SlideShare a Scribd company logo

Deep Dive- Log analytics with Amazon Elasticsearch Service - AWS Summit Tel Aviv 2017

Amazon Web Services
Amazon Web Services

Everything generates logs. Applications, infrastructure, security... everything. Keeping track of the flood of log data is a big challenge, yet critical to your ability to understand your systems and troubleshoot (or prevent) issues. In this session, we will use both Amazon CloudWatch and application logs to show you how to build an end-to-end log analytics solution. First, we cover how to configure an Amazon Elasticsearch Service domain and ingest data into it using Amazon Kinesis Firehose, demonstrating how easy it is to transform data with Firehose. We look at best practices for choosing instance types, storage options, shard counts, and index rotations based on the throughput of incoming data and configure a secure analytics environment. We demonstrate how to set up a Kibana dashboard and build custom dashboard widgets. Finally, we dive deep into the Elasticsearch query DSL and review approaches for generating custom, ad-hoc reports.

1 of 38
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kobi Biton, Solutions Architect, AWS Ronny Lehmann, CTO, Loom June 21, 2017 Operational Insights Out Of Your Logs Automate Track
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Why do we analyze logs? • Log analysis challenges and solution • Architecture patterns • Loom, AI log analysis • Summary and key takeaways What to expect from today
• Operational health, Identify service failures • Near real time Insights & alerts • Auto Recovery on failure • Historical Analysis, discover new Insights Why do we analyze logs?
• High volume, high velocity, scale • Multiple log sources / data structures • Act on log events as they enter the pipeline • What should we visualize? Log analysis challenges
Why do we do we a terabyte of logs?
{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::111122223333:user/moshe", "accountId":"111122223333", "userName": ”moshe" }, "eventTime": "2014-07-08T17:35:27Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion":"us-east-2", "sourceIPAddress": ”xxx.xxx.xxx.xxx", "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "errorMessage": "Failedauthentication", "requestParameters": null, "responseElements": { "ConsoleLogin": "Failure" }, "additionalEventData": { "MobileVersion": "No", "LoginTo":"https://console.aws.amazon.com/sns", "MFAUsed": "No" }, "eventID": "11ea990b-4678-4bcd-8fbe-62509088b7cf" } We want to turn this..
{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::111122223333:user/moshe", "accountId":"111122223333", "userName": ”moshe" }, "eventTime": "2014-07-08T17:35:27Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion":"us-east-2", "sourceIPAddress": ”xxx.xxx.xxx.xx", "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "errorMessage": "Failedauthentication", "requestParameters": null, "responseElements": { "ConsoleLogin": "Failure" }, "additionalEventData": { "MobileVersion": "No", "LoginTo":"https://console.aws.amazon.com/sns", "MFAUsed": "No" }, "eventID": "11ea990b-4678-4bcd-8fbe-62509088b7cf" } Into this…
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. And then visualize it
Log Sources
Infrastructure Log Sources • AWS CloudTrail • VPC flow logs • Amazon EC2 OS logs
• Amazon S3 bucket server access logs • Amazon Cloudfront access logs • Elastic Load Balancer access logs • Custom EC2 application logs (apache, tomcat) Application/Service log sources
Addressing the challenges
• Amazon EC2 / AWS Elastic Load Balancer • Amazon Kinesis Firehose • Amazon CloudWatch Logs • Amazon Elasticsearch Service • Amazon Simple Storage Service (Amazon S3) AWS Services to address the challenge
Amazon Kinesis Firehose Capture, transform, and load streaming data into Amazon Kinesis Analytics, Amazon S3, Amazon Redshift, and Amazon Elasticsearch Service, enabling near real-time analytics. It is a fully managed service that automatically scales to match the throughput of your data and requires no ongoing administration.
Amazon CloudWatch Logs CloudWatch Logs is a highly available, scalable, durable, and secure service to manage your operating system and application log files. It allows you to ingest, store, filter, search, and archive the logs.
Amazon Elasticsearch Service Amazon Elasticsearch Service is a cost-effective managed service that makes it easy to deploy, manage, and scale open source Elasticsearch for log analytics, full-text search and more.
Launching an Amazon Elasticsearch Cluster
Log Analysis architecture patterns
Amazon Elasticsearch Service Store, Analyze Kibana Visualize Amazon EC2 Collect, Batch Direct shipping via Logstash
Amazon Kinesis Firehose Capture,Transform,Batch,Ship Amazon Elasticsearch Service Store, Analyze Kibana Visualize Decouple using Kinesis Firehose Amazon EC2 Collect, Batch Kinesis Firehose Agent Built-In destination
Amazon Kinesis Firehose Capture,Transform,Batch,Ship Amazon Elasticsearch Service Store, Analyze Kibana Visualize Decouple using Kinesis Firehose Amazon EC2 Collect, Batch Kinesis Firehose Agent Built-In destination AWS Lambda Transform
Amazon Kinesis Firehose Capture,Transform,Batch,Ship Amazon Elasticsearch Service Store, Analyze Kibana Visualize Decouple using Kinesis Firehose Amazon EC2 Collect, Batch Kinesis Firehose Agent AWS Lambda Transform Amazon S3 Durable Long Term Storage Built-In destination
