SlideShare a Scribd company logo

Log Analytics with AWS

AWS Germany
AWS Germany

Nearly everything in IT - servers, applications, websites, connected devices, and other things - generate discrete, time-stamped records of events called logs. Processing and analyzing these logs to gain actionable insights is log analytics. We'll look at how to use centralized log analytics across multiple sources with Amazon Elasticsearch Service.

Technology
1 of 46
Pop-up Loft Log Analytics with AWS Bill Baldwin DBS Technical Evangelist bbaldwin@amazon.com Pop-up Loft © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Your pager goes off at 3:00am. The servers are melting!
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You VPN in and quick check the logs Uh oh
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. If you had Amazon Elasticsearch Service
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transition from IT to DevOps Increase in IoT and Mobile Devices Cloud-based architectures Machine-generated data is growing 10x faster than business data Source: insideBigData - The Exponential Growth of Data, February 16, 2018 THE EXPLOSION OF MACHINE-GENERATED DATA
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elasticsearch Service is a fully managed service that makes it easy to deploy, manage, and scale Elasticsearch and Kibana A M A Z O N E L A S T I C S E A R C H S E R V I C E +
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. B E N E F I T S O F A MA ZO N E LA ST I C SE A R C H SE R VI C E Supports Open-Source APIs and Tools Drop-in replacement with no need to learn new APIs or skills Easy to Use Deploy a production-ready Elasticsearch cluster in minutes Scalable Resize your cluster with a few clicks or a single API call Secure Deploy into your VPC and restrict access using security groups and IAM policies Highly Available Replicate across Availability Zones, with monitoring and automated self-healing Tightly Integrated with Other AWS Services Seamless data ingestion, security, auditing and orchestration
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ELASTICSEARCH LEADING USE CASES Application Monitoring & Root-cause Analysis Security Information and Event Management (SIEM) IoT & Mobile Business & Clickstream Analytics Provides developers with a high performance, self-service operational monitoring and analytics platform Enables security practitioners to centralize and analyze events from across the entire organization Gives developers and lines of business users real-time location-aware insights into their device fleets Provides business users with a real-time view of the performance of their web content and e-commerce platforms
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application Monitoring & Root-cause Analysis C A S E S T U D Y : E XPE D I A Logs, lots and lots of logs. How to cost effectively monitor logs? Require centralized logging infrastructure Did not have the man power to manage infrastructure P R O B L E M Quick insights: Able to identify and troubleshoot issues in real-time Secure: Integrated w/ AWS IAM Scalable: Cluster sizes are able to grow to accommodate additional log sources B E N E F I T S Streaming AWS CloudTrail logs, application logs, and Docker startup logs to Elasticsearch Created centralized logging service for all team members Using Kibana for visualizations and for Elasticsearch queries S O L U T I O N © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business and Clickstream Analytics C A S E S T U D Y : FI NA NC I A L T I ME S What stories do our readers care about? What’s hot? Required a custom clickstream analytics solution Need a solution that delivers analytics in real-time Did not have a team to manage analytics infrastructure P R O B L E M B E N E F I T S Streaming user data to Amazon ES for analysis. Created their own custom dashboards for editors and journalists – Lantern. Lantern - ”shines a light” on reader activity for the editors and journalists at the FT Critical tool for making editorial decisions. Daily editorial meetings start by looking at Lantern dashboard S O L U T I O N © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Reliability : Lantern is used throughout the day by journalists and editors. Relying on Amazon to manage their systems for maximum uptime. Cost savings: Able to easily tune their cluster to meet their needs with minimal management overhead
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Software & Internet Financial ServicesEducation Technology BioTech and Pharma Media and Entertainment Social Media Telecommunications Travel & Transportation Real Estate Logistics & Operations Publishing Other A MA ZO N E LA ST I C SE A R C H SE R VI C E C UST O ME R S
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Elasticsearch is a distributed solution You run clusters of instances
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Service architecture AWS SDK AWS CLI AWS CloudFormation Elasticsearch data nodes Elasticsearch master nodes Elastic Load Balancing IAM Amazon CloudWatch AWS CloudTrail Amazon Elasticsearch Service domain
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How many instances? • The index size will be about the same as the corpus of source documents • Double this if you are deploying an index replica • Size based on storage requirements • Either local storage or up to 1.5 TB of Amazon Elastic Block Store (EBS) per instance Example: a 2 TB corpus will need 4 instances Assuming a replica and using EBS Given 1.5 TB of storage per instance, this gives 6TB of storage
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Which instance type? Instance Max Storage* Workload T2 3.5TB You want to do dev/QA M3, M4 150TB Your data and queries are “average” R3, R4 150TB You have higher request volumes, larger documents, or are using aggregations heavily C4 150TB You need to support high concurrency I2, I3 1.5 PB You have XL storage needs
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How you shard is how you scale
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Elasticsearch documents: structured JSON { "verb": "GET", "ident": "-", "bytes": 6245, "@timestamp": "1995-07-01T00:00:01", "request": "GET /history/apollo/ HTTP/1.0", "host": "199.72.81.55", "authuser": "-", "@timestamp_utc": "1995-07-01T04:00:01+00:00", "timezone": "-0400", "response": 200 } • Documents contain fields – name/value pairs • Fields can nest • Value types include text, numerics, dates, and geo objects • Field values can be single or array • When you send documents to Elasticsearch they should arrive as JSON 199.72.81.55 - - [01/Jul/1995:00:00:01 -0400] "GET /history/apollo/ HTTP/1.0" 200 6245
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Documents are the core entity ID Field: value Field: value Field: value Field: value
