HB
Uploaded byHuynh Thai Bao
PPTX, PDF35 views

ELK - Optimizations & Updates

This document discusses optimizations and updates to ELK logging in 2021. It covers the importance of logging, motivations for changes to improve logging, benefits to developers, and an overview of the multi-cluster logging architecture. Key points include faster log searches by indexing logs from different environments separately, automatic log shipping setup, cleaner log formats, and enabling log correlation and conversion to metrics. The logging flow involves Filebeat selecting logs and metadata, Logstash parsing and aggregating logs, Elasticsearch storing logs in indices, and Kibana for visualization and analysis.

Embed presentation

Download to read offline
ELK Logging Optimizations & Updates for 2021 Bao Huynh Site Reliability Engineer 29-Dec-2020 1
Private & Confidential 2 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
Private & Confidential 3 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
4 1. Logging – the crucial part !
5 1. Logging – the crucial part !
6 1. Logging – the crucial part ! Clearly states that: - Applications should not attempt to write to / manage logsfiles - Instead, each running process writes its event stream  STDOUT - During “local development”: observe on the terminal - During “staging/production”: Capture & collected by agents. Then, routed to one final destination for viewing & long-term archival.
7 1. Logging – the crucial part !
Private & Confidential 8 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
9 2. Motivation for changes - Could not ship log for external helm-chart services (ingress-nginx, redis, es,..) - Developers have to add “additional fields” (svc + env) in their log lines - Once search, it goes through all indices (logstash-*) to find matching => longer result return - Hard to scale with multi-cluster architecture
Private & Confidential 10 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
11 3. How changes benefit developers 3.1 Faster lookup/search log pattern - Logs from *different env/ns* is allocated into *different indices*
12 3. How changes benefit developers 3.2 Dev do what to get log shipping ? - Kibana.vndev.shopee.vn - Everything is ready for you
13 3. How changes benefit developers 3.3 Fresher, cleaner & better log format - Remove unneccessary fields - Compact fields: + services_.* (metadata related to your application) + ingress_nginx.* (metadata related to client requests)
14 3. How changes benefit developers 3.4 Your log is the “real” log - Include more filters - No more trash logs
15 3. How changes benefit developers 3.5 Enable Cross function/team log correlation checking - BE can check logs from FE/SRE if suspects issues from their side - Remove the dependency between teams for error checking
16 3. How changes benefit developers 3.5 Enable Logs2Metrics capability
Private & Confidential 17 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
18 4. Multi-cluster logging architecture 4.1 Logging basic
19 4. Multi-cluster logging architecture 4.1 Logging basic Filebeat: - Select messages for shipping (/var/logs/container/*.log) - Select fields for shipping along with msg (kubernetes.namespace/imageVersion,…) - Enrich msg with additional metadata (env, service_name, rename fields) - Message processing AMAP to reduce workload for Logstash Logstash: - Drop more fields that can not removed at Filebeat level - Using built-in module to parse specific log type (NGINX log) - Log aggregator & sent to Elasticsearch for storage ElasticSearch: - Messages allocated to indices - Index retention by ILM (Index Lifecyle Management) Kibana: - Visualization & Analysis
20 4. Multi-cluster logging architecture 4.2 Logging at Scale (multi-cluster architecture)
Private & Confidential 21 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
22 5. Usages & Notes - Deploy fresh service - Observe how log shipping - Enjoy reading logs in Kibana
Private & Confidential 23 THANKS FOR YOUR ATTENTION

More Related Content

PPTX
K8s-zero-downtime-the-missing-part
byHuynh Thai Bao
 
PPTX
CICD pipelines with GitOps
byHuynh Thai Bao
 
PDF
Enabling GitOps - Architecture for Implementation
byHuynh Thai Bao
 
PDF
Shaker
byIlya Shakhat
 
PPTX
Neutron upgrades strategy
byVictor Morales
 
PDF
Kubernetes-native or not? When should you ditch your traditional CI/CD server...
byRed Hat Developers
 