Decouple using S3 / CloudWatch Logs AWS Lambda Amazon S3 bucket CloudWatch Log Group ELB Logs CloudFront Access Logs VPC Flow Logs CloudTrail Amazon ES Metric Filter Amazon CloudWatch Alarm EC2 OS Logs
AWS Log Analysis Partner Eco-System
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ronny Lehmann, CTO June 21, 2017
Artificial Intelligence to Predict & Prevent Problems in your production environment
Easy with AWS: ✓ Collecting ✓ Storing ✓ Querying ✓ Visualizing What’s the Bottleneck? You are.
Structure & Contextualize Continuously Analyze Triage Fix Why so Manual?
Humans Good at Top-Down tasks • Deep reasoning • Contextual thinking • Tired • Bored • Lazy • Frustrated • Married • Real-time trend detection • Pattern Recognition • Large Dimensionality • Complex State • Strict Methodology Machines Superior at bottom-up tasks
“I’ve been hearing this for 20 years” Total Recall, a movie based on a book from 1966, featuring a self-driving car as science fiction. If Artificial-Intelligence has matured enough to drive your car, it can probably also help with your IT.
Metric Collectors Metrics 2.0 Log Collectors RSYSLOG Processing Analysis Alerting Receive Process Anomaly Detection Root Cause Analysis Insight
Sep 27 14:25:54 acme sshd[749]: WARN - Failed password for user ronny from 192.168.118.1 port 48278 ssh2 Recover the generating-pattern for the event: Automatically transform every event to a collection of metrics: Server megatron Histogram Service sshd Meter User ronny Meter source_IP 192.168.118.1 Meter Severity Warn Meter Keyword Failed Meter Pattern 16225 Meter Failed password for user [user] from [source_IP] port [source_port] ssh2
Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user dror from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user john from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user mike from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user orr from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user george from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user harris from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user paul from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user noam from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ringo from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user eli from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user keren from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user larissa from 192.168.118.1 port…
Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user dror from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user john from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user mike from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user orr from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user george from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user harris from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user paul from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user noam from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ringo from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user eli from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user keren from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user larissa from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… ronny is mentioned more than normal in the context of ssh failures The context of ssh failures is mentioned more than normal
Live Demo
Summary & Key Takeaways • Collect Logs • Define clear requirements • Learn and experiment Ø Open-Source tools and technologies Ø AWS Managed services Ø AWS Partner Eco-System
Useful Links • AWS Centralized logging solution https://aws.amazon.com/answers/logging/centralized-logging/ • Real-time Processing of Log Data with Subscriptions https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/ Subscriptions.html • Amazon Kinesis Firehose Data Transformation with AWS Lambda https://aws.amazon.com/blogs/compute/amazon-kinesis-firehose-data- transformation-with-aws-lambda/ • Elasticsearch 5.3 now available on Amazon Elasticsearch Service https://aws.amazon.com/about-aws/whats-new/2017/06/elasticsearch-5-3- now-available-on-amazon-elasticsearch-service/
Thank you

Recommended

Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...
Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...
Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
Amazon Web Services
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
Amazon Web Services
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
Amazon Web Services
 
Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017
Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017
Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017
Amazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
Amazon Web Services
 
AWS Workshop Series: Microsoft licensing and active directory on AWS
AWS Workshop Series: Microsoft licensing and active directory on AWSAWS Workshop Series: Microsoft licensing and active directory on AWS
AWS Workshop Series: Microsoft licensing and active directory on AWS
Amazon Web Services
 

Recommended

Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...
Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...
Operations and Security at Cloud Scale with Amazon EC2 System Manager - AWS S...
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
Amazon Web Services
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
Amazon Web Services
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
Amazon Web Services
 
Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017
Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017
Introducing AWS CodeStar and the AWS CI:CD workflow - AWS Summit Tel Aviv 2017
Amazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
Amazon Web Services
 
AWS Workshop Series: Microsoft licensing and active directory on AWS
AWS Workshop Series: Microsoft licensing and active directory on AWSAWS Workshop Series: Microsoft licensing and active directory on AWS
AWS Workshop Series: Microsoft licensing and active directory on AWS
Amazon Web Services
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - Toronto
Amazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
Amazon Web Services
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Amazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Amazon Web Services
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
Amazon Web Services
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
Amazon Web Services
 
Towards Full Stack Security
Towards Full Stack SecurityTowards Full Stack Security
Towards Full Stack Security
Amazon Web Services
 
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
Amazon Web Services
 
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
Amazon Web Services
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
Amazon Web Services
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
Amazon Web Services
 
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Amazon Web Services
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web Services
Amazon Web Services
 
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Amazon Web Services
 
Applying ML for Log Analysis
Applying ML for Log AnalysisApplying ML for Log Analysis
Applying ML for Log Analysis
DoiT International
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28
Amazon Web Services
 

More Related Content

What's hot

Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - Toronto
Amazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
Amazon Web Services
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Amazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Amazon Web Services
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
Amazon Web Services
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
Amazon Web Services
 
Towards Full Stack Security
Towards Full Stack SecurityTowards Full Stack Security
Towards Full Stack Security
Amazon Web Services
 
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
Amazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
Amazon Web Services
 
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
Amazon Web Services
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
Amazon Web Services
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
Amazon Web Services
 
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Amazon Web Services
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web Services
Amazon Web Services
 
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Amazon Web Services
 

What's hot (20)

Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - Toronto
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
 
Towards Full Stack Security
Towards Full Stack SecurityTowards Full Stack Security
Towards Full Stack Security
 
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
(SEC314) AWS for the Enterprise: Implementing Policy, Governance & Security
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
React Fast by Processing Streaming Data - AWS Summit Tel Aviv 2017
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
 
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web Services
 
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...
 

Similar to Deep Dive- Log analytics with Amazon Elasticsearch Service - AWS Summit Tel Aviv 2017

Applying ML for Log Analysis
Applying ML for Log AnalysisApplying ML for Log Analysis
Applying ML for Log Analysis
DoiT International
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28
Amazon Web Services
 
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
Amazon Web Services
 
Analyzing your web and application logs with the Amazon Elasticsearch Service...
Analyzing your web and application logs with the Amazon Elasticsearch Service...Analyzing your web and application logs with the Amazon Elasticsearch Service...
Analyzing your web and application logs with the Amazon Elasticsearch Service...
javier ramirez
 
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Amazon Web Services
 
Amazon Aurora
Amazon AuroraAmazon Aurora
Amazon Aurora
Amazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
Amazon Web Services
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
Amazon Web Services
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
Amazon Web Services
 
Managed Relational Databases
Managed Relational DatabasesManaged Relational Databases
Managed Relational Databases
Amazon Web Services
 
Workshop: Architecting a Serverless Data Lake
Workshop: Architecting a Serverless Data LakeWorkshop: Architecting a Serverless Data Lake
Workshop: Architecting a Serverless Data Lake
Amazon Web Services
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Amazon Web Services
 
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Amazon Web Services
 
Oracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle CloudOracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle Cloud
pasalapudi
 
STG401_This Is My Architecture
STG401_This Is My ArchitectureSTG401_This Is My Architecture
STG401_This Is My Architecture
Amazon Web Services
 
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Amazon Web Services
 
Managed Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDSManaged Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDS
Amazon Web Services
 
Building Secure Services using Containers
Building Secure Services using ContainersBuilding Secure Services using Containers
Building Secure Services using Containers
Amazon Web Services
 
利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統
Amazon Web Services
 

Similar to Deep Dive- Log analytics with Amazon Elasticsearch Service - AWS Summit Tel Aviv 2017 (20)

Applying ML for Log Analysis
Applying ML for Log AnalysisApplying ML for Log Analysis
Applying ML for Log Analysis
 
Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28Orchestrating containers on AWS | AWS Floor28
Orchestrating containers on AWS | AWS Floor28
 
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
 
Analyzing your web and application logs with the Amazon Elasticsearch Service...
Analyzing your web and application logs with the Amazon Elasticsearch Service...Analyzing your web and application logs with the Amazon Elasticsearch Service...
Analyzing your web and application logs with the Amazon Elasticsearch Service...
 
