SlideShare a Scribd company logo

Logstash-Elasticsearch-Kibana

dknx01
dknx01

How to use Logstash-Elasticsearch-Kibana (ELK) for analyse your server logs

Technology
1 of 48
Download to read offline
Logstash-Elasticsearch-Kibana How to manage logs E. Witthauer November 28, 2015
Why logging • Debugging
Why logging • Debugging • Metrics
Why logging • Debugging • Metrics • Monitoring
Old style • Tail: ssh example.org > tail -f /var/log/some.log
Old style • Tail: ssh example.org > tail -f /var/log/some.log • Tools for multiple les: like multitail
Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions
Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
Better style Better all in one place with option to later analysis
The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB)
The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data
The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data K ibana - WebUI for data visualisation and analysis (node.js based)
The infrastructure 1. Read the logs and put them into a Redis-DB 2. Read from Redis-DB, lter and put into Elasticsearch
The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active
The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second)
The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second) • Check the event format if we have some index problems (e.g. wrong eld value or tag)
Setup Logstash • Install Java (1.9)
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below)
Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below) • Or install the deb package and run it
Setup Redis • Install Redis from your repository system
Setup Elasticsearch • Install Java (1.9) if not done yet
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch
Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch • Or install the deb package and run it
Setup Kibana • Install Java (1.9) if not done yet
Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana
Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le
Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le • Open cong/kibana.yml in editor • Set the elasticsearch.url to point at your Elasticsearch instance (e.g. loclhost or 1270.0.1) • Run it: bin/kibana • Open url http://yourhost.com:5601
Cong Shipper For the Shipper we create a cong le: 1 input { 2 f i l e { 3 path = / var / log / apache2 /∗ access ∗. log 4 s t a r t _ p o s i t i o n = beginning 5 type = apache 6 sincedb_path = / opt /. sincedb_apache_access 7 } 8 } 9 output { 10 r e d i s { 11 host = 1 2 7 . 0 . 0 . 1 12 data_type = l i s t 13 key = l o g s t a s h 14 } 15 }
Cong Shipper explained input {...} Conguration for our input le {...} Species a le input (all apache access log les) path Path to our log les (regex) start_position We start reading the le from the beginning type adds a eld type with value apache to the output sincedb_path Path to the internal database that sores the last reading position in this le(s) output {...} Conguration for our ouput redis {...} Conguration for redis output host Redis host address data_type Specied that we store the events as a list in redis key Name of our redis list
Cong Indexer For the Shipper we create a cong le: 1 input { 2 r e d i s { 3 host = 1 2 7 . 0 . 0 . 1 4 type = r e d i s −input 5 data_type = l i s t 6 key = l o g s t a s h 7 } 8 } 9 f i l t e r { 10 i f [ path ] =~ access { ANALYSE APACHE ACCESS } 11 e l s e i f [ path ] =~ e r r o r { ANALYSE APACHE ERROR } 12 e l s e i f [ type ] == s y s l o g { ANALYSE SYSLOG } 13 e l s e i f [ type ] == auth { ANALYSE AUTH LOG } 14 } 15 output { 16 e l a s t i c s e a r c h { } 17 }
Cong Indexer explained input {...} Conguration for our input redis {...} Conguration for redis input host Redis host address type adds a eld type with value redis-list to the output data_type Specied that we store the events as a list in redis key Name of our redis list) lter {...} Our lter for the dierent events (syslog, apache error, apache access, auth) if path|type Separate lter congurations for our events (see later) output {...} Conguration for elasticsearch output elasticsearch{ } Default conguration for elasticsearch (localhost, no further conguration needed)
Cong - Indexer Apache Access Filter The Apache Access Filter: 1 mutate { 2 r e p l a c e = { type = apache_access } 3 remove_tag = [ _ g r o k p a r s e f a i l u r e ] 4 remove_field = [ tags , tag , path ] 5 } 6 grok { 7 patterns_dir = / opt / grok_patterns 8 match = { message = %{VHOSTCOMBINEDAPACHELOG} } 9 } 10 date { 11 match = [ timestamp , dd/MMM/ yyyy :HH:mm: ss Z ] 12 } 13 geoip { 14 source = c l i e n t i p 15 } 16 useragent { 17 source = agent 18 }
Cong - Indexer Apache Access Filter mutate {...} Change eld values replace Replace value of eld type with apache_access remove_tag List of tags to be removed remove_eld List of eld to be removed grok {...} Parese text and structure it pattern_dir Path to our pattern les, if we don't use the internal ones match Field and pattern for matching date {...} Analyse the timestamp eld geoip Analyse the eld clientip with geoip (city, region, ip, etc.) useragent Analyse the eld agent as browser user agent (OS, Major- and Minor-version browsername, etc.)
Cong - Indexer Apache Error Filter The Apache Access Filter: 1 grok { 2 patterns_dir = / opt / grok_patterns 3 match = { message = %{APACHERERROR} } 4 } 5 m u l t i l i n e { 6 pattern = ^PHP b( Notice | Warning | Error | Fatal )b : 7 s o u r c e = errorMessage 8 what = next 9 } 10 m u l t i l i n e { 11 pattern = ^PHP[ ]{3 ,} d+. .∗ 12 s o u r c e = errorMessage 13 what = p r e v i o u s 14 } 15 mutate { 16 r e p l a c e = { type = apache_error } 17 r e p l a c e = { message = %{errorMessage } } 18 . . . 19 } 20 geoip { 21 s o u r c e = c l i e n t I p 22 } 23 i f [ request ] == / feed { 24 drop {} 25 }
Cong - Indexer Apache Error Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching multiline{...} Detect if we have a multiline message pattern The detection pattern source The eld for detection what How to handle it (next =combine with next/previous message) mutate {...} Change eld values replace Replace value of eld type with apache_error and message with value of errorMessage geoip Analyse the eld clientip with geoip request if the eld request has the value /feed drop it, we don't need it anymore
Cong - Indexer Syslog/Auth Filter The Apache Access Filter: 1 grok { 2 match = { message = %{SYSLOGT} } 3 add_field = [ received_at , %{@timestamp} ] 4 } 5 s y s l o g _ p r i { }}
Cong - Indexer Syslog/Auth Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching add_eld add an additional eld syslog_prio {...} Handle syslog priority levels
Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch
Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch • Kibana can be used for graphs and analyses
Kibana Combined apache error entry
Kibana Access graph
Kibana Access cities, browser and devices
End That's all For more infos just search for Kibana, Logstash or Elasticsearch

