Logs management

13,182 views

Published on

Logs management using Logstash, ElasticSearch and Kibana, Some extra content about statsd and graphite

Published in: Technology
2 Comments
32 Likes
Statistics
Notes
No Downloads
Views
Total views
13,182
On SlideShare
0
From Embeds
0
Number of Embeds
4,719
Actions
Shares
0
Downloads
344
Comments
2
Likes
32
Embeds 0
No embeds

No notes for slide
  • Internal to logstash, events are passed from each phase using internal queues. It is implemented with a 'SizedQueue' in Ruby. SizedQueue allows a bounded maximum of items in the queue such that any writes to the queue will block if the queue is full at maximum capacity.Logstash sets each queue size to 20. This means only 20 events can be pending into the next phase - this helps reduce any data loss and in general avoids logstash trying to act as a data storage system. These internal queues are not for storing messages long-term.
  • what kind of logs you can get (inputs), how you can transform them (filters), and where you can throw them (outputs)
  • listens for messages on a UDP port.It parses the messages, extracts metrics data, and periodically flushes the data to one or more pluggable backend services
  • listens for messages on a UDP port.It parses the messages, extracts metrics data, and periodically flushes the data to one or more pluggable backend services
  • Logs management

    1. 1. Logs Management
    2. 2. infrastructure
    3. 3. logs management
    4. 4. logflow
    5. 5. logstash Logstash tool for managing events and logs Logstash written in JRuby logstash “all in one” jar file logstash inputs -> filters -> outputs
    6. 6. logstash plugins example Inputs eventlog, file, s3, syslog, tcp, udp, websocket, wmi Filters csv, dns, geoip, grok, mutate Outputs elasticsearch, email, exec, mongodb, rabbitmq, redis http://logstash.net/docs/1.2.2/
    7. 7. logstash example with puppet = input { stdin{ type => “example“ } }
    8. 8. logstash example with puppet = output { redis { data_type => "list" host => [’10.0.22.26'] key => "logstash” } }
    9. 9. logflow
    10. 10. redis Redis open source, advanced key-value store Redis buffer new logs from any type of slower parsing
    11. 11. logflow
    12. 12. logflow
    13. 13. logstash example with puppet = input { syslog { port => 5544 type => "hapr" } }
    14. 14. log4net example
    15. 15. logflow
    16. 16. logstash example with puppet = output { elasticsearch { cluster => "logs” embedded => false index => "%{type}-%{+YYYY.MM.dd}” node_name => "logstash_output" } }
    17. 17. logflow
    18. 18. elasticsearch ES distributed restful search and analytics engine ES build on top of apache lucene ES distributed, highly available ES document oriented, schema free ES restfull api
    19. 19. elasticsearch Data Structure Index shards replica http://stackoverflow.com/questions/15694724/shards-and-replicas-in-elasticsearch
    20. 20. elasticsearch Data Structure Index shards replica http://stackoverflow.com/questions/15694724/shards-and-replicas-in-elasticsearch
    21. 21. elasticsearch Data Structure Index shards replica http://stackoverflow.com/questions/15694724/shards-and-replicas-in-elasticsearch
    22. 22. elasticsearch Demo http://logs.adform.com:9200/_plugin/bigdesk http://logs.adform.com:9200/_plugin/paramedic/
    23. 23. logflow
    24. 24. kibana 3 kibana: HTML + JavaScript kibana: analytics and search interface to timestamped data sets stored in ElasticSearch kibana: browser connects directly to ElasticSearch
    25. 25. kibana 3 http://logs.adform.com/kibana
    26. 26. logflow
    27. 27. logflow
    28. 28. logflow
    29. 29. statsD statsD: NodeJS daemon statsD: extarcts metrics data and flushes to backend statsD: counters, timers, gouges timers example: 450 120 553 994 334 844 675 496 => mean_90 496 upper_90 844 sum_90 3472 upper 994 lower 120 count 8 sum 4466 mean 558.2 http://blog.pkhamre.com/2012/07/24/understanding-statsd-and-graphite/
    30. 30. statsD clients .NET 4.0 : https://github.com/robbihun/NStatsD.Client C#: https://github.com/goncalopereira/statsd-csharp-client .NET: https://github.com/peschuster/graphite-client .NET 3.5 – 4.5: http://www.nuget.org/packages/StatsdCsharpClient/ https://github.com/etsy/statsd/wiki
    31. 31. statsD example NStatsD.Client.Current.Increment("testing.increment"); NStatsD.Client.Current.Decrement("testing.decrement"); NStatsD.Client.Current.Timing("testing.timing", 2345); NStatsD.Client.Current.Gauge("testing.gauge", 45); https://github.com/robbihun/NStatsD.Client
    32. 32. logflow
    33. 33. graphite graphite: highly scalable real-time graphing system graphite: good when you don’t know the names metrics
    34. 34. graphite web DEMO
    35. 35. graphite clients .NET: https://github.com/peschuster/graphite-client • • • • • WCF MSBuild ELMAH SQL Server PerfCounterMonitor.exe (Graphite.System) • Performance counters • Event log • IIS Application Pools (with)
    36. 36. what's next
    37. 37. what's next LEARN!!!
    38. 38. what's next dashboards http://techblog.netflix.com/2012/12/hystrix-dashboard-and-turbine.html http://shopify.github.io/dashing/#widgets http://fdietz.github.io/team_dashboard/

    ×