }
Cong Shipper explained input {...} Conguration for our input le {...} Species a le input (all apache access log les) path Path to our log les (regex) start_position We start reading the le from the beginning type adds a eld type with value apache to the output sincedb_path Path to the internal database that sores the last reading position in this le(s) output {...} Conguration for our ouput redis {...} Conguration for redis output host Redis host address data_type Specied that we store the events as a list in redis key Name of our redis list
Cong Indexer For the Shipper we create a cong le: 1 input { 2 r e d i s { 3 host = 1 2 7 . 0 . 0 . 1 4 type = r e d i s −input 5 data_type = l i s t 6 key = l o g s t a s h 7 } 8 } 9 f i l t e r { 10 i f [ path ] =~ access { ANALYSE APACHE ACCESS } 11 e l s e i f [ path ] =~ e r r o r { ANALYSE APACHE ERROR } 12 e l s e i f [ type ] == s y s l o g { ANALYSE SYSLOG } 13 e l s e i f [ type ] == auth { ANALYSE AUTH LOG } 14 } 15 output { 16 e l a s t i c s e a r c h { } 17 }
Cong Indexer explained input {...} Conguration for our input redis {...} Conguration for redis input host Redis host address type adds a eld type with value redis-list to the output data_type Specied that we store the events as a list in redis key Name of our redis list) lter {...} Our lter for the dierent events (syslog, apache error, apache access, auth) if path|type Separate lter congurations for our events (see later) output {...} Conguration for elasticsearch output elasticsearch{ } Default conguration for elasticsearch (localhost, no further conguration needed)
Cong - Indexer Apache Access Filter The Apache Access Filter: 1 mutate { 2 r e p l a c e = { type = apache_access } 3 remove_tag = [ _ g r o k p a r s e f a i l u r e ] 4 remove_field = [ tags , tag , path ] 5 } 6 grok { 7 patterns_dir = / opt / grok_patterns 8 match = { message = %{VHOSTCOMBINEDAPACHELOG} } 9 } 10 date { 11 match = [ timestamp , dd/MMM/ yyyy :HH:mm: ss Z ] 12 } 13 geoip { 14 source = c l i e n t i p 15 } 16 useragent { 17 source = agent 18 }
Cong - Indexer Apache Access Filter mutate {...} Change eld values replace Replace value of eld type with apache_access remove_tag List of tags to be removed remove_eld List of eld to be removed grok {...} Parese text and structure it pattern_dir Path to our pattern les, if we don't use the internal ones match Field and pattern for matching date {...} Analyse the timestamp eld geoip Analyse the eld clientip with geoip (city, region, ip, etc.) useragent Analyse the eld agent as browser user agent (OS, Major- and Minor-version browsername, etc.)
Cong - Indexer Apache Error Filter The Apache Access Filter: 1 grok { 2 patterns_dir = / opt / grok_patterns 3 match = { message = %{APACHERERROR} } 4 } 5 m u l t i l i n e { 6 pattern = ^PHP b( Notice | Warning | Error | Fatal )b : 7 s o u r c e = errorMessage 8 what = next 9 } 10 m u l t i l i n e { 11 pattern = ^PHP[ ]{3 ,} d+. .∗ 12 s o u r c e = errorMessage 13 what = p r e v i o u s 14 } 15 mutate { 16 r e p l a c e = { type = apache_error } 17 r e p l a c e = { message = %{errorMessage } } 18 . . . 19 } 20 geoip { 21 s o u r c e = c l i e n t I p 22 } 23 i f [ request ] == / feed { 24 drop {} 25 }
Cong - Indexer Apache Error Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching multiline{...} Detect if we have a multiline message pattern The detection pattern source The eld for detection what How to handle it (next =combine with next/previous message) mutate {...} Change eld values replace Replace value of eld type with apache_error and message with value of errorMessage geoip Analyse the eld clientip with geoip request if the eld request has the value /feed drop it, we don't need it anymore
Cong - Indexer Syslog/Auth Filter The Apache Access Filter: 1 grok { 2 match = { message = %{SYSLOGT} } 3 add_field = [ received_at , %{@timestamp} ] 4 } 5 s y s l o g _ p r i { }}
Cong - Indexer Syslog/Auth Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching add_eld add an additional eld syslog_prio {...} Handle syslog priority levels
Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch
Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch • Kibana can be used for graphs and analyses
Kibana Combined apache error entry
Kibana Access graph
Kibana Access cities, browser and devices
End That's all For more infos just search for Kibana, Logstash or Elasticsearch