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ES stores documents in an index Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Indexes have primary shards Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards • Shards are the units of storage and compute in an Amazon ES domain • Each shard’s set of documents is distinct • The primary shard count is fixed at creation time • Shards are instances of Apache Lucene • Lucene creates an index for each field in each document
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Indexes have replica shards Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards • Replica shards are distributed copies of their primaries • The replica shard count is dynamic • Replica shards provide data redundancy and parallelism
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shards are distributed across instances Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards Instances • Primary and replica are distributed to different instances • Distribution is initially by shard count • Storage available limits new shard allocation as well
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shards (Lucene) store indexes on disk Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards Instances Storage
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How many shards? • Best practice: shards should be < 50GB • Divide index size by ~40GB to get initial shard count • Active shards per instance ~= vCPUs • Always use at least 1 replica for production! Example: 2 TB corpus will need 50 primary shards 2,000 GB / 40GB per shard = 50 shards
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data pattern Amazon ES cluster logs_01.21.2018 logs_01.22.2018 logs_01.23.2018 logs_01.24.2018 logs_01.25.2018 logs_01.26.2018 logs_01.27.2018 Shard 1 Shard 2 Shard 3 host request verb status timestamp etc. Each index has multiple shards Each shard contains a set of documents Each document contains a set of fields and values One index per day
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Load data into Amazon ES
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The components of ingestion Data source Collect Transform Buffer Deliver
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS-Centric solutions Amazon Kinesis Firehose Amazon CloudWatch Logs Logstash AWS IoT Elasticsearch data nodes Elasticsearch master nodes Kibana Data Producers Buffer/ Transform/ Deliver Amazon ES Cluster Analytics UI
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Lambda architectures Files S3 Events Amazon S3 AWS Lambda Function DynamoDB streams Amazon DynamoDB Table AWS Lambda Function Amazon Elasticsearch Service Amazon KinesisData Producers AWS Lambda Function
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kinesis Firehose delivery architecture • For public access domains • Easily transform data • Serverless with built-in batching, index rollover, error handling S3 bucket source records data source source records Amazon Elasticsearch Service Firehose delivery stream transformed records delivery failure Data transformation function transformation failure
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Secure your data • Pub l i c – IA M • Pr i v ate – e ndp o i nt • E nc r yp ti o n
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use IAM for public endpoints { "Version": "2012-10-17", "Statement": [ { "Effect":... "Principal": ... "Action": [...], "Resource": ..., "Condition": ... } ] } • Effect: Allow or Deny • Principal: AWS account ID • Action • HTTP verbs • Service actions • Resource: Amazon ES domain/index • Condition: IP Address
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use security groups for private endpoints • Private networking between your VPC and Amazon Elasticsearch Service • Traffic does not traverse the public internet • Use IAM security groups for authentication and access control VPC subnet security group VPC subnet security group Amazon Elasticsearch Service Data Master Data Master IAM IAM Availability Zone B Availability Zone A
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypt your data Elasticsearch data nodes Elasticsearch master nodes AWSKMS • Use your own KMS keys • Encrypted data at rest on Amazon ES instances • Encrypted automatic snapshots
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make your domain more stable
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use dedicated masters Amazon ES cluster Dedicated master nodes: cluster state Data nodes: queries and updates
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Master node recommendations Number of data nodes Master node instance type < 10 m3.medium+ < 20 m4.large+ <= 50 c4.xlarge+ 50-100 c4.2xlarge+ • In production, always use an odd number of masters, >= 3 • Use fewer, smaller than data nodes
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use zone awareness Amazon ES cluster Availability Zone 1 Availability Zone 2
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch Alarms Name Metric Threshold Periods ClusterStatus.red Maximum >= 1 1 ClusterIndexWritesBlocked Maximum >= 1 1 CPUUtilization/MasterCPUUtilization Average >= 80% 3 JVMMemoryPressure/Master... Maximum >= 80% 3 FreeStorageSpace Minimum <= (25% of avail space) 1 AutomatedSnapshotFailure Maximum >= 1 1
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Slow Logs • Easy console set up • Integrated with CloudWatch Logs • Set thresholds to receive log events corresponding to slow queries and slow indexing • index.search.slowlog.threshold.query.warn • index.search.slowlog.threshold.query.info • index.search.slowlog.threshold.query.debug • index.search.slowlog.threshold.query.trace • index.search.slowlog.threshold.fetch.warn • index.search.slowlog.threshold.fetch.info • index.search.slowlog.threshold.fetch.debug • index.search.slowlog.threshold.fetch.trace • index.indexing.slowlog.threshold.index.warn • index.indexing.slowlog.threshold.index.info • index.indexing.slowlog.threshold.index.debug • index.indexing.slowlog.threshold.index.trace • index.indexing.slowlog.level: trace • index.indexing.slowlog.source: 255 Amazon ES Domain CloudWatch Logs Queries and Updates Slow query logs Slow indexing logs
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Elasticsearch analysis is delivered by Aggregations
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Think buckets and metrics Buckets – a collection of documents meeting some criterion Metrics – calculations on the content of buckets Bucket: time Metric:count
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dig in to your data in real time
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Run Elasticsearch in the AWS Cloud with Amazon Elasticsearch Service Deploy, scale, ingest, secure, monitor, and analyze Start sending your log data today!Amazon Elasticsearch Service
Questions?