PPTX
Support of containerized workloads in ONAP
byVictor Morales
 
PDF
GitOps Toolkit (Cloud Native Nordics Tech Talk)
byWeaveworks
 
K8s-zero-downtime-the-missing-part
byHuynh Thai Bao
 
CICD pipelines with GitOps
byHuynh Thai Bao
 
Enabling GitOps - Architecture for Implementation
byHuynh Thai Bao
 
Shaker
byIlya Shakhat
 
Neutron upgrades strategy
byVictor Morales
 
Kubernetes-native or not? When should you ditch your traditional CI/CD server...
byRed Hat Developers
 
Support of containerized workloads in ONAP
byVictor Morales
 
GitOps Toolkit (Cloud Native Nordics Tech Talk)
byWeaveworks
 

What's hot

PPTX
Why observability matters - now and in the future (w/guest Grafana)
byWeaveworks
 
PDF
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
byConSol Consulting & Solutions Software GmbH
 
PDF
Git ops: Git based application deployment patterns for Kubernetes
byShahidh K Muhammed
 
PDF
DevOps Fest 2020. Дмитрий Кудрявцев. Реализация GitOps на Kubernetes. ArgoCD
byDevOps_Fest
 
PDF
GitOps for Helm Users by Scott Rigby
byWeaveworks
 
PDF
Quarkus: From developer joy to Kubernetes nirvana! | DevNation Tech Talk
byRed Hat Developers
 
PDF
Monitoring Cockpit for OpenShift Clusters
byConSol Consulting & Solutions Software GmbH
 
PPTX
Git overview
byGowarthini
 
PDF
Operator development made easy with helm
byConSol Consulting & Solutions Software GmbH
 
PPTX
Meetup 23 - 03 - Application Delivery on K8S with GitOps
byVietnam Open Infrastructure User Group
 
PDF
The Power of GitOps with Flux & GitOps Toolkit
byWeaveworks
 
PDF
Best Practices for Microservice CI/CD: Lessons from Expedia and Codefresh
byCodefresh
 
PPTX
Kubernetes based Cloud-region support in ONAP to bring up VM and container ba...
byVictor Morales
 
PDF
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
bySunnyvale
 
PDF
Kubernetes Logging
byDenys Havrysh
 
PDF
Remote debugging of Application in Kubernetes
byConSol Consulting & Solutions Software GmbH
 
PPTX
Continious integration pipeline
byGomathiNayagam S
 
PPTX
GitOps w/argocd
byJean-Philippe Bélanger
 
PDF
Android and Hard Real Time
byAkshar Desai
 
PPTX
GitOps - Modern best practices for high velocity app dev using cloud native t...
byWeaveworks
 
Why observability matters - now and in the future (w/guest Grafana)
byWeaveworks
 
"Using Automation Tools To Deploy And Operate Applications In Real World Scen...
byConSol Consulting & Solutions Software GmbH
 
Git ops: Git based application deployment patterns for Kubernetes
byShahidh K Muhammed
 
DevOps Fest 2020. Дмитрий Кудрявцев. Реализация GitOps на Kubernetes. ArgoCD
byDevOps_Fest
 
GitOps for Helm Users by Scott Rigby
byWeaveworks
 
Quarkus: From developer joy to Kubernetes nirvana! | DevNation Tech Talk
byRed Hat Developers
 
Monitoring Cockpit for OpenShift Clusters
byConSol Consulting & Solutions Software GmbH
 
Git overview
byGowarthini
 
Operator development made easy with helm
byConSol Consulting & Solutions Software GmbH
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
byVietnam Open Infrastructure User Group
 
The Power of GitOps with Flux & GitOps Toolkit
byWeaveworks
 
Best Practices for Microservice CI/CD: Lessons from Expedia and Codefresh
byCodefresh
 
Kubernetes based Cloud-region support in ONAP to bring up VM and container ba...
byVictor Morales
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
bySunnyvale
 