Recommended

Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Elk
Elk Elk
Elk Caleb Wang
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overviewABC Talks
 
ELK Stack
ELK StackELK Stack
ELK StackEberhard Wolff
 
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!
 

Recommended

Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Elk
Elk Elk
Elk Caleb Wang
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overviewABC Talks
 
ELK Stack
ELK StackELK Stack
ELK StackEberhard Wolff
 
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!
 
Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaAvinash Ramineni
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Elasticsearch
ElasticsearchElasticsearch
ElasticsearchDivij Sehgal
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersSATOSHI TAGOMORI
 
[Meetup] a successful migration from elastic search to clickhouse
[Meetup] a successful migration from elastic search to clickhouse[Meetup] a successful migration from elastic search to clickhouse
[Meetup] a successful migration from elastic search to clickhouseVianney FOUCAULT
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
Introduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneIntroduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneRahul Jain
 
The Elastic ELK Stack
The Elastic ELK StackThe Elastic ELK Stack
The Elastic ELK Stackenterprisesearchmeetup
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
ElasticSearch Basic Introduction
ElasticSearch Basic IntroductionElasticSearch Basic Introduction
ElasticSearch Basic IntroductionMayur Rathod
 
Project Tungsten: Bringing Spark Closer to Bare Metal
Project Tungsten: Bringing Spark Closer to Bare MetalProject Tungsten: Bringing Spark Closer to Bare Metal
Project Tungsten: Bringing Spark Closer to Bare MetalDatabricks
 
Practical Elasticsearch - real world use cases
Practical Elasticsearch - real world use casesPractical Elasticsearch - real world use cases
Practical Elasticsearch - real world use casesItamar
 
ElasticSearch in action
ElasticSearch in actionElasticSearch in action
ElasticSearch in actionCodemotion
 
Airflow at lyft
Airflow at lyftAirflow at lyft
Airflow at lyftTao Feng
 
Introduction à ElasticSearch
Introduction à ElasticSearchIntroduction à ElasticSearch
Introduction à ElasticSearchFadel Chafai
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnasAlexander Szalonnas
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Introduction to Presto at Treasure Data
Introduction to Presto at Treasure DataIntroduction to Presto at Treasure Data
Introduction to Presto at Treasure DataTaro L. Saito
 
Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 

More Related Content

What's hot

Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaAvinash Ramineni
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersSATOSHI TAGOMORI
 