Recommended

Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWSAmazon Web Services
 
Amazon Elasticsearch Service Deep Dive - AWS Online Tech Talks
Amazon Elasticsearch Service Deep Dive - AWS Online Tech TalksAmazon Elasticsearch Service Deep Dive - AWS Online Tech Talks
Amazon Elasticsearch Service Deep Dive - AWS Online Tech TalksAmazon Web Services
 
Success has Many Query Engines- Tel Aviv Summit 2018
Success has Many Query Engines- Tel Aviv Summit 2018Success has Many Query Engines- Tel Aviv Summit 2018
Success has Many Query Engines- Tel Aviv Summit 2018Amazon Web Services
 
Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWSAmazon Web Services
 
Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...
Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...
Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...Amazon Web Services
 
Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWSAmazon Web Services
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Amazon Web Services
 
Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...
Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...
Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...Amazon Web Services
 

Recommended

Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWSAmazon Web Services
 
Amazon Elasticsearch Service Deep Dive - AWS Online Tech Talks
Amazon Elasticsearch Service Deep Dive - AWS Online Tech TalksAmazon Elasticsearch Service Deep Dive - AWS Online Tech Talks
Amazon Elasticsearch Service Deep Dive - AWS Online Tech TalksAmazon Web Services
 
Success has Many Query Engines- Tel Aviv Summit 2018
Success has Many Query Engines- Tel Aviv Summit 2018Success has Many Query Engines- Tel Aviv Summit 2018
Success has Many Query Engines- Tel Aviv Summit 2018Amazon Web Services
 
Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWSAmazon Web Services
 
Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...
Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...
Get the Most out of Your Amazon Elasticsearch Service Domain (ANT334-R1) - AW...Amazon Web Services
 
Log Analytics with AWS
Log Analytics with AWSLog Analytics with AWS
Log Analytics with AWSAmazon Web Services
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Amazon Web Services
 
Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...
Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...
Search Your DynamoDB Data with Amazon Elasticsearch Service (ANT302) - AWS re...Amazon Web Services
 
Analyzing Streams
Analyzing StreamsAnalyzing Streams
Analyzing StreamsAmazon Web Services
 
Preparing Data for the Lake
Preparing Data for the LakePreparing Data for the Lake
Preparing Data for the LakeAmazon Web Services
 
Building a Modern Data Platform in the Cloud
Building a Modern Data Platform in the CloudBuilding a Modern Data Platform in the Cloud
Building a Modern Data Platform in the CloudAmazon Web Services
 
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018Amazon Web Services
 
Build Intelligent Apps with Amazon ML
Build Intelligent Apps with Amazon ML Build Intelligent Apps with Amazon ML
Build Intelligent Apps with Amazon ML Amazon Web Services
 
Securing Your Big Data Workload - AWS Summit Sydney 2018
Securing Your Big Data Workload - AWS Summit Sydney 2018Securing Your Big Data Workload - AWS Summit Sydney 2018
Securing Your Big Data Workload - AWS Summit Sydney 2018Amazon Web Services
 
SRV203 Optimizing Amazon EC2 for Fun and Profit
SRV203 Optimizing Amazon EC2 for Fun and Profit SRV203 Optimizing Amazon EC2 for Fun and Profit
SRV203 Optimizing Amazon EC2 for Fun and ProfitAmazon Web Services
 
Customer Uses of Data Lakes
Customer Uses of Data LakesCustomer Uses of Data Lakes
Customer Uses of Data LakesAmazon Web Services
 
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...Amazon Web Services
 
Airbnb - StreamAlert
Airbnb - StreamAlertAirbnb - StreamAlert
Airbnb - StreamAlertAmazon Web Services
 
BDA305 Building Data Lakes and Analytics on AWS
BDA305 Building Data Lakes and Analytics on AWSBDA305 Building Data Lakes and Analytics on AWS
BDA305 Building Data Lakes and Analytics on AWSAmazon Web Services
 
Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Amazon Web Services
 
Edge Computing with AWS Greengrass
Edge Computing with AWS Greengrass Edge Computing with AWS Greengrass
Edge Computing with AWS Greengrass Amazon Web Services
 
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...Amazon Web Services
 
High Performance Computing on AWS: Driving Innovation without Infrastructure ...
High Performance Computing on AWS: Driving Innovation without Infrastructure ...High Performance Computing on AWS: Driving Innovation without Infrastructure ...
High Performance Computing on AWS: Driving Innovation without Infrastructure ...Amazon Web Services
 
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...Amazon Web Services
 
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Amazon Web Services
 
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...Amazon Web Services
 
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...Amazon Web Services
 
BDA302 Building Intelligent Apps with AWS Machine Learning Language Services
BDA302 Building Intelligent Apps with AWS Machine Learning Language ServicesBDA302 Building Intelligent Apps with AWS Machine Learning Language Services
BDA302 Building Intelligent Apps with AWS Machine Learning Language ServicesAmazon Web Services
 