Empfohlen

Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Introducing ELK
Introducing ELKIntroducing ELK
Introducing ELKAllBits BVBA (freelancer)
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Elk
Elk Elk
Elk Caleb Wang
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Edureka!
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 

Empfohlen

Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Introducing ELK
Introducing ELKIntroducing ELK
Introducing ELKAllBits BVBA (freelancer)
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Elk
Elk Elk
Elk Caleb Wang
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Edureka!
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stackAWS User Group Bengaluru
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
ELK introduction
ELK introductionELK introduction
ELK introductionWaldemar Neto
 
ELK Stack
ELK StackELK Stack
ELK StackEberhard Wolff
 
Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Marco Pas
 
Elk devops
Elk devopsElk devops
Elk devopsIdeato
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Logs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackLogs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackJosef Karásek
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Graphql usage
Graphql usageGraphql usage
Graphql usageValentin Buryakov
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELKHarshakumar Ummerpillai
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to ElasticsearchRuslan Zavacky
 
Elastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudElastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudJoe Ryan
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stackVikrant Chauhan
 
PostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized WorldPostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized WorldJignesh Shah
 
OPA APIs and Use Case Survey
OPA APIs and Use Case SurveyOPA APIs and Use Case Survey
OPA APIs and Use Case SurveyTorin Sandall
 
Database Change Management as a Service
Database Change Management as a ServiceDatabase Change Management as a Service
Database Change Management as a ServiceAndrew Solomon
 
Monitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialMonitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialTim Vaillancourt
 
Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
Fluentd unified logging layer
Fluentd unified logging layerFluentd unified logging layer
Fluentd unified logging layerKiyoto Tamura
 

Weitere ähnliche Inhalte

Was ist angesagt?

ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Marco Pas
 
Elk devops
Elk devopsElk devops
Elk devopsIdeato
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Logs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackLogs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackJosef Karásek
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to ElasticsearchRuslan Zavacky
 
Elastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudElastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudJoe Ryan
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stackVikrant Chauhan
 
PostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized WorldPostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized WorldJignesh Shah
 
OPA APIs and Use Case Survey
OPA APIs and Use Case SurveyOPA APIs and Use Case Survey
OPA APIs and Use Case SurveyTorin Sandall
 
Database Change Management as a Service
Database Change Management as a ServiceDatabase Change Management as a Service
Database Change Management as a ServiceAndrew Solomon
 
Monitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialMonitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialTim Vaillancourt
 

Was ist angesagt? (20)

Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stack
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log Management
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
 
ELK introduction
ELK introductionELK introduction
ELK introduction
 
ELK Stack
ELK StackELK Stack
ELK Stack
 
Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)
 
Elk devops
Elk devopsElk devops
Elk devops
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
 
Logs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackLogs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK Stack
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
 
Graphql usage
Graphql usageGraphql usage
Graphql usage
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
 
Introduction to Elasticsearch
Introduction to ElasticsearchIntroduction to Elasticsearch
Introduction to Elasticsearch
 
Elastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudElastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and Cloud
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & Kibana
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stack
 
PostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized WorldPostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized World
 
OPA APIs and Use Case Survey
OPA APIs and Use Case SurveyOPA APIs and Use Case Survey
OPA APIs and Use Case Survey
 
Database Change Management as a Service
Database Change Management as a ServiceDatabase Change Management as a Service
Database Change Management as a Service
 
Monitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_TutorialMonitoring_with_Prometheus_Grafana_Tutorial
Monitoring_with_Prometheus_Grafana_Tutorial
 

Ähnlich wie Logstash-Elasticsearch-Kibana

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
Fluentd unified logging layer
Fluentd unified logging layerFluentd unified logging layer
Fluentd unified logging layerKiyoto Tamura
 
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...Databricks
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
Web program-peformance-optimization
Web program-peformance-optimizationWeb program-peformance-optimization
Web program-peformance-optimizationxiaojueqq12345
 
Keeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETLKeeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETLDatabricks
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeIan Robertson
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com琛琳 饶
 
Wprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache HadoopWprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache HadoopSages
 
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIsBig Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIsMatt Stubbs
 
Introduction to meta-programming in scala
Introduction to meta-programming in scalaIntroduction to meta-programming in scala
Introduction to meta-programming in scalaAlessandro Marrella
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Airat Khisamov
 

Ähnlich wie Logstash-Elasticsearch-Kibana (20)

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with Openstack
 
Fluentd unified logging layer
Fluentd unified logging layerFluentd unified logging layer
Fluentd unified logging layer
 
LogStash in action
LogStash in actionLogStash in action
LogStash in action
 
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
 
Web program-peformance-optimization
Web program-peformance-optimizationWeb program-peformance-optimization
Web program-peformance-optimization
 
Keeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETLKeeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETL
 
Lambdas puzzler - Peter Lawrey
Lambdas puzzler - Peter LawreyLambdas puzzler - Peter Lawrey
Lambdas puzzler - Peter Lawrey
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive Code
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
 
Wprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache HadoopWprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache Hadoop
 
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIsBig Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
 
Log Aggregation
Log AggregationLog Aggregation
Log Aggregation
 
Logs management
Logs managementLogs management
Logs management
 
Introduction to meta-programming in scala
Introduction to meta-programming in scalaIntroduction to meta-programming in scala
Introduction to meta-programming in scala
 
Rack Middleware
Rack MiddlewareRack Middleware
Rack Middleware
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
 
Solr @ Etsy - Apache Lucene Eurocon
Solr @ Etsy - Apache Lucene EuroconSolr @ Etsy - Apache Lucene Eurocon
Solr @ Etsy - Apache Lucene Eurocon
 

Kürzlich hochgeladen

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Kürzlich hochgeladen (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Logstash-Elasticsearch-Kibana