Kubernetes Logging
byDenys Havrysh
 
Remote debugging of Application in Kubernetes
byConSol Consulting & Solutions Software GmbH
 
Continious integration pipeline
byGomathiNayagam S
 
GitOps w/argocd
byJean-Philippe Bélanger
 
Android and Hard Real Time
byAkshar Desai
 
GitOps - Modern best practices for high velocity app dev using cloud native t...
byWeaveworks
 

Similar to ELK - Optimizations & Updates

PDF
Javantura v3 - ELK – Big Data for DevOps – Maarten Mulders
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Eko10 - Security Monitoring for Big Infrastructures without a Million Dollar ...
byHernan Costante
 
PPTX
Introduction to AirWave 10
byAruba, a Hewlett Packard Enterprise company
 
PPTX
Introduction to Monitoring Tools for DevOps
byPuneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
PPTX
Introduction to Monitoring Tools for DevOps
byPuneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
PDF
Achieving cyber mission assurance with near real-time impact
byElasticsearch
 
PDF
Migrating the elastic stack to the cloud, or application logging @ travix
byRuslan Lutsenko
 
PDF
Logging in The World of DevOps
byDevOps Indonesia
 
PPTX
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
PDF
Technology behind-real-time-log-analytics
byData Science Thailand
 
ODP
Using Logstash, elasticsearch & kibana
byAlejandro E Brito Monedero
 
PDF
ELK stack introduction
byabenyeung1
 
PDF
Online Meetup #3 - Solo.io, Tidepool, Weaveworks, Buoyant
bySolo.io
 
PDF
Centralized logging in a changing environment at the UK’s DVLA
byElasticsearch
 
KEY
London devops logging
byTomas Doran
 
PDF
Logstash tutorial
byHarikaReddy115
 
PDF
Combining Logs, Metrics, and Traces for Unified Observability
byElasticsearch
 
PDF
Security Monitoring for big Infrastructures without a Million Dollar budget
byJuan Berner
 
PDF
2015 03-16-elk at-bsides
byJeremy Cohoe
 
PDF
DNUG46 - Build your own private Cloud environment
bypanagenda
 
Javantura v3 - ELK – Big Data for DevOps – Maarten Mulders
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Eko10 - Security Monitoring for Big Infrastructures without a Million Dollar ...
byHernan Costante
 
Introduction to AirWave 10
byAruba, a Hewlett Packard Enterprise company
 
Introduction to Monitoring Tools for DevOps
byPuneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
Introduction to Monitoring Tools for DevOps
byPuneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
Achieving cyber mission assurance with near real-time impact
byElasticsearch
 
Migrating the elastic stack to the cloud, or application logging @ travix
byRuslan Lutsenko
 
Logging in The World of DevOps
byDevOps Indonesia
 
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
Technology behind-real-time-log-analytics
byData Science Thailand
 
Using Logstash, elasticsearch & kibana
byAlejandro E Brito Monedero
 
ELK stack introduction
byabenyeung1
 
Online Meetup #3 - Solo.io, Tidepool, Weaveworks, Buoyant
bySolo.io
 
Centralized logging in a changing environment at the UK’s DVLA
byElasticsearch
 
London devops logging
byTomas Doran
 
Logstash tutorial
byHarikaReddy115
 
Combining Logs, Metrics, and Traces for Unified Observability
byElasticsearch
 
Security Monitoring for big Infrastructures without a Million Dollar budget
byJuan Berner
 
