ML
Uploaded bymelvin louwerse
206 views

Anaysing your logs with docker and elk

This document provides instructions for analyzing logs with the ELK stack using Docker. It discusses importing log data, using filters like date and grok patterns to parse logs, deduplicating entries, enriching data with plugins like useragent and geoip, and generating graphs from the analyzed data. The Docker ELK repository on GitHub contains a docker-compose file to quickly get started with log analysis using Docker.

Embed presentation

Download to read offline
Analysing your logs with ELK stack & Docker
Intro 2
Do it yourself
Dockerhub elk Docker hub
https://github.com/deviantony/docker-elk dockercompose Docker ELK repo
Importing data is as simple as Getting started $ nc localhost 5000 < /path/to/logfile.log
Wrong date However ..
filter { date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } } Filters
Rerun
Enter grok grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }
Grok patterns https://github.com/elastic/logstash/blob/v1.4.2/patterns/grok-patterns
Own Grok patterns Directory: Patterns filter { grok { patterns_dir => ["./patterns"] match => { "message" => "%{SYSLOGBASE} %{POSTFIX_QUEUEID:queue_id}: %{GREEDYDATA:syslog_message}" } } } contents of ./patterns/postfix: POSTFIX_QUEUEID [0-9A-F]{10,11}
Duplicates fingerprint { source => ["message"] concatenate_sources => true method => "SHA1" target => "fingerprint" key => "17272737" } output { elasticsearch { hosts => "elasticsearch:9200" document_id => "%{fingerprint}" } }
Agents if [agent] != "-" and [agent] != "" { useragent { add_tag => [ "UA" ] source => "agent" } } if "UA" in [tags] { if [device] == "Other" { mutate { remove_field => "device" } } if [name] == "Other" { mutate { remove_field => "name" } } if [os] == "Other" { mutate { remove_field => "os" } } }
Geo ip geoip { source => "clientip" target => "geoip" database => "/etc/logstash/GeoLiteCity.mmdb" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float"] }
Graphs
Questions?

More Related Content

ODP
Using Logstash, elasticsearch & kibana
byAlejandro E Brito Monedero
 
PDF
Quicli - From zero to a full CLI application in a few lines of Rust
byDamien Castelltort
 
PPTX
Introduction tomongodb
byLee Theobald
 
PDF
React native-firebase startup-mtup
byt k
 
PPTX
Deep Dumpster Diving
byRonnBlack
 
PDF
Swift Sequences & Collections
byCocoaHeads France
 
PDF
Rntb20200805
byt k
 
PDF
Textile
byVanessa Lošić
 
Using Logstash, elasticsearch & kibana
byAlejandro E Brito Monedero
 
Quicli - From zero to a full CLI application in a few lines of Rust
byDamien Castelltort
 
Introduction tomongodb
byLee Theobald
 
React native-firebase startup-mtup
byt k
 
Deep Dumpster Diving
byRonnBlack
 
Swift Sequences & Collections
byCocoaHeads France
 
Rntb20200805
byt k
 
Textile
byVanessa Lošić
 

What's hot

PDF
Introduction to reactive programming & ReactiveCocoa
byFlorent Pillet
 
PDF
Finch.io - Purely Functional REST API with Finagle
byVladimir Kostyukov
 
PDF
Using akka streams to access s3 objects
byMikhail Girkin
 
PPTX
Using Cerberus and PySpark to validate semi-structured datasets
byBartosz Konieczny
 
PPTX
Retrofit Technology Overview by Cumulations Technologies
byCumulations Technologies
 
PPTX
Life of an Fluentd event
byKiyoto Tamura
 
PDF
Groovy and Grails talk
bydesistartups
 
PDF
Gaelyk
byKazuchika Sekiya
 
PPT
Lewis Chiu Portfolio
byLewisChiu
 
PDF
G*なクラウド ~雲のかなたに~
byTsuyoshi Yamamoto
 
DOCX
Git setuplinux
byShubham Verma
 
ZIP
iPhone and Rails integration
byPaul Ardeleanu
 
PDF
G* on GAE/J 挑戦編
byTsuyoshi Yamamoto
 
PPTX
NodeJs
byOrkhan Muradov
 
PPTX
HItchhickers Guide to TypeScript
bythebeebs
 
PDF
ActiveRecord Query Interface
bymrsellars
 
PDF
Reactive Programming Patterns with RxSwift
byFlorent Pillet
 
PPT
Network programming1
bySoham Sengupta
 
PDF
Async Microservices with Twitter's Finagle
byVladimir Kostyukov
 
PPTX
How to scraping content from web for location-based mobile app.
byDiep Nguyen
 
Introduction to reactive programming & ReactiveCocoa
byFlorent Pillet
 
Finch.io - Purely Functional REST API with Finagle
byVladimir Kostyukov
 
Using akka streams to access s3 objects
byMikhail Girkin
 
Using Cerberus and PySpark to validate semi-structured datasets
byBartosz Konieczny
 
