18. elasticsearch
ES distributed restful search and analytics engine
ES build on top of apache lucene
ES distributed, highly available
ES document oriented, schema free
ES restfull api
24. kibana 3
kibana: HTML + JavaScript
kibana: analytics and search interface to timestamped data sets stored in
ElasticSearch
kibana: browser connects directly to
ElasticSearch
Internal to logstash, events are passed from each phase using internal queues. It is implemented with a 'SizedQueue' in Ruby. SizedQueue allows a bounded maximum of items in the queue such that any writes to the queue will block if the queue is full at maximum capacity.Logstash sets each queue size to 20. This means only 20 events can be pending into the next phase - this helps reduce any data loss and in general avoids logstash trying to act as a data storage system. These internal queues are not for storing messages long-term.
what kind of logs you can get (inputs), how you can transform them (filters), and where you can throw them (outputs)
listens for messages on a UDP port.It parses the messages, extracts metrics data, and periodically flushes the data to one or more pluggable backend services
listens for messages on a UDP port.It parses the messages, extracts metrics data, and periodically flushes the data to one or more pluggable backend services