2015 03-16-elk at-bsides
byJeremy Cohoe
 
DNUG46 - Build your own private Cloud environment
bypanagenda
 

More from Huynh Thai Bao

PPTX
Service Mesh 101 - Digging into your service
byHuynh Thai Bao
 
PPTX
K8s Webhook Admission
byHuynh Thai Bao
 
PPTX
Cassandra - decentralized structured database
byHuynh Thai Bao
 
PPTX
Skaffold - faster development on K8S
byHuynh Thai Bao
 
PDF
Kubernetes - A Rising Hero
byHuynh Thai Bao
 
PDF
Vault - Enhancement for K8S secret security
byHuynh Thai Bao
 
PDF
GCP Best Practices for SRE Team
byHuynh Thai Bao
 
Service Mesh 101 - Digging into your service
byHuynh Thai Bao
 
K8s Webhook Admission
byHuynh Thai Bao
 
Cassandra - decentralized structured database
byHuynh Thai Bao
 
Skaffold - faster development on K8S
byHuynh Thai Bao
 
Kubernetes - A Rising Hero
byHuynh Thai Bao
 
Vault - Enhancement for K8S secret security
byHuynh Thai Bao
 
GCP Best Practices for SRE Team
byHuynh Thai Bao
 

Recently uploaded

PPTX
Plant Performance Strategies: Enhanced Reliability & Operational Efficiency w...
byMaintWiz Technologies Private Limited
 
PDF
Structural Conservation Appraisal of Indian Monuments Preserving India’s Arch...
byAman Kumar Singh
 
PPTX
MECCA Empire – Hotel Shuttle System for the 2026 FIFA World Cup
byay2432
 
PPTX
Vertical turbine pump explains installed in power plants
bysadanandyadav25
 
PDF
Handheld_Laser_Welding_Presentation 2.pdf
bysinezioveluz
 
PDF
Basic Engineering mechanical handwriting notes
byShubhUpadhyay7
 
PPTX
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
PDF
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
PPTX
Preventive Maintenance Program for Compressors – Complete Guide
byMaintWiz Technologies Private Limited
 
PPTX
علي نفط.pptx هندسة النفط هندسة النفط والغاز
byengpe23e27
 
PDF
Basic Control system for oin and gas PART1.pdf
bymohamedelnikeb
 
PPTX
TPM Metrics & Measurement: Drive Performance Excellence with TPM | MaintWiz
byMaintWiz Technologies Private Limited
 
PPTX
How to Select the Right CMMS Software for Your Organization — A Complete Buye...
byMaintWiz Technologies Private Limited
 
PPTX
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
PPTX
Introduction Blockchains and Smart Contracts
bybobinson
 
PPTX
Cloud vs On-Premises CMMS — Which Maintenance Platform Is Better for Your Plant?
byMaintWiz Technologies Private Limited
 
PPTX
Role of In Vitro and In Vivo Testing biomedical engineering
bymarisudha1
 
PPTX
Revolutionizing Facilities Management with MaintWiz — AI CMMS for Smart FMaaS
byMaintWiz Technologies Private Limited
 
PPTX
Power point presentation on introduction of software engineering
bys6050748
 
PDF
IPEC Presentation - Partial discharge Pro .pdf
bywaely1983
 
Plant Performance Strategies: Enhanced Reliability & Operational Efficiency w...
byMaintWiz Technologies Private Limited
 
Structural Conservation Appraisal of Indian Monuments Preserving India’s Arch...
byAman Kumar Singh
 
MECCA Empire – Hotel Shuttle System for the 2026 FIFA World Cup
byay2432
 
Vertical turbine pump explains installed in power plants
bysadanandyadav25
 
Handheld_Laser_Welding_Presentation 2.pdf
bysinezioveluz
 
Basic Engineering mechanical handwriting notes
byShubhUpadhyay7
 
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
Preventive Maintenance Program for Compressors – Complete Guide
byMaintWiz Technologies Private Limited
 
علي نفط.pptx هندسة النفط هندسة النفط والغاز
byengpe23e27
 
Basic Control system for oin and gas PART1.pdf
bymohamedelnikeb
 
TPM Metrics & Measurement: Drive Performance Excellence with TPM | MaintWiz
byMaintWiz Technologies Private Limited
 
How to Select the Right CMMS Software for Your Organization — A Complete Buye...
byMaintWiz Technologies Private Limited
 
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
Introduction Blockchains and Smart Contracts
bybobinson
 