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018Amazon Web Services
 
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceAmazon Web Services
 

More Related Content

What's hot

Building a Modern Data Platform in the Cloud
Building a Modern Data Platform in the CloudBuilding a Modern Data Platform in the Cloud
Building a Modern Data Platform in the CloudAmazon Web Services
 
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018Amazon Web Services
 
Build Intelligent Apps with Amazon ML
Build Intelligent Apps with Amazon ML Build Intelligent Apps with Amazon ML
Build Intelligent Apps with Amazon ML Amazon Web Services
 
Securing Your Big Data Workload - AWS Summit Sydney 2018
Securing Your Big Data Workload - AWS Summit Sydney 2018Securing Your Big Data Workload - AWS Summit Sydney 2018
Securing Your Big Data Workload - AWS Summit Sydney 2018Amazon Web Services
 
SRV203 Optimizing Amazon EC2 for Fun and Profit
SRV203 Optimizing Amazon EC2 for Fun and Profit SRV203 Optimizing Amazon EC2 for Fun and Profit
SRV203 Optimizing Amazon EC2 for Fun and ProfitAmazon Web Services
 
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...Amazon Web Services
 
BDA305 Building Data Lakes and Analytics on AWS
BDA305 Building Data Lakes and Analytics on AWSBDA305 Building Data Lakes and Analytics on AWS
BDA305 Building Data Lakes and Analytics on AWSAmazon Web Services
 
Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Amazon Web Services
 
Edge Computing with AWS Greengrass
Edge Computing with AWS Greengrass Edge Computing with AWS Greengrass
Edge Computing with AWS Greengrass Amazon Web Services
 
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...Amazon Web Services
 
High Performance Computing on AWS: Driving Innovation without Infrastructure ...
High Performance Computing on AWS: Driving Innovation without Infrastructure ...High Performance Computing on AWS: Driving Innovation without Infrastructure ...
High Performance Computing on AWS: Driving Innovation without Infrastructure ...Amazon Web Services
 
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...Amazon Web Services
 
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Amazon Web Services
 
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...Amazon Web Services
 
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...Amazon Web Services
 
BDA302 Building Intelligent Apps with AWS Machine Learning Language Services
BDA302 Building Intelligent Apps with AWS Machine Learning Language ServicesBDA302 Building Intelligent Apps with AWS Machine Learning Language Services
BDA302 Building Intelligent Apps with AWS Machine Learning Language ServicesAmazon Web Services
 

What's hot (20)

Analyzing Streams
Analyzing StreamsAnalyzing Streams
Analyzing Streams
 
Preparing Data for the Lake
Preparing Data for the LakePreparing Data for the Lake
Preparing Data for the Lake
 
Building a Modern Data Platform in the Cloud
Building a Modern Data Platform in the CloudBuilding a Modern Data Platform in the Cloud
Building a Modern Data Platform in the Cloud
 
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018
Build Data Engineering Platforms with Amazon EMR (ANT204) - AWS re:Invent 2018
 
Build Intelligent Apps with Amazon ML
Build Intelligent Apps with Amazon ML Build Intelligent Apps with Amazon ML
Build Intelligent Apps with Amazon ML
 
Securing Your Big Data Workload - AWS Summit Sydney 2018
Securing Your Big Data Workload - AWS Summit Sydney 2018Securing Your Big Data Workload - AWS Summit Sydney 2018
Securing Your Big Data Workload - AWS Summit Sydney 2018
 
SRV203 Optimizing Amazon EC2 for Fun and Profit
SRV203 Optimizing Amazon EC2 for Fun and Profit SRV203 Optimizing Amazon EC2 for Fun and Profit
SRV203 Optimizing Amazon EC2 for Fun and Profit
 
Customer Uses of Data Lakes
Customer Uses of Data LakesCustomer Uses of Data Lakes
Customer Uses of Data Lakes
 
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...
Hybrid Cloud Processing & Data Distribution with File Gateway & Amazon S3 (ST...
 
Airbnb - StreamAlert
Airbnb - StreamAlertAirbnb - StreamAlert
Airbnb - StreamAlert
 
BDA305 Building Data Lakes and Analytics on AWS
BDA305 Building Data Lakes and Analytics on AWSBDA305 Building Data Lakes and Analytics on AWS
BDA305 Building Data Lakes and Analytics on AWS
 
Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics Big Data and Alexa_Voice-Enabled Analytics
Big Data and Alexa_Voice-Enabled Analytics
 
Edge Computing with AWS Greengrass
Edge Computing with AWS Greengrass Edge Computing with AWS Greengrass
Edge Computing with AWS Greengrass
 
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...
Amazon Athena: What's New and How SendGrid Innovates (ANT324) - AWS re:Invent...
 
High Performance Computing on AWS: Driving Innovation without Infrastructure ...
High Performance Computing on AWS: Driving Innovation without Infrastructure ...High Performance Computing on AWS: Driving Innovation without Infrastructure ...
High Performance Computing on AWS: Driving Innovation without Infrastructure ...
 
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...
Lock It Down: Configure End-to-End Security & Access Control on Amazon EMR (A...
 