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
Analyzing your web and application logs with Cloudfront and ElasticSearch Ser...
 
Amazon Aurora
Amazon AuroraAmazon Aurora
Amazon Aurora
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
 
Managed Relational Databases
Managed Relational DatabasesManaged Relational Databases
Managed Relational Databases
 
Workshop: Architecting a Serverless Data Lake
Workshop: Architecting a Serverless Data LakeWorkshop: Architecting a Serverless Data Lake
Workshop: Architecting a Serverless Data Lake
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
 
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
Building Serverless Applications with Amazon DynamoDB & AWS Lambda - Workshop...
 
Oracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle CloudOracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle Cloud
 
STG401_This Is My Architecture
STG401_This Is My ArchitectureSTG401_This Is My Architecture
STG401_This Is My Architecture
 
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
 
Managed Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDSManaged Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDS
 
Building Secure Services using Containers
Building Secure Services using ContainersBuilding Secure Services using Containers
Building Secure Services using Containers
 
利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統利用 Fargate - 無伺服器的容器環境建置高可用的系統
利用 Fargate - 無伺服器的容器環境建置高可用的系統
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Deep Dive- Log analytics with Amazon Elasticsearch Service - AWS Summit Tel Aviv 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kobi Biton, Solutions Architect, AWS Ronny Lehmann, CTO, Loom June 21, 2017 Operational Insights Out Of Your Logs Automate Track
  • 2. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Why do we analyze logs? • Log analysis challenges and solution • Architecture patterns • Loom, AI log analysis • Summary and key takeaways What to expect from today
  • 3. • Operational health, Identify service failures • Near real time Insights & alerts • Auto Recovery on failure • Historical Analysis, discover new Insights Why do we analyze logs?
  • 4. • High volume, high velocity, scale • Multiple log sources / data structures • Act on log events as they enter the pipeline • What should we visualize? Log analysis challenges
  • 5. Why do we do we a terabyte of logs?
  • 6. { "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::111122223333:user/moshe", "accountId":"111122223333", "userName": ”moshe" }, "eventTime": "2014-07-08T17:35:27Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion":"us-east-2", "sourceIPAddress": ”xxx.xxx.xxx.xxx", "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "errorMessage": "Failedauthentication", "requestParameters": null, "responseElements": { "ConsoleLogin": "Failure" }, "additionalEventData": { "MobileVersion": "No", "LoginTo":"https://console.aws.amazon.com/sns", "MFAUsed": "No" }, "eventID": "11ea990b-4678-4bcd-8fbe-62509088b7cf" } We want to turn this..
  • 7. { "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "AIDACKCEVSQ6C2EXAMPLE", "arn":"arn:aws:iam::111122223333:user/moshe", "accountId":"111122223333", "userName": ”moshe" }, "eventTime": "2014-07-08T17:35:27Z", "eventSource": "signin.amazonaws.com", "eventName": "ConsoleLogin", "awsRegion":"us-east-2", "sourceIPAddress": ”xxx.xxx.xxx.xx", "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "errorMessage": "Failedauthentication", "requestParameters": null, "responseElements": { "ConsoleLogin": "Failure" }, "additionalEventData": { "MobileVersion": "No", "LoginTo":"https://console.aws.amazon.com/sns", "MFAUsed": "No" }, "eventID": "11ea990b-4678-4bcd-8fbe-62509088b7cf" } Into this…
  • 8. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. And then visualize it
  • 10. Infrastructure Log Sources • AWS CloudTrail • VPC flow logs • Amazon EC2 OS logs
  • 11. • Amazon S3 bucket server access logs • Amazon Cloudfront access logs • Elastic Load Balancer access logs • Custom EC2 application logs (apache, tomcat) Application/Service log sources
  • 13. • Amazon EC2 / AWS Elastic Load Balancer • Amazon Kinesis Firehose • Amazon CloudWatch Logs • Amazon Elasticsearch Service • Amazon Simple Storage Service (Amazon S3) AWS Services to address the challenge
  • 14. Amazon Kinesis Firehose Capture, transform, and load streaming data into Amazon Kinesis Analytics, Amazon S3, Amazon Redshift, and Amazon Elasticsearch Service, enabling near real-time analytics. It is a fully managed service that automatically scales to match the throughput of your data and requires no ongoing administration.
  • 15. Amazon CloudWatch Logs CloudWatch Logs is a highly available, scalable, durable, and secure service to manage your operating system and application log files. It allows you to ingest, store, filter, search, and archive the logs.
  • 16. Amazon Elasticsearch Service Amazon Elasticsearch Service is a cost-effective managed service that makes it easy to deploy, manage, and scale open source Elasticsearch for log analytics, full-text search and more.