Cloud vs On-Premises CMMS — Which Maintenance Platform Is Better for Your Plant?
byMaintWiz Technologies Private Limited
 
Role of In Vitro and In Vivo Testing biomedical engineering
bymarisudha1
 
Revolutionizing Facilities Management with MaintWiz — AI CMMS for Smart FMaaS
byMaintWiz Technologies Private Limited
 
Power point presentation on introduction of software engineering
bys6050748
 
IPEC Presentation - Partial discharge Pro .pdf
bywaely1983
 

ELK - Optimizations & Updates

  • 1.
    ELK Logging Optimizations &Updates for 2021 Bao Huynh Site Reliability Engineer 29-Dec-2020 1
  • 2.
    Private & Confidential2 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
  • 3.
    Private & Confidential3 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
  • 4.
    4 1. Logging –the crucial part !
  • 5.
    5 1. Logging –the crucial part !
  • 6.
    6 1. Logging –the crucial part ! Clearly states that: - Applications should not attempt to write to / manage logsfiles - Instead, each running process writes its event stream  STDOUT - During “local development”: observe on the terminal - During “staging/production”: Capture & collected by agents. Then, routed to one final destination for viewing & long-term archival.
  • 7.
    7 1. Logging –the crucial part !
  • 8.
    Private & Confidential8 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
  • 9.
    9 2. Motivation forchanges - Could not ship log for external helm-chart services (ingress-nginx, redis, es,..) - Developers have to add “additional fields” (svc + env) in their log lines - Once search, it goes through all indices (logstash-*) to find matching => longer result return - Hard to scale with multi-cluster architecture
  • 10.
    Private & Confidential10 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
  • 11.
    11 3. How changesbenefit developers 3.1 Faster lookup/search log pattern - Logs from *different env/ns* is allocated into *different indices*
  • 12.
    12 3. How changesbenefit developers 3.2 Dev do what to get log shipping ? - Kibana.vndev.shopee.vn - Everything is ready for you
  • 13.
    13 3. How changesbenefit developers 3.3 Fresher, cleaner & better log format - Remove unneccessary fields - Compact fields: + services_.* (metadata related to your application) + ingress_nginx.* (metadata related to client requests)
  • 14.
    14 3. How changesbenefit developers 3.4 Your log is the “real” log - Include more filters - No more trash logs
  • 15.
    15 3. How changesbenefit developers 3.5 Enable Cross function/team log correlation checking - BE can check logs from FE/SRE if suspects issues from their side - Remove the dependency between teams for error checking
  • 16.
    16 3. How changesbenefit developers 3.5 Enable Logs2Metrics capability
  • 17.
    Private & Confidential17 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
  • 18.
    18 4. Multi-cluster loggingarchitecture 4.1 Logging basic
  • 19.
    19 4. Multi-cluster loggingarchitecture 4.1 Logging basic Filebeat: - Select messages for shipping (/var/logs/container/*.log) - Select fields for shipping along with msg (kubernetes.namespace/imageVersion,…) - Enrich msg with additional metadata (env, service_name, rename fields) - Message processing AMAP to reduce workload for Logstash Logstash: - Drop more fields that can not removed at Filebeat level - Using built-in module to parse specific log type (NGINX log) - Log aggregator & sent to Elasticsearch for storage ElasticSearch: - Messages allocated to indices - Index retention by ILM (Index Lifecyle Management) Kibana: - Visualization & Analysis
  • 20.
    20 4. Multi-cluster loggingarchitecture 4.2 Logging at Scale (multi-cluster architecture)
  • 21.
    Private & Confidential21 AGENDA 1. Logging - the crucial part ! 2. Motivation for changes 3. How changes benefit developers 4. Multi-cluster logging architecture 5. Usages & Notes
  • 22.
    22 5. Usages &Notes - Deploy fresh service - Observe how log shipping - Enjoy reading logs in Kibana
  • 23.
    Private & Confidential23 THANKS FOR YOUR ATTENTION