GH
Uploaded byGuillermo Carrasco Hernández
PDF, PPTX942 views

Elk scilifelab

The document discusses the importance and utilization of logs within logging systems, specifically focusing on the ELK stack (Elasticsearch, Logstash, and Kibana). It highlights how logs, often seen as mere files, are essential time-oriented streams that provide real-time insights into system operations and issues. The document emphasizes the common difficulties in log management, including log formatting differences and the risks of neglecting log monitoring, while advocating for the use of the ELK stack to streamline log data processing and visualization.

Embed presentation

Download as PDF, PPTX
ELK Stack Because logs are not meant to go to /dev/null Guillermo Carrasco @guillemch
Logging & ELK stack
Logging & ELK stack What are logs? What are logs for? Theory vs reality Logstash & Elasticsearch Kibana
What are logs? http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record MiSeqIntegrator.log HiSeqIntegrator.log apache.log GenStat.log supervisord.log … http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record MiSeqIntegrator.log HiSeqIntegrator.log apache.log GenStat.log supervisord.log … So logs are files? http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record MiSeqIntegrator.log HiSeqIntegrator.log apache.log GenStat.log supervisord.log … - Logs are time-oriented streams of records http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
What are logs for? Theory
What are logs for? Theory Provide real-time and valuable information about the execution of a program Use this information in your benefit: prevent problems, do analytics, plot status…
Example: Our pipeline
Example: Our pipeline started job X for sample Y Aligning sample X Generating report for Project A.Sample_14_09 Cleaning /proj/a2010002/nobackup area
Example: Our pipeline started job X for sample Y Aligning sample X Generating report for Project A.Sample_14_09 Cleaning /proj/a2010002/nobackup area Submitted jobs in the last X mins… Pipeline crashes in the last X days…
Example: Illumina logs
Example: Illumina logs - Status of a particular run - Failures/Anomalies - Cycles sequenced today/this week/etc - …
What are logs for? Reality
What are logs for? Reality Something we look at ONLY when something has already gone wrong… if we can!
On the previous examples…
On the previous examples… - The pipeline logs are dumped to nextgen_analysis_server.log, in milou-b, under the functional account… and rotated! - The Illumina logs are just never looked at…
Problems
Problems - Logs spread around servers and accounts - Rotating logs may disappear - If you don’t rotate, logs will fill up disks - Hardly difficult to do any analytics (real-time) - Different applications == different log formats
Problems Genologics support: ”I took a look at the system. Unfortunately the logs are filling up in too quick of a time. I have increased the number of logs and the size of them. We should have more that one day of logs now.”
Problems rm -rf <all_the_logs>
ELK Stack ! - Elasticsearch - Logstash - Kibana
Logstash
Logstash Index log records form different sources Re-format log data to be structured and ”queryable" Apply filters Store your structured data into Elasticsearch (and other outputs)
input { #Read messages from redis redis { host => "localhost" data_type => "list" password => "password" key => "python" codec => json } } ! #We want to filter multiline events, and we'll suppose that multiline #events are composed by one event and the following ones starting with #a sapce (like anexception traceback) filter { multiline { type => "exception" pattern => "^s" what => "previous" add_tag => [ "exception" ] } } ! output { elasticsearch { host => "tools.scilifelab.se" } }
Elasticsearch
Elasticsearch Built on top of Lucene Store complex data as structured JSON documents. All fields are indexed by default, and all the indices can be used in a single query. Schema free (good for logs) RESTful API
Kibana
Kibana No code required Real-time analysis for streaming data Customise and create dashboards For freeeee!!!
Shippers
Shippers Broker*
Shippers Broker* Indexer
Shippers Broker* Indexer Storage & search
Shippers Broker* Indexer Visualization Storage & search
Thank you!

More Related Content

PPTX
Elk stack
byJilles van Gurp
 
PPTX
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
byForgeRock
 
PDF
Logstash-Elasticsearch-Kibana
bydknx01
 
PDF
elk_stack_alexander_szalonnas
byAlexander Szalonnas
 
PDF
Logstash: Get to know your logs
bySmartLogic
 
PDF
LogStash in action
byManuj Aggarwal
 
PDF
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
byPublicis Sapient Engineering
 
PDF
Machine Learning in a Twitter ETL using ELK
byhypto
 
Elk stack
byJilles van Gurp
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
byForgeRock
 
Logstash-Elasticsearch-Kibana
bydknx01
 
elk_stack_alexander_szalonnas
byAlexander Szalonnas
 
Logstash: Get to know your logs
bySmartLogic
 
LogStash in action
byManuj Aggarwal
 
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
byPublicis Sapient Engineering
 
