SlideShare a Scribd company logo

Learn ELK in docker

Download as PPT, PDF
Larry Cai
Larry Cai

The document outlines exercises for learning the ELK stack using Docker. It introduces Elasticsearch for data storage, Logstash for collecting and parsing logs, and Kibana for visualization. The exercises demonstrate setting up the environment, sending a test message to ELK, analyzing Shakespeare works, customizing the Kibana dashboard, using Grok filters to parse logs, and filtering Apache logs with Logstash.

1 of 21
Larry Cai larry.caiyu@gmail.com Leo Luo leorowe.wei@gmail.com
Agenda  ELK Stack Introduction  Prerequisite: Setup environment using Docker  Exercise 1: Say Hello To ELK Stack  Exercise 2:Analyze Shakespeare works  Exercise 3: Customize your Kibana Dashboard  Exercise 4: Use customize grok rule to parse your "Hello World"  Exercise 5: Use pre-defined grok rule to filter Apache log Learn ELK in Docker in 90 minutes2 01/09/15
What is ELK stack  ElasticSearch  Store the data that LogStash processed and provide full-text index  LogStash  Collecting and parsing log files.Transform unstructured log into meaningful and searchable.  Kibana  Provide a friendly web console for user to interact with ElasticSearch. Learn ELK in Docker in 90 minutes3 01/09/15
What is ELK stack – Deploy Diagram Learn ELK in Docker in 90 minutes4 01/09/15
Environment (docker) Learn ELK in Docker in 90 minutes5 01/09/15 http://boot2docker.io/ Boot2docker 1.3.x /recommend  $ docker -v  User/Passwd: docker/tcuser  Start the container  docker pull leorowe/codingwithme-elk  docker tag leorowe/codingwithme-elk elk  docker run -d --name elk -p 80:80 -p 3333:3333 -p 9200:9200 elk  Enter the container  docker exec -it elk bash
Exercise 1: Say Hello To ELK Stack  Open the browser and visit Kibana (192.168.59.103 )  If it return HTTP 404 then ifconfig (docker@boot2docker: and find eth1 ip, begin with 192.168.)  Say “Hello World” to ELK  echo ‘Hello World’ | nc localhost 3333 (boot2Docker)  Check the greeting in Kibana Learn ELK in Docker in 90 minutes6 01/09/15
Exercise 2: Analyze Shakespeare works  Enter ELK container: docker exec –it elk bash  /build.sh  Find line_id of “to be or not to be”  How many times did “food” and “love” appear in the same sentence. Learn ELK in Docker in 90 minutes7 01/09/15
Exercise 3 : Customize your Kibana Dashboard Learn ELK in Docker in 90 minutes8 01/09/15  Open a blank dashboard  Add a row  1.click “Add A Row” button  2.type the row name then click Create Row and Save button
Add a terms panels  Click Add Panel button  Select terms as Panel Type  Type speaker as Fileld  Toggle Other checkbox  Select bar asView Options Style  Click Save button Learn ELK in Docker in 90 minutes9 01/09/15
Men vs Women. Who wins?  Add a new query box  Type men and women in each query box  Click search button  Add a Hits Panel  Choose hits as type  Choose pie as Style  Click Save button Learn ELK in Docker in 90 minutes10 01/09/15
Exercise 4 : Use customize grok filter to parse your "Hello World" Learn ELK in Docker in 90 minutes11 01/09/15  add a grok filter into /logstash.conf input { tcp { port => 3333 type => "text event"}} filter{ grok{ match=>['message','%{WORD:greetings}%{SPACE}% {WORD:name}'] } } output { elasticsearch { host => localhost } }
Restart logstash  Restart logstash (or /restart-logstash.sh)  ps –ef | grep logstash (find the logstash pid)  kill -9 <logstash pid>  exec /logstash/bin/logstash agent -f /logstash.conf &  echo ‘Hello <your name>’ | nc localhost 3333  Check out Logstash Dashboard page Learn ELK in Docker in 90 minutes12 01/09/15
Exercise 5 : Use Logstash to filter Apache log Learn ELK in Docker in 90 minutes13 01/09/15
Exercise 5 : Use Logstash to filter Apache log  Using grok Learn ELK in Docker in 90 minutes14 01/09/15
Workflow Learn ELK in Docker in 90 minutes15 01/09/15 See http://logstash.net/docs/1.4.2/tutorials/getting-started-with-logstash
Add a file input input { tcp { port => 3333 type => "text event"} } file { type => 'apache-log' path => '/*.log‘ start_position => "beginning" } } Learn ELK in Docker in 90 minutes16 01/09/15
Add a filter to deal with Apache logs filter{ if [type]=='apache-log'{ grok{ match=>['message','%{COMMONAPACHELOG:message}'] } date{ match=>['timestamp','dd/MMM/yyyy:HH:mm:ss Z'] } mutate { convert => { "response" => "integer" } convert => { "bytes" => "integer" } } } } Learn ELK in Docker in 90 minutes17 01/09/15
Exercise 5 : Use Logstash to filter Apache log  Restart logstash (/restart-logstash.sh)  Check out Logstash Dashboard Page. Learn ELK in Docker in 90 minutes18 01/09/15
Exercise 5 : Use Logstash to filter Apache log  Add response query  response:200 response:304 response:401 Learn ELK in Docker in 90 minutes19 01/09/15
Summary  ELK Stack is the off the shelf toolkits to manage and analyze your logs or whatever it has a timestamp attribute. Learn ELK in Docker in 90 minutes20 01/09/15
Reference  http://www.elasticsearch.org/guide/  https://datapsyche.wordpress.com/2014/07/30/docker- app-tutorial-creating-a-docker-container-for-elk- elasticsearch-logstash-kibana/ Learn ELK in Docker in 90 minutes21 01/09/15

Recommended

Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELK
Daniel Berman
 
Logstash
LogstashLogstash
Logstash
琛琳 饶
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnasAlexander Szalonnas
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introduction
Owen Wu
 
Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)
Marco Pas
 
MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELK
YoungHeon (Roy) Kim
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.
Prajal Kulkarni
 
I can't believe it's not a queue: Kafka and Spring