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
 
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...
Data Lake Implementation: Processing and Querying Data in Place (STG204-R1) -...
 
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...
Extending Analytics Beyond the Data Warehouse, ft. Warner Bros. Analytics (AN...
 
BDA302 Building Intelligent Apps with AWS Machine Learning Language Services
BDA302 Building Intelligent Apps with AWS Machine Learning Language ServicesBDA302 Building Intelligent Apps with AWS Machine Learning Language Services
BDA302 Building Intelligent Apps with AWS Machine Learning Language Services
 

Similar to Log Analytics with AWS

What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018Amazon Web Services
 
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceAmazon Web Services
 
Using Search with a Database - Peter Dachnowicz
Using Search with a Database - Peter DachnowiczUsing Search with a Database - Peter Dachnowicz
Using Search with a Database - Peter DachnowiczAmazon Web Services
 
Adding Search to DynamoDB: Database Week San Francisco
Adding Search to DynamoDB: Database Week San FranciscoAdding Search to DynamoDB: Database Week San Francisco
Adding Search to DynamoDB: Database Week San FranciscoAmazon Web Services
 
Using Search with a Database: Database Week SF
Using Search with a Database: Database Week SFUsing Search with a Database: Database Week SF
Using Search with a Database: Database Week SFAmazon Web Services
 
Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...
Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...
Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...Amazon Web Services
 
Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...
Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...
Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...Amazon Web Services
 
Big Data@Scale_AWSPSSummit_Singapore
Big Data@Scale_AWSPSSummit_SingaporeBig Data@Scale_AWSPSSummit_Singapore
Big Data@Scale_AWSPSSummit_SingaporeAmazon Web Services
 
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018Amazon Web Services
 
Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...
Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...
Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...Amazon Web Services
 
Implementazione di una soluzione Data Lake.pdf
Implementazione di una soluzione Data Lake.pdfImplementazione di una soluzione Data Lake.pdf
Implementazione di una soluzione Data Lake.pdfAmazon Web Services
 
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Amazon Web Services
 
Build your own log analytics solution on AWS - ADB301 - Atlanta AWS Summit
Build your own log analytics solution on AWS - ADB301 - Atlanta AWS SummitBuild your own log analytics solution on AWS - ADB301 - Atlanta AWS Summit
Build your own log analytics solution on AWS - ADB301 - Atlanta AWS SummitAmazon Web Services
 
AWS Data Lake: data analysis @ scale
AWS Data Lake: data analysis @ scaleAWS Data Lake: data analysis @ scale
AWS Data Lake: data analysis @ scaleAmazon Web Services
 
Scaling from zero to millions of users
Scaling from zero to millions of usersScaling from zero to millions of users
Scaling from zero to millions of usersAmazon Web Services
 
Scaling Up To and Beyond 10M Users
Scaling Up To and Beyond 10M UsersScaling Up To and Beyond 10M Users
Scaling Up To and Beyond 10M UsersAmazon Web Services
 
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...AWS Riyadh User Group
 
Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018
Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018
Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018Amazon Web Services
 
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your SolutionsAmazon Web Services
 

Similar to Log Analytics with AWS (20)

What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
What Can Your Logs Tell You? (ANT215) - AWS re:Invent 2018
 
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch ServiceBDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
BDA308 Deep Dive: Log Analytics with Amazon Elasticsearch Service
 
Using Search with a Database - Peter Dachnowicz
Using Search with a Database - Peter DachnowiczUsing Search with a Database - Peter Dachnowicz
Using Search with a Database - Peter Dachnowicz
 
Adding Search to DynamoDB: Database Week San Francisco
Adding Search to DynamoDB: Database Week San FranciscoAdding Search to DynamoDB: Database Week San Francisco
Adding Search to DynamoDB: Database Week San Francisco
 
Using Search with a Database: Database Week SF
Using Search with a Database: Database Week SFUsing Search with a Database: Database Week SF
Using Search with a Database: Database Week SF
 
Using Search with a Database
Using Search with a DatabaseUsing Search with a Database
Using Search with a Database
 
Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...
Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...
Searching for patterns: Log analytics using Amazon ES - ADB205 - New York AWS...
 
Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...
Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...
Integrating Amazon Elasticsearch with your DevOps Tooling - AWS Online Tech T...
 
Big Data@Scale_AWSPSSummit_Singapore
Big Data@Scale_AWSPSSummit_SingaporeBig Data@Scale_AWSPSSummit_Singapore
Big Data@Scale_AWSPSSummit_Singapore
 
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
Have Your Front End and Monitor It, Too (ANT303) - AWS re:Invent 2018
 
Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...
Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...
Serverless Stream Processing Pipeline Best Practices (SRV316-R1) - AWS re:Inv...
 
Implementazione di una soluzione Data Lake.pdf
Implementazione di una soluzione Data Lake.pdfImplementazione di una soluzione Data Lake.pdf
Implementazione di una soluzione Data Lake.pdf
 
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
Architecting for Real-Time Insights with Amazon Kinesis (ANT310) - AWS re:Inv...
 