Retrofit Technology Overview by Cumulations Technologies
byCumulations Technologies
 
Life of an Fluentd event
byKiyoto Tamura
 
Groovy and Grails talk
bydesistartups
 
Gaelyk
byKazuchika Sekiya
 
Lewis Chiu Portfolio
byLewisChiu
 
G*なクラウド ~雲のかなたに~
byTsuyoshi Yamamoto
 
Git setuplinux
byShubham Verma
 
iPhone and Rails integration
byPaul Ardeleanu
 
G* on GAE/J 挑戦編
byTsuyoshi Yamamoto
 
NodeJs
byOrkhan Muradov
 
HItchhickers Guide to TypeScript
bythebeebs
 
ActiveRecord Query Interface
bymrsellars
 
Reactive Programming Patterns with RxSwift
byFlorent Pillet
 
Network programming1
bySoham Sengupta
 
Async Microservices with Twitter's Finagle
byVladimir Kostyukov
 
How to scraping content from web for location-based mobile app.
byDiep Nguyen
 

Similar to Anaysing your logs with docker and elk

PDF
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
PDF
ELK, a real case study
byPaolo Tonin
 
PDF
ELK: a log management framework
byGiovanni Bechis
 
PPTX
Elk stack
byJilles van Gurp
 
PPTX
Machine Learning and Logging for Monitoring Microservices
byDaniel Berman
 
PDF
Application Logging With The ELK Stack
bybenwaine
 
PPT
Learn ELK in docker
byLarry Cai
 
PPTX
Introduction to ELK
byHarshakumar Ummerpillai
 
PPTX
Centralised logging with ELK stack
bySimon Hanmer
 
PPTX
Shipping your logs to elk from mule app/cloudhub part 1
byAlex Fernandez
 
PDF
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
PPTX
Elk with Openstack
byArun prasath
 
PPTX
Monitoring Docker with ELK
byDaniel Berman
 
PDF
Elk devops
byIdeato
 
PDF
Elk for applications on k8s
byChe-Chia Chang
 
PDF
Logging in dockerized environment
byYury Bushmelev
 
PDF
Javantura v3 - Logs – the missing gold mine – Franjo Žilić
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
byStartit
 
PDF
2.ELK.pdf
byAgusNursidik
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
ELK, a real case study
byPaolo Tonin
 
ELK: a log management framework
byGiovanni Bechis
 
Elk stack
byJilles van Gurp
 
Machine Learning and Logging for Monitoring Microservices
byDaniel Berman
 
Application Logging With The ELK Stack
bybenwaine
 
Learn ELK in docker
byLarry Cai
 
Introduction to ELK
byHarshakumar Ummerpillai
 
Centralised logging with ELK stack
bySimon Hanmer
 
Shipping your logs to elk from mule app/cloudhub part 1
byAlex Fernandez
 
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
Elk with Openstack
byArun prasath
 
Monitoring Docker with ELK
byDaniel Berman
 
Elk devops
byIdeato
 
Elk for applications on k8s
byChe-Chia Chang
 
Logging in dockerized environment
byYury Bushmelev
 
Javantura v3 - Logs – the missing gold mine – Franjo Žilić
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
byStartit
 
2.ELK.pdf
byAgusNursidik
 

Recently uploaded

PDF
The Guide on how to pray the rosary and the mysteries.pdf
byGianneCarloIway
 
PPTX
Universidad Internacional Villanueva Transcripts
bynxv6x4gd42
 
PDF
Meta (Facebook) Extracts Hundreds of Billions of Wealth from European Citizens
byJulieMeyer42
 
PPTX
Cloud Computing ppt - SP.pptx by ankit kumar gurjar
byankitingame
 
PDF
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
PDF
Oracle Services Company in Riyadh - Grey Space Computing
byseoconsultantandy
 
PDF
Why Some Online Profiles Cannot Be Found in Search Results
bySocial Searcher
 
PPTX
7G (7th generation of technology) seminar presentation
bymitalijally6
 
PDF
Guide: Essential Google Search Operators
bySocial Searcher
 
PPT
The Digital Opportunities Taskforce: How to Govern the Internet
byJeffrey Hart
 
The Guide on how to pray the rosary and the mysteries.pdf
byGianneCarloIway
 
Universidad Internacional Villanueva Transcripts
bynxv6x4gd42
 
Meta (Facebook) Extracts Hundreds of Billions of Wealth from European Citizens
byJulieMeyer42
 
Cloud Computing ppt - SP.pptx by ankit kumar gurjar
byankitingame
 
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
Oracle Services Company in Riyadh - Grey Space Computing
byseoconsultantandy
 
Why Some Online Profiles Cannot Be Found in Search Results
bySocial Searcher
 
7G (7th generation of technology) seminar presentation
bymitalijally6
 
Guide: Essential Google Search Operators
bySocial Searcher
 
The Digital Opportunities Taskforce: How to Govern the Internet
byJeffrey Hart
 

Anaysing your logs with docker and elk