[Meetup] a successful migration from elastic search to clickhouse
[Meetup] a successful migration from elastic search to clickhouse[Meetup] a successful migration from elastic search to clickhouse
[Meetup] a successful migration from elastic search to clickhouseVianney FOUCAULT
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
Introduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneIntroduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneRahul Jain
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
ElasticSearch Basic Introduction
ElasticSearch Basic IntroductionElasticSearch Basic Introduction
ElasticSearch Basic IntroductionMayur Rathod
 
Project Tungsten: Bringing Spark Closer to Bare Metal
Project Tungsten: Bringing Spark Closer to Bare MetalProject Tungsten: Bringing Spark Closer to Bare Metal
Project Tungsten: Bringing Spark Closer to Bare MetalDatabricks
 
Practical Elasticsearch - real world use cases
Practical Elasticsearch - real world use casesPractical Elasticsearch - real world use cases
Practical Elasticsearch - real world use casesItamar
 
ElasticSearch in action
ElasticSearch in actionElasticSearch in action
ElasticSearch in actionCodemotion
 
Airflow at lyft
Airflow at lyftAirflow at lyft
Airflow at lyftTao Feng
 
Introduction à ElasticSearch
Introduction à ElasticSearchIntroduction à ElasticSearch
Introduction à ElasticSearchFadel Chafai
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Introduction to Presto at Treasure Data
Introduction to Presto at Treasure DataIntroduction to Presto at Treasure Data
Introduction to Presto at Treasure DataTaro L. Saito
 

What's hot (20)

Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and Kibana
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
 
[Meetup] a successful migration from elastic search to clickhouse
[Meetup] a successful migration from elastic search to clickhouse[Meetup] a successful migration from elastic search to clickhouse
[Meetup] a successful migration from elastic search to clickhouse
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stack
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & Kibana
 
Introduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneIntroduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of Lucene
 
The Elastic ELK Stack
The Elastic ELK StackThe Elastic ELK Stack
The Elastic ELK Stack
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
 
ElasticSearch Basic Introduction
ElasticSearch Basic IntroductionElasticSearch Basic Introduction
ElasticSearch Basic Introduction
 
Project Tungsten: Bringing Spark Closer to Bare Metal
Project Tungsten: Bringing Spark Closer to Bare MetalProject Tungsten: Bringing Spark Closer to Bare Metal
Project Tungsten: Bringing Spark Closer to Bare Metal
 
Practical Elasticsearch - real world use cases
Practical Elasticsearch - real world use casesPractical Elasticsearch - real world use cases
Practical Elasticsearch - real world use cases
 
ElasticSearch in action
ElasticSearch in actionElasticSearch in action
ElasticSearch in action
 
Airflow at lyft
Airflow at lyftAirflow at lyft
Airflow at lyft
 
Introduction à ElasticSearch
Introduction à ElasticSearchIntroduction à ElasticSearch
Introduction à ElasticSearch
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnas
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
 
Introduction to Presto at Treasure Data
Introduction to Presto at Treasure DataIntroduction to Presto at Treasure Data
Introduction to Presto at Treasure Data
 

Similar to Logstash-Elasticsearch-Kibana

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Fluentd unified logging layer
Fluentd unified logging layerFluentd unified logging layer
Fluentd unified logging layerKiyoto Tamura
 
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...Databricks
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
Web program-peformance-optimization
Web program-peformance-optimizationWeb program-peformance-optimization
Web program-peformance-optimizationxiaojueqq12345
 
Keeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETLKeeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETLDatabricks
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeIan Robertson
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com琛琳 饶
 
Wprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache HadoopWprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache HadoopSages
 
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIsBig Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIsMatt Stubbs
 
Introduction to meta-programming in scala
Introduction to meta-programming in scalaIntroduction to meta-programming in scala
Introduction to meta-programming in scalaAlessandro Marrella
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Airat Khisamov
 

Similar to Logstash-Elasticsearch-Kibana (20)

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with Openstack
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
 
Fluentd unified logging layer
Fluentd unified logging layerFluentd unified logging layer
Fluentd unified logging layer
 
LogStash in action
LogStash in actionLogStash in action
LogStash in action
 
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
From HelloWorld to Configurable and Reusable Apache Spark Applications in Sca...
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
 
Web program-peformance-optimization
Web program-peformance-optimizationWeb program-peformance-optimization
Web program-peformance-optimization
 
Keeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETLKeeping Spark on Track: Productionizing Spark for ETL
Keeping Spark on Track: Productionizing Spark for ETL
 