Build your own log analytics solution on AWS - ADB301 - Atlanta AWS Summit
Build your own log analytics solution on AWS - ADB301 - Atlanta AWS SummitBuild your own log analytics solution on AWS - ADB301 - Atlanta AWS Summit
Build your own log analytics solution on AWS - ADB301 - Atlanta AWS Summit
 
AWS Data Lake: data analysis @ scale
AWS Data Lake: data analysis @ scaleAWS Data Lake: data analysis @ scale
AWS Data Lake: data analysis @ scale
 
Scaling from zero to millions of users
Scaling from zero to millions of usersScaling from zero to millions of users
Scaling from zero to millions of users
 
Scaling Up To and Beyond 10M Users
Scaling Up To and Beyond 10M UsersScaling Up To and Beyond 10M Users
Scaling Up To and Beyond 10M Users
 
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
 
Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018
Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018
Social Media Analytics with Amazon QuickSight (ANT370) - AWS re:Invent 2018
 
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
 

More from AWS Germany

Analytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the FieldAnalytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the FieldAWS Germany
 
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...AWS Germany
 
Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...AWS Germany
 
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...AWS Germany
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSAWS Germany
 
Modern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with SpinnakerModern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with SpinnakerAWS Germany
 
Building Smart Home skills for Alexa
Building Smart Home skills for AlexaBuilding Smart Home skills for Alexa
Building Smart Home skills for AlexaAWS Germany
 
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructureHotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructureAWS Germany
 
Wild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless WorkshopWild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless WorkshopAWS Germany
 
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS AWS Germany
 
AWS Programme für Nonprofits
AWS Programme für NonprofitsAWS Programme für Nonprofits
AWS Programme für NonprofitsAWS Germany
 
Microservices and Data Design
Microservices and Data DesignMicroservices and Data Design
Microservices and Data DesignAWS Germany
 
Serverless vs. Developers – the real crash
Serverless vs. Developers – the real crashServerless vs. Developers – the real crash
Serverless vs. Developers – the real crashAWS Germany
 
Query your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performanceQuery your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performanceAWS Germany
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Scale to Infinity with ECS
Scale to Infinity with ECSScale to Infinity with ECS
Scale to Infinity with ECSAWS Germany
 
Containers on AWS - State of the Union
Containers on AWS - State of the UnionContainers on AWS - State of the Union
Containers on AWS - State of the UnionAWS Germany
 
Deploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon LightsailDeploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon LightsailAWS Germany
 
Building Personalized Data Products - From Idea to Product
Building Personalized Data Products - From Idea to ProductBuilding Personalized Data Products - From Idea to Product
Building Personalized Data Products - From Idea to ProductAWS Germany
 

More from AWS Germany (20)

Analytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the FieldAnalytics Web Day | From Theory to Practice: Big Data Stories from the Field
Analytics Web Day | From Theory to Practice: Big Data Stories from the Field
 
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
Analytics Web Day | Query your Data in S3 with SQL and optimize for Cost and ...
 
Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...Modern Applications Web Day | Impress Your Friends with Your First Serverless...
Modern Applications Web Day | Impress Your Friends with Your First Serverless...
 
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
Modern Applications Web Day | Manage Your Infrastructure and Configuration on...
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWS
 
Modern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with SpinnakerModern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
Modern Applications Web Day | Continuous Delivery to Amazon EKS with Spinnaker
 
Building Smart Home skills for Alexa
Building Smart Home skills for AlexaBuilding Smart Home skills for Alexa
Building Smart Home skills for Alexa
 
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructureHotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
Hotel or Taxi? "Sorting hat" for travel expenses with AWS ML infrastructure
 
Wild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless WorkshopWild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
Wild Rydes with Big Data/Kinesis focus: AWS Serverless Workshop
 
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
Deep Dive into Concepts and Tools for Analyzing Streaming Data on AWS
 
AWS Programme für Nonprofits
AWS Programme für NonprofitsAWS Programme für Nonprofits
AWS Programme für Nonprofits
 
Microservices and Data Design
Microservices and Data DesignMicroservices and Data Design
Microservices and Data Design
 
Serverless vs. Developers – the real crash
Serverless vs. Developers – the real crashServerless vs. Developers – the real crash
Serverless vs. Developers – the real crash
 
Query your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performanceQuery your data in S3 with SQL and optimize for cost and performance
Query your data in S3 with SQL and optimize for cost and performance
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
EKS Workshop
EKS Workshop EKS Workshop
EKS Workshop
 
Scale to Infinity with ECS
Scale to Infinity with ECSScale to Infinity with ECS
Scale to Infinity with ECS
 
Containers on AWS - State of the Union
Containers on AWS - State of the UnionContainers on AWS - State of the Union
Containers on AWS - State of the Union
 
Deploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon LightsailDeploying and Scaling Your First Cloud Application with Amazon Lightsail
Deploying and Scaling Your First Cloud Application with Amazon Lightsail
 
Building Personalized Data Products - From Idea to Product
Building Personalized Data Products - From Idea to ProductBuilding Personalized Data Products - From Idea to Product
Building Personalized Data Products - From Idea to Product
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Log Analytics with AWS