Machine Learning in a Twitter ETL using ELK
byhypto
 

What's hot

PDF
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
byStartit
 
PDF
Logs aggregation and analysis
byDivante
 
PPT
How ElasticSearch lives in my DevOps life
by琛琳 饶
 
PDF
Elk devops
byIdeato
 
PDF
Experiences in ELK with D3.js for Large Log Analysis and Visualization
bySurasak Sanguanpong
 
PPTX
ELK Stack
byPhuc Nguyen
 
PDF
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
byWaldemar Neto
 
ODP
Using Logstash, elasticsearch & kibana
byAlejandro E Brito Monedero
 
PPTX
Elk
byCaleb Wang
 
PPT
Logstash
by琛琳 饶
 
PDF
ELK introduction
byWaldemar Neto
 
PDF
ELK, a real case study
byPaolo Tonin
 
PPTX
Introduction to ELK
byYuHsuan Chen
 
PDF
Elk stack @inbot
byJilles van Gurp
 
PPTX
The ELK Stack - Get to Know Logs
byGlobalLogic Ukraine
 
PPTX
Logstash
byRajgourav Jain
 
PDF
Monitoring with Graylog - a modern approach to monitoring?
byinovex GmbH
 
PDF
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
byAirat Khisamov
 
PPTX
Introduction to ELK
byHarshakumar Ummerpillai
 
PPTX
Scaling an ELK stack at bol.com
byRenzo Tomà
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
byStartit
 
Logs aggregation and analysis
byDivante
 
How ElasticSearch lives in my DevOps life
by琛琳 饶
 
Elk devops
byIdeato
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
bySurasak Sanguanpong
 
ELK Stack
byPhuc Nguyen
 
Monitoramento com ELK - Elasticsearch - Logstash - Kibana
byWaldemar Neto
 
Using Logstash, elasticsearch & kibana
byAlejandro E Brito Monedero
 
Elk
byCaleb Wang
 
Logstash
by琛琳 饶
 
ELK introduction
byWaldemar Neto
 
ELK, a real case study
byPaolo Tonin
 
Introduction to ELK
byYuHsuan Chen
 
Elk stack @inbot
byJilles van Gurp
 
The ELK Stack - Get to Know Logs
byGlobalLogic Ukraine
 
Logstash
byRajgourav Jain
 
Monitoring with Graylog - a modern approach to monitoring?
byinovex GmbH
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
byAirat Khisamov
 
Introduction to ELK
byHarshakumar Ummerpillai
 
Scaling an ELK stack at bol.com
byRenzo Tomà
 

Similar to Elk scilifelab

PDF
Application Logging in the 21st century - 2014.key
byTim Bunce
 
PDF
OSMC 2025: Easy logging refinement with FlowG by David Delassus.pdf
byNETWAYS
 
PDF
Choose Your Own Adventure to Get Started with Grafana Loki
byImma Valls Bernaus
 
PPT
ELK stack at weibo.com
by琛琳 饶
 
PDF
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
PDF
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
PPTX
Kibana+ElasticSearch+LogStash to handle Log messages on Prod servers
byHYS Enterprise
 
PDF
Javantura v3 - ELK – Big Data for DevOps – Maarten Mulders
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
byPROIDEA
 
PPTX
PowerPoint Presentation Guide Cyber.pptx
byowoturooluwaseun
 
PDF
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
byEdureka!
 
PDF
Application Logging With The ELK Stack
bybenwaine
 
PDF
Centralized logging system using mongoDB
byVivek Parihar
 
PDF
2.ELK.pdf
byAgusNursidik
 
PPTX
Centralized Logging System Using ELK Stack
byRohit Sharma
 
PPTX
Log management with ELK
byGeert Pante
 
ODP
Log Management Systems
byMehdi Hamidi
 
ODP
Get the most out of your security logs using syslog-ng
byPeter Czanik
 
PDF
Log Management: AtlSecCon2015
bycameronevans
 
PDF
Logging in dockerized environment
byYury Bushmelev
 
Application Logging in the 21st century - 2014.key
byTim Bunce
 
OSMC 2025: Easy logging refinement with FlowG by David Delassus.pdf
byNETWAYS
 
Choose Your Own Adventure to Get Started with Grafana Loki
byImma Valls Bernaus
 
ELK stack at weibo.com
by琛琳 饶
 
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
Kibana+ElasticSearch+LogStash to handle Log messages on Prod servers
byHYS Enterprise
 
Javantura v3 - ELK – Big Data for DevOps – Maarten Mulders
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
byPROIDEA
 
PowerPoint Presentation Guide Cyber.pptx
byowoturooluwaseun
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
byEdureka!
 