Lambdas puzzler - Peter Lawrey
Lambdas puzzler - Peter LawreyLambdas puzzler - Peter Lawrey
Lambdas puzzler - Peter Lawrey
 
Lambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive CodeLambda Chops - Recipes for Simpler, More Expressive Code
Lambda Chops - Recipes for Simpler, More Expressive Code
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
 
Wprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache HadoopWprowadzenie do technologi Big Data i Apache Hadoop
Wprowadzenie do technologi Big Data i Apache Hadoop
 
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIsBig Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
Big Data LDN 2017: Processing Fast Data With Apache Spark: the Tale of Two APIs
 
Log Aggregation
Log AggregationLog Aggregation
Log Aggregation
 
Logs management
Logs managementLogs management
Logs management
 
Introduction to meta-programming in scala
Introduction to meta-programming in scalaIntroduction to meta-programming in scala
Introduction to meta-programming in scala
 
Rack Middleware
Rack MiddlewareRack Middleware
Rack Middleware
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
 

Recently uploaded

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Logstash-Elasticsearch-Kibana

  • 1. Logstash-Elasticsearch-Kibana How to manage logs E. Witthauer November 28, 2015
  • 4. Why logging • Debugging • Metrics • Monitoring
  • 5. Old style • Tail: ssh example.org > tail -f /var/log/some.log
  • 6. Old style • Tail: ssh example.org > tail -f /var/log/some.log • Tools for multiple les: like multitail
  • 7. Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions
  • 8. Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
  • 9. Old style • Tail: ssh example.org tail -f /var/log/some.log • Tools for multiple les: like multitail • Run command synchron in multiple ssh sessions But for more than one le/server or autmatic statistics:
  • 10. Better style Better all in one place with option to later analysis
  • 11. The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB)
  • 12. The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data
  • 13. The ELK-Stack E lasticsearch - Searchserver for indexing the data (NoSQL-DB) L ogstash - Log data processor for transform and lter the data K ibana - WebUI for data visualisation and analysis (node.js based)
  • 14. The infrastructure 1. Read the logs and put them into a Redis-DB 2. Read from Redis-DB, lter and put into Elasticsearch
  • 15. The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active
  • 16. The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second)
  • 17. The infrastructure Why 2 steps? • Logs will be read even if Elasticsearch is not active • Monitor Redis to see how many events are there (e.g. per second) • Check the event format if we have some index problems (e.g. wrong eld value or tag)
  • 19. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash
  • 20. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le
  • 21. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below)
  • 22. Setup Logstash • Install Java (1.9) • Download Logstash from https://www.elastic.co/downloads/logstash • Extract the zip le • Run it: bin/logstash -f logstash.conf (see cong le below) • Or install the deb package and run it
  • 23. Setup Redis • Install Redis from your repository system
  • 24. Setup Elasticsearch • Install Java (1.9) if not done yet
  • 25. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch
  • 26. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le
  • 27. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch
  • 28. Setup Elasticsearch • Install Java (1.9) if not done yet • Download Elasticsearch from https://www.elastic.co/downloads/elasticsearch • Extract the zip le • Run it: bin/elasticsearch • Or install the deb package and run it
  • 29. Setup Kibana • Install Java (1.9) if not done yet
  • 30. Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana
  • 31. Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le
  • 32. Setup Kibana • Install Java (1.9) if not done yet • Download Kibana from https://www.elastic.co/downloads/kibana • Extract the zip le • Open cong/kibana.yml in editor • Set the elasticsearch.url to point at your Elasticsearch instance (e.g. loclhost or 1270.0.1) • Run it: bin/kibana • Open url http://yourhost.com:5601
  • 33. Cong Shipper For the Shipper we create a cong le: 1 input { 2 f i l e { 3 path = / var / log / apache2 /∗ access ∗. log 4 s t a r t _ p o s i t i o n = beginning 5 type = apache 6 sincedb_path = / opt /. sincedb_apache_access 7 } 8 } 9 output { 10 r e d i s { 11 host = 1 2 7 . 0 . 0 . 1 12 data_type = l i s t 13 key = l o g s t a s h 14 } 15 }