  • 1. Pop-up Loft Log Analytics with AWS Bill Baldwin DBS Technical Evangelist bbaldwin@amazon.com Pop-up Loft © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Your pager goes off at 3:00am. The servers are melting!
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You VPN in and quick check the logs Uh oh
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. If you had Amazon Elasticsearch Service
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transition from IT to DevOps Increase in IoT and Mobile Devices Cloud-based architectures Machine-generated data is growing 10x faster than business data Source: insideBigData - The Exponential Growth of Data, February 16, 2018 THE EXPLOSION OF MACHINE-GENERATED DATA
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elasticsearch Service is a fully managed service that makes it easy to deploy, manage, and scale Elasticsearch and Kibana A M A Z O N E L A S T I C S E A R C H S E R V I C E +
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. B E N E F I T S O F A MA ZO N E LA ST I C SE A R C H SE R VI C E Supports Open-Source APIs and Tools Drop-in replacement with no need to learn new APIs or skills Easy to Use Deploy a production-ready Elasticsearch cluster in minutes Scalable Resize your cluster with a few clicks or a single API call Secure Deploy into your VPC and restrict access using security groups and IAM policies Highly Available Replicate across Availability Zones, with monitoring and automated self-healing Tightly Integrated with Other AWS Services Seamless data ingestion, security, auditing and orchestration
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ELASTICSEARCH LEADING USE CASES Application Monitoring & Root-cause Analysis Security Information and Event Management (SIEM) IoT & Mobile Business & Clickstream Analytics Provides developers with a high performance, self-service operational monitoring and analytics platform Enables security practitioners to centralize and analyze events from across the entire organization Gives developers and lines of business users real-time location-aware insights into their device fleets Provides business users with a real-time view of the performance of their web content and e-commerce platforms
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application Monitoring & Root-cause Analysis C A S E S T U D Y : E XPE D I A Logs, lots and lots of logs. How to cost effectively monitor logs? Require centralized logging infrastructure Did not have the man power to manage infrastructure P R O B L E M Quick insights: Able to identify and troubleshoot issues in real-time Secure: Integrated w/ AWS IAM Scalable: Cluster sizes are able to grow to accommodate additional log sources B E N E F I T S Streaming AWS CloudTrail logs, application logs, and Docker startup logs to Elasticsearch Created centralized logging service for all team members Using Kibana for visualizations and for Elasticsearch queries S O L U T I O N © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business and Clickstream Analytics C A S E S T U D Y : FI NA NC I A L T I ME S What stories do our readers care about? What’s hot? Required a custom clickstream analytics solution Need a solution that delivers analytics in real-time Did not have a team to manage analytics infrastructure P R O B L E M B E N E F I T S Streaming user data to Amazon ES for analysis. Created their own custom dashboards for editors and journalists – Lantern. Lantern - ”shines a light” on reader activity for the editors and journalists at the FT Critical tool for making editorial decisions. Daily editorial meetings start by looking at Lantern dashboard S O L U T I O N © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Reliability : Lantern is used throughout the day by journalists and editors. Relying on Amazon to manage their systems for maximum uptime. Cost savings: Able to easily tune their cluster to meet their needs with minimal management overhead
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Software & Internet Financial ServicesEducation Technology BioTech and Pharma Media and Entertainment Social Media Telecommunications Travel & Transportation Real Estate Logistics & Operations Publishing Other A MA ZO N E LA ST I C SE A R C H SE R VI C E C UST O ME R S
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Elasticsearch is a distributed solution You run clusters of instances
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Service architecture AWS SDK AWS CLI AWS CloudFormation Elasticsearch data nodes Elasticsearch master nodes Elastic Load Balancing IAM Amazon CloudWatch AWS CloudTrail Amazon Elasticsearch Service domain
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How many instances? • The index size will be about the same as the corpus of source documents • Double this if you are deploying an index replica • Size based on storage requirements • Either local storage or up to 1.5 TB of Amazon Elastic Block Store (EBS) per instance Example: a 2 TB corpus will need 4 instances Assuming a replica and using EBS Given 1.5 TB of storage per instance, this gives 6TB of storage
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Which instance type? Instance Max Storage* Workload T2 3.5TB You want to do dev/QA M3, M4 150TB Your data and queries are “average” R3, R4 150TB You have higher request volumes, larger documents, or are using aggregations heavily C4 150TB You need to support high concurrency I2, I3 1.5 PB You have XL storage needs
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How you shard is how you scale
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Elasticsearch documents: structured JSON { "verb": "GET", "ident": "-", "bytes": 6245, "@timestamp": "1995-07-01T00:00:01", "request": "GET /history/apollo/ HTTP/1.0", "host": "199.72.81.55", "authuser": "-", "@timestamp_utc": "1995-07-01T04:00:01+00:00", "timezone": "-0400", "response": 200 } • Documents contain fields – name/value pairs • Fields can nest • Value types include text, numerics, dates, and geo objects • Field values can be single or array • When you send documents to Elasticsearch they should arrive as JSON 199.72.81.55 - - [01/Jul/1995:00:00:01 -0400] "GET /history/apollo/ HTTP/1.0" 200 6245
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Documents are the core entity ID Field: value Field: value Field: value Field: value
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ES stores documents in an index Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Indexes have primary shards Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards • Shards are the units of storage and compute in an Amazon ES domain • Each shard’s set of documents is distinct • The primary shard count is fixed at creation time • Shards are instances of Apache Lucene • Lucene creates an index for each field in each document