  • 19. Amazon Elasticsearch Service Store, Analyze Kibana Visualize Amazon EC2 Collect, Batch Direct shipping via Logstash
  • 20. Amazon Kinesis Firehose Capture,Transform,Batch,Ship Amazon Elasticsearch Service Store, Analyze Kibana Visualize Decouple using Kinesis Firehose Amazon EC2 Collect, Batch Kinesis Firehose Agent Built-In destination
  • 21. Amazon Kinesis Firehose Capture,Transform,Batch,Ship Amazon Elasticsearch Service Store, Analyze Kibana Visualize Decouple using Kinesis Firehose Amazon EC2 Collect, Batch Kinesis Firehose Agent Built-In destination AWS Lambda Transform
  • 22. Amazon Kinesis Firehose Capture,Transform,Batch,Ship Amazon Elasticsearch Service Store, Analyze Kibana Visualize Decouple using Kinesis Firehose Amazon EC2 Collect, Batch Kinesis Firehose Agent AWS Lambda Transform Amazon S3 Durable Long Term Storage Built-In destination
  • 23. Decouple using S3 / CloudWatch Logs AWS Lambda Amazon S3 bucket CloudWatch Log Group ELB Logs CloudFront Access Logs VPC Flow Logs CloudTrail Amazon ES Metric Filter Amazon CloudWatch Alarm EC2 OS Logs
  • 24. AWS Log Analysis Partner Eco-System
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ronny Lehmann, CTO June 21, 2017
  • 27. Easy with AWS: ✓ Collecting ✓ Storing ✓ Querying ✓ Visualizing What’s the Bottleneck? You are.
  • 28. Structure & Contextualize Continuously Analyze Triage Fix Why so Manual?
  • 29. Humans Good at Top-Down tasks • Deep reasoning • Contextual thinking • Tired • Bored • Lazy • Frustrated • Married • Real-time trend detection • Pattern Recognition • Large Dimensionality • Complex State • Strict Methodology Machines Superior at bottom-up tasks
  • 30. “I’ve been hearing this for 20 years” Total Recall, a movie based on a book from 1966, featuring a self-driving car as science fiction. If Artificial-Intelligence has matured enough to drive your car, it can probably also help with your IT.
  • 32. Sep 27 14:25:54 acme sshd[749]: WARN - Failed password for user ronny from 192.168.118.1 port 48278 ssh2 Recover the generating-pattern for the event: Automatically transform every event to a collection of metrics: Server megatron Histogram Service sshd Meter User ronny Meter source_IP 192.168.118.1 Meter Severity Warn Meter Keyword Failed Meter Pattern 16225 Meter Failed password for user [user] from [source_IP] port [source_port] ssh2
  • 33. Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user dror from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user john from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user mike from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user orr from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user george from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user harris from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user paul from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user noam from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ringo from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user eli from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user keren from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user larissa from 192.168.118.1 port…
  • 34. Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user dror from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user john from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user mike from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user orr from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user george from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user harris from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user paul from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user noam from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ringo from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user eli from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user keren from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user larissa from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… ronny is mentioned more than normal in the context of ssh failures The context of ssh failures is mentioned more than normal
  • 36. Summary & Key Takeaways • Collect Logs • Define clear requirements • Learn and experiment Ø Open-Source tools and technologies Ø AWS Managed services Ø AWS Partner Eco-System
  • 37. Useful Links • AWS Centralized logging solution https://aws.amazon.com/answers/logging/centralized-logging/ • Real-time Processing of Log Data with Subscriptions https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/ Subscriptions.html • Amazon Kinesis Firehose Data Transformation with AWS Lambda https://aws.amazon.com/blogs/compute/amazon-kinesis-firehose-data- transformation-with-aws-lambda/ • Elasticsearch 5.3 now available on Amazon Elasticsearch Service https://aws.amazon.com/about-aws/whats-new/2017/06/elasticsearch-5-3- now-available-on-amazon-elasticsearch-service/