  • 34. Cong Shipper explained input {...} Conguration for our input le {...} Species a le input (all apache access log les) path Path to our log les (regex) start_position We start reading the le from the beginning type adds a eld type with value apache to the output sincedb_path Path to the internal database that sores the last reading position in this le(s) output {...} Conguration for our ouput redis {...} Conguration for redis output host Redis host address data_type Specied that we store the events as a list in redis key Name of our redis list
  • 35. Cong Indexer For the Shipper we create a cong le: 1 input { 2 r e d i s { 3 host = 1 2 7 . 0 . 0 . 1 4 type = r e d i s −input 5 data_type = l i s t 6 key = l o g s t a s h 7 } 8 } 9 f i l t e r { 10 i f [ path ] =~ access { ANALYSE APACHE ACCESS } 11 e l s e i f [ path ] =~ e r r o r { ANALYSE APACHE ERROR } 12 e l s e i f [ type ] == s y s l o g { ANALYSE SYSLOG } 13 e l s e i f [ type ] == auth { ANALYSE AUTH LOG } 14 } 15 output { 16 e l a s t i c s e a r c h { } 17 }
  • 36. Cong Indexer explained input {...} Conguration for our input redis {...} Conguration for redis input host Redis host address type adds a eld type with value redis-list to the output data_type Specied that we store the events as a list in redis key Name of our redis list) lter {...} Our lter for the dierent events (syslog, apache error, apache access, auth) if path|type Separate lter congurations for our events (see later) output {...} Conguration for elasticsearch output elasticsearch{ } Default conguration for elasticsearch (localhost, no further conguration needed)
  • 37. Cong - Indexer Apache Access Filter The Apache Access Filter: 1 mutate { 2 r e p l a c e = { type = apache_access } 3 remove_tag = [ _ g r o k p a r s e f a i l u r e ] 4 remove_field = [ tags , tag , path ] 5 } 6 grok { 7 patterns_dir = / opt / grok_patterns 8 match = { message = %{VHOSTCOMBINEDAPACHELOG} } 9 } 10 date { 11 match = [ timestamp , dd/MMM/ yyyy :HH:mm: ss Z ] 12 } 13 geoip { 14 source = c l i e n t i p 15 } 16 useragent { 17 source = agent 18 }
  • 38. Cong - Indexer Apache Access Filter mutate {...} Change eld values replace Replace value of eld type with apache_access remove_tag List of tags to be removed remove_eld List of eld to be removed grok {...} Parese text and structure it pattern_dir Path to our pattern les, if we don't use the internal ones match Field and pattern for matching date {...} Analyse the timestamp eld geoip Analyse the eld clientip with geoip (city, region, ip, etc.) useragent Analyse the eld agent as browser user agent (OS, Major- and Minor-version browsername, etc.)
  • 39. Cong - Indexer Apache Error Filter The Apache Access Filter: 1 grok { 2 patterns_dir = / opt / grok_patterns 3 match = { message = %{APACHERERROR} } 4 } 5 m u l t i l i n e { 6 pattern = ^PHP b( Notice | Warning | Error | Fatal )b : 7 s o u r c e = errorMessage 8 what = next 9 } 10 m u l t i l i n e { 11 pattern = ^PHP[ ]{3 ,} d+. .∗ 12 s o u r c e = errorMessage 13 what = p r e v i o u s 14 } 15 mutate { 16 r e p l a c e = { type = apache_error } 17 r e p l a c e = { message = %{errorMessage } } 18 . . . 19 } 20 geoip { 21 s o u r c e = c l i e n t I p 22 } 23 i f [ request ] == / feed { 24 drop {} 25 }
  • 40. Cong - Indexer Apache Error Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching multiline{...} Detect if we have a multiline message pattern The detection pattern source The eld for detection what How to handle it (next =combine with next/previous message) mutate {...} Change eld values replace Replace value of eld type with apache_error and message with value of errorMessage geoip Analyse the eld clientip with geoip request if the eld request has the value /feed drop it, we don't need it anymore
  • 41. Cong - Indexer Syslog/Auth Filter The Apache Access Filter: 1 grok { 2 match = { message = %{SYSLOGT} } 3 add_field = [ received_at , %{@timestamp} ] 4 } 5 s y s l o g _ p r i { }}
  • 42. Cong - Indexer Syslog/Auth Filter grok {...} Parese text and structure it pattern_dir Path to our pattern les match Field and pattern for matching add_eld add an additional eld syslog_prio {...} Handle syslog priority levels
  • 43. Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch
  • 44. Conclusion • With these cong le and two running logstash instances we have the log in elasticsearch • Kibana can be used for graphs and analyses
  • 48. End That's all For more infos just search for Kibana, Logstash or Elasticsearch