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Indexes have replica shards Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards • Replica shards are distributed copies of their primaries • The replica shard count is dynamic • Replica shards provide data redundancy and parallelism
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shards are distributed across instances Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards Instances • Primary and replica are distributed to different instances • Distribution is initially by shard count • Storage available limits new shard allocation as well
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shards (Lucene) store indexes on disk Amazon Elasticsearch Service domain ID Field: value Field: value Field: value Field: value _bulk API Index / Type Shards Instances Storage
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How many shards? • Best practice: shards should be < 50GB • Divide index size by ~40GB to get initial shard count • Active shards per instance ~= vCPUs • Always use at least 1 replica for production! Example: 2 TB corpus will need 50 primary shards 2,000 GB / 40GB per shard = 50 shards
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data pattern Amazon ES cluster logs_01.21.2018 logs_01.22.2018 logs_01.23.2018 logs_01.24.2018 logs_01.25.2018 logs_01.26.2018 logs_01.27.2018 Shard 1 Shard 2 Shard 3 host request verb status timestamp etc. Each index has multiple shards Each shard contains a set of documents Each document contains a set of fields and values One index per day
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Load data into Amazon ES
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The components of ingestion Data source Collect Transform Buffer Deliver
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS-Centric solutions Amazon Kinesis Firehose Amazon CloudWatch Logs Logstash AWS IoT Elasticsearch data nodes Elasticsearch master nodes Kibana Data Producers Buffer/ Transform/ Deliver Amazon ES Cluster Analytics UI
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Lambda architectures Files S3 Events Amazon S3 AWS Lambda Function DynamoDB streams Amazon DynamoDB Table AWS Lambda Function Amazon Elasticsearch Service Amazon KinesisData Producers AWS Lambda Function
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kinesis Firehose delivery architecture • For public access domains • Easily transform data • Serverless with built-in batching, index rollover, error handling S3 bucket source records data source source records Amazon Elasticsearch Service Firehose delivery stream transformed records delivery failure Data transformation function transformation failure
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Secure your data • Pub l i c – IA M • Pr i v ate – e ndp o i nt • E nc r yp ti o n
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use IAM for public endpoints { "Version": "2012-10-17", "Statement": [ { "Effect":... "Principal": ... "Action": [...], "Resource": ..., "Condition": ... } ] } • Effect: Allow or Deny • Principal: AWS account ID • Action • HTTP verbs • Service actions • Resource: Amazon ES domain/index • Condition: IP Address
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use security groups for private endpoints • Private networking between your VPC and Amazon Elasticsearch Service • Traffic does not traverse the public internet • Use IAM security groups for authentication and access control VPC subnet security group VPC subnet security group Amazon Elasticsearch Service Data Master Data Master IAM IAM Availability Zone B Availability Zone A
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypt your data Elasticsearch data nodes Elasticsearch master nodes AWSKMS • Use your own KMS keys • Encrypted data at rest on Amazon ES instances • Encrypted automatic snapshots
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make your domain more stable
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use dedicated masters Amazon ES cluster Dedicated master nodes: cluster state Data nodes: queries and updates
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Master node recommendations Number of data nodes Master node instance type < 10 m3.medium+ < 20 m4.large+ <= 50 c4.xlarge+ 50-100 c4.2xlarge+ • In production, always use an odd number of masters, >= 3 • Use fewer, smaller than data nodes
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use zone awareness Amazon ES cluster Availability Zone 1 Availability Zone 2
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch Alarms Name Metric Threshold Periods ClusterStatus.red Maximum >= 1 1 ClusterIndexWritesBlocked Maximum >= 1 1 CPUUtilization/MasterCPUUtilization Average >= 80% 3 JVMMemoryPressure/Master... Maximum >= 80% 3 FreeStorageSpace Minimum <= (25% of avail space) 1 AutomatedSnapshotFailure Maximum >= 1 1
  • 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Slow Logs • Easy console set up • Integrated with CloudWatch Logs • Set thresholds to receive log events corresponding to slow queries and slow indexing • index.search.slowlog.threshold.query.warn • index.search.slowlog.threshold.query.info • index.search.slowlog.threshold.query.debug • index.search.slowlog.threshold.query.trace • index.search.slowlog.threshold.fetch.warn • index.search.slowlog.threshold.fetch.info • index.search.slowlog.threshold.fetch.debug • index.search.slowlog.threshold.fetch.trace • index.indexing.slowlog.threshold.index.warn • index.indexing.slowlog.threshold.index.info • index.indexing.slowlog.threshold.index.debug • index.indexing.slowlog.threshold.index.trace • index.indexing.slowlog.level: trace • index.indexing.slowlog.source: 255 Amazon ES Domain CloudWatch Logs Queries and Updates Slow query logs Slow indexing logs
  • 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Elasticsearch analysis is delivered by Aggregations
  • 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Think buckets and metrics Buckets – a collection of documents meeting some criterion Metrics – calculations on the content of buckets Bucket: time Metric:count
  • 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dig in to your data in real time
  • 44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo
  • 45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Run Elasticsearch in the AWS Cloud with Amazon Elasticsearch Service Deploy, scale, ingest, secure, monitor, and analyze Start sending your log data today!Amazon Elasticsearch Service