Application Logging With The ELK Stack
bybenwaine
 
Centralized logging system using mongoDB
byVivek Parihar
 
2.ELK.pdf
byAgusNursidik
 
Centralized Logging System Using ELK Stack
byRohit Sharma
 
Log management with ELK
byGeert Pante
 
Log Management Systems
byMehdi Hamidi
 
Get the most out of your security logs using syslog-ng
byPeter Czanik
 
Log Management: AtlSecCon2015
bycameronevans
 
Logging in dockerized environment
byYury Bushmelev
 

Recently uploaded

PDF
1.39 inch Flexible Round AMOLED Display for Smartwatch
bySyluxdisplay
 
PDF
22PEOIT4C Artificial Intelligence unit 3 QB Final.pdf
byGuru Nanak Technical Institutions
 
PDF
CRYPTOCURRENCY FORENSICS: A COMPREHENSIVE REPORT ON TRACKING ILLICIT DIGITAL ...
byGarima Singh
 
PPTX
Diagram of Control Valves used in Industrial Fluid Power.pptx
bySBM Polytechnic
 
PDF
Introduction : Operating-System Services
bySanjay Gunjal
 
PDF
TR095A120SPC 0.95″ AMOLED Display Module, 120×120 Resolution
bySyluxdisplay
 
PDF
Life Cycle Analysis of Electric and Internal Combustion Engine Vehicles
byUniversity Institute of Technology, Barkatullah University
 
PPTX
RTOS_Automatic_Room_Light_Controller_ Exp.no.1.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
PPTX
Next-Gen Satellite Imaging: Optimizing High-Resolution Remote Sensing with Ad...
byraghabBsingh
 
PPTX
Embedded_Linux_ARM_Cross_Compilation_Exp.no.3.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
PPTX
22PEOIT4C Unit 3 Session 18 First Order Logic.pptx
byGuru Nanak Technical Institutions
 
PPTX
Calculation of hardness of Water on Ion Exchange.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PDF
Lathe Machine: Definition, Parts, Types, Working and Operations
byAatif Razi
 
PDF
22PE0IT4C_Artificial_Intelligence_Unit_1_QB_Final
byGuru Nanak Technical Institutions
 
PDF
Software Engineering : Process Models.
byGunjalSanjay
 
PPTX
Web Technology Overview with list of assignments along with the technology
byYogeshDeshmukh85
 
PDF
Software Engineering : Process Model
byGunjalSanjay
 
PDF
An Open Foundation Model for Generalist Humanoid Robot
byNABLAS株式会社
 
PPTX
An Early Production Facility (EPF) is a modular, temporary system for rapidly...
byDrAdelSalem1
 
PDF
TU/e - 2025-2026 - Lecture Geotechnics 3 - Arkesteijn
byRuud Arkesteijn
 
1.39 inch Flexible Round AMOLED Display for Smartwatch
bySyluxdisplay
 
22PEOIT4C Artificial Intelligence unit 3 QB Final.pdf
byGuru Nanak Technical Institutions
 
CRYPTOCURRENCY FORENSICS: A COMPREHENSIVE REPORT ON TRACKING ILLICIT DIGITAL ...
byGarima Singh
 
Diagram of Control Valves used in Industrial Fluid Power.pptx
bySBM Polytechnic
 
Introduction : Operating-System Services
bySanjay Gunjal
 
TR095A120SPC 0.95″ AMOLED Display Module, 120×120 Resolution
bySyluxdisplay
 
Life Cycle Analysis of Electric and Internal Combustion Engine Vehicles
byUniversity Institute of Technology, Barkatullah University
 
RTOS_Automatic_Room_Light_Controller_ Exp.no.1.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
Next-Gen Satellite Imaging: Optimizing High-Resolution Remote Sensing with Ad...
byraghabBsingh
 
Embedded_Linux_ARM_Cross_Compilation_Exp.no.3.pptx
bySanjivani College of Engineering, Kopargaon, Ahmednagar, Maharashtra, India
 
22PEOIT4C Unit 3 Session 18 First Order Logic.pptx
byGuru Nanak Technical Institutions
 
Calculation of hardness of Water on Ion Exchange.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Lathe Machine: Definition, Parts, Types, Working and Operations
byAatif Razi
 
22PE0IT4C_Artificial_Intelligence_Unit_1_QB_Final
byGuru Nanak Technical Institutions
 
Software Engineering : Process Models.
byGunjalSanjay
 
Web Technology Overview with list of assignments along with the technology
byYogeshDeshmukh85
 
Software Engineering : Process Model
byGunjalSanjay
 
An Open Foundation Model for Generalist Humanoid Robot
byNABLAS株式会社
 
An Early Production Facility (EPF) is a modular, temporary system for rapidly...
byDrAdelSalem1
 