  • 1. Logstash-Elasticsearch-Kibana How to manage logs E. Witthauer November 28, 2015
  • 4. Why logging • Debugging • Metrics • Monitoring
  • 5. Old style • Tail: ssh example.org > tail -f /var/log/some.log
  • 6. Old style • Tail: ssh example.org > tail -f /var/log/some.log • Tools for multiple les: like multitail
  • 7. Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions
  • 8. Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
  • 9. Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
  • 10. Better style Better all in one place with option to later analysis
  • 11. The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB)
  • 12. The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data
  • 13. The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data K ibana - WebUI for data visualisation and analysis (node.js based)
  • 14. The infrastructure 1. Read the logs and put them into a Redis-DB 2. Read from Redis-DB, lter and put into Elasticsearch
  • 15. The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active
  • 16. The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second)
  • 17. The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second) • Check the event format if we have some index problems (e.g. wrong eld value or tag)
  • 19. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash
  • 20. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le
  • 21. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below)
  • 22. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below) • Or install the deb package and run it
  • 23. Setup Redis • Install Redis from your repository system
  • 24. Setup Elasticsearch • Install Java (1.9) if not done yet
  • 25. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch
  • 26. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le
  • 27. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch
  • 28. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch • Or install the deb package and run it
  • 29. Setup Kibana • Install Java (1.9) if not done yet
  • 30. Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana
  • 31. Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le
  • 32. Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le • Open cong/kibana.yml in editor • Set the elasticsearch.url to point at your Elasticsearch instance (e.g. loclhost or 1270.0.1) • Run it: bin/kibana • Open url http://yourhost.com:5601
  • 33. Cong Shipper For the Shipper we create a cong le: 1 input { 2 f i l e { 3 path = / var / log / apache2 /∗ access ∗. log 4 s t a r t _ p o s i t i o n = beginning 5 type = apache 6 sincedb_path = / opt /. sincedb_apache_access 7 } 8 } 9 output { 10 r e d i s { 11 host = 1 2 7 . 0 . 0 . 1 12 data_type = l i s t 13 key = l o g s t a s h 14 } 15 }
  • 34. Cong Shipper explained input {...} Conguration for our input le {...} Species a le input (all apache access log les) path Path to our log les (regex) start_position We start reading the le from the beginning type adds a eld type with value apache to the output sincedb_path Path to the internal database that sores the last reading position in this le(s) output {...} Conguration for our ouput redis {...} Conguration for redis output host Redis host address data_type Specied that we store the events as a list in redis key Name of our redis list
  • 35. Cong Indexer For the Shipper we create a cong le: 1 input { 2 r e d i s { 3 host = 1 2 7 . 0 . 0 . 1 4 type = r e d i s −input 5 data_type = l i s t 6 key = l o g s t a s h 7 } 8 } 9 f i l t e r { 10 i f [ path ] =~ access { ANALYSE APACHE ACCESS } 11 e l s e i f [ path ] =~ e r r o r { ANALYSE APACHE ERROR } 12 e l s e i f [ type ] == s y s l o g { ANALYSE SYSLOG } 13 e l s e i f [ type ] == auth { ANALYSE AUTH LOG } 14 } 15 output { 16 e l a s t i c s e a r c h { } 17 }
  • 36. Cong Indexer explained input {...} Conguration for our input redis {...} Conguration for redis input host Redis host address type adds a eld type with value redis-list to the output data_type Specied that we store the events as a list in redis key Name of our redis list) lter {...} Our lter for the dierent events (syslog, apache error, apache access, auth) if path|type Separate lter congurations for our events (see later) output {...} Conguration for elasticsearch output elasticsearch{ } Default conguration for elasticsearch (localhost, no further conguration needed)
  • 37. Cong - Indexer Apache Access Filter The Apache Access Filter: 1 mutate { 2 r e p l a c e = { type = apache_access } 3 remove_tag = [ _ g r o k p a r s e f a i l u r e ] 4 remove_field = [ tags , tag , path ] 5 } 6 grok { 7 patterns_dir = / opt / grok_patterns 8 match = { message = %{VHOSTCOMBINEDAPACHELOG} } 9 } 10 date { 11 match = [ timestamp , dd/MMM/ yyyy :HH:mm: ss Z ] 12 } 13 geoip { 14 source = c l i e n t i p 15 } 16 useragent { 17 source = agent 18 }
  • 38. Cong - Indexer Apache Access Filter mutate {...} Change eld values replace Replace value of eld type with apache_access remove_tag List of tags to be removed remove_eld List of eld to be removed grok {...} Parese text and structure it pattern_dir Path to our pattern les, if we don't use the internal ones match Field and pattern for matching date {...} Analyse the timestamp eld geoip Analyse the eld clientip with geoip (city, region, ip, etc.) useragent Analyse the eld agent as browser user agent (OS, Major- and Minor-version browsername, etc.)
  • 39. Cong - Indexer Apache Error Filter The Apache Access Filter: 1 grok { 2 patterns_dir = / opt / grok_patterns 3 match = { message = %{APACHERERROR} } 4 } 5 m u l t i l i n e { 6 pattern = ^PHP b( Notice | Warning | Error | Fatal )b : 7 s o u r c e = errorMessage 8 what = next 9 } 10 m u l t i l i n e { 11 pattern = ^PHP[ ]{3 ,} d+. .∗ 12 s o u r c e = errorMessage 13 what = p r e v i o u s 14 } 15 mutate { 16 r e p l a c e = { type = apache_error } 17 r e p l a c e = { message = %{errorMessage } } 18 . . . 19 } 20 geoip { 21 s o u r c e = c l i e n t I p 22 } 23 i f [ request ] == / feed { 24 drop {} 25 }
  • 40. Cong - Indexer Apache Error Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching multiline{...} Detect if we have a multiline message pattern The detection pattern source The eld for detection what How to handle it (next =combine with next/previous message) mutate {...} Change eld values replace Replace value of eld type with apache_error and message with value of errorMessage geoip Analyse the eld clientip with geoip request if the eld request has the value /feed drop it, we don't need it anymore
  • 41. Cong - Indexer Syslog/Auth Filter The Apache Access Filter: 1 grok { 2 match = { message = %{SYSLOGT} } 3 add_field = [ received_at , %{@timestamp} ] 4 } 5 s y s l o g _ p r i { }}
  • 42. Cong - Indexer Syslog/Auth Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching add_eld add an additional eld syslog_prio {...} Handle syslog priority levels
  • 43. Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch
  • 44. Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch • Kibana can be used for graphs and analyses
  • 48. End That's all For more infos just search for Kibana, Logstash or Elasticsearch