TU/e - 2025-2026 - Lecture Geotechnics 3 - Arkesteijn
byRuud Arkesteijn
 

Elk scilifelab

  • 1.
    ELK Stack Becauselogs are not meant to go to /dev/null Guillermo Carrasco @guillemch
  • 2.
  • 3.
    Logging & ELKstack What are logs? What are logs for? Theory vs reality Logstash & Elasticsearch Kibana
  • 4.
    What are logs? http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 5.
    What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 6.
    What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 7.
    What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 8.
    What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 9.
    What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record MiSeqIntegrator.log HiSeqIntegrator.log apache.log GenStat.log supervisord.log … http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 10.
    What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record MiSeqIntegrator.log HiSeqIntegrator.log apache.log GenStat.log supervisord.log … So logs are files? http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 11.
    What are logs? 2014-09-19 13:08:37,972 INFO [MiSeqIntegrator] (SequencingIntegrationUtil) Extracted raw content - [cycleNumber = 308 , runFolder = "D:IlluminaMiSeqTemp 140904_M01320_0130_000000000-A9NE9" , netFolder = "Z:140904_M01320_0130_000000000-A9NE9" , Record MiSeqIntegrator.log HiSeqIntegrator.log apache.log GenStat.log supervisord.log … - Logs are time-oriented streams of records http://adam.herokuapp.com/past/2011/4/1/logs_are_streams_not_files/
  • 12.
    What are logsfor? Theory
  • 13.
    What are logsfor? Theory Provide real-time and valuable information about the execution of a program Use this information in your benefit: prevent problems, do analytics, plot status…
  • 14.
  • 15.
    Example: Our pipeline started job X for sample Y Aligning sample X Generating report for Project A.Sample_14_09 Cleaning /proj/a2010002/nobackup area
  • 16.
    Example: Our pipeline started job X for sample Y Aligning sample X Generating report for Project A.Sample_14_09 Cleaning /proj/a2010002/nobackup area Submitted jobs in the last X mins… Pipeline crashes in the last X days…
  • 17.
  • 18.
    Example: Illumina logs - Status of a particular run - Failures/Anomalies - Cycles sequenced today/this week/etc - …
  • 19.
    What are logsfor? Reality
  • 20.
    What are logsfor? Reality Something we look at ONLY when something has already gone wrong… if we can!
  • 21.
    On the previousexamples…
  • 22.
    On the previousexamples… - The pipeline logs are dumped to nextgen_analysis_server.log, in milou-b, under the functional account… and rotated! - The Illumina logs are just never looked at…
  • 23.
  • 24.
    Problems - Logsspread around servers and accounts - Rotating logs may disappear - If you don’t rotate, logs will fill up disks - Hardly difficult to do any analytics (real-time) - Different applications == different log formats
  • 25.
    Problems Genologics support: ”I took a look at the system. Unfortunately the logs are filling up in too quick of a time. I have increased the number of logs and the size of them. We should have more that one day of logs now.”
  • 26.
    Problems rm -rf<all_the_logs>
  • 27.
    ELK Stack ! - Elasticsearch - Logstash - Kibana
  • 28.
  • 29.
    Logstash Index logrecords form different sources Re-format log data to be structured and ”queryable" Apply filters Store your structured data into Elasticsearch (and other outputs)
  • 30.
    input { #Readmessages from redis redis { host => "localhost" data_type => "list" password => "password" key => "python" codec => json } } ! #We want to filter multiline events, and we'll suppose that multiline #events are composed by one event and the following ones starting with #a sapce (like anexception traceback) filter { multiline { type => "exception" pattern => "^s" what => "previous" add_tag => [ "exception" ] } } ! output { elasticsearch { host => "tools.scilifelab.se" } }
  • 31.
  • 32.
    Elasticsearch Built ontop of Lucene Store complex data as structured JSON documents. All fields are indexed by default, and all the indices can be used in a single query. Schema free (good for logs) RESTful API
  • 33.
  • 34.
    Kibana No coderequired Real-time analysis for streaming data Customise and create dashboards For freeeee!!!
  • 36.
  • 37.
  • 38.
  • 39.
    Shippers Broker* Indexer Storage & search
  • 40.
    Shippers Broker* Indexer Visualization Storage & search
  • 41.

Editor's Notes

  • #2 My name is… Today I want to talk about logging in general and ELK stack in particular.
  • #9 So, to have a look at the pipeline logs, you have to log into Uppmax, ssh to our functional account, and be lucky that you were not too slow…
  • #10 And not only the log rotation is a problem, let’s me honest… because what happens when you’re in your happy weekend and you receive a mail from NAGIOS telling…. etc Show timestamps!!!
  • #14 Also, other aspects like highly scalable and replication, of course - go out from the slides and show some API queries (the 15th of sept there are logs from milou)
  • #15 Also, other aspects like highly scalable and replication, of course - go out from the slides and show some API queries (the 15th of sept there are logs from milou)
  • #16 The broker is not really needed for the ELK stack to work, but eases life and is recommended for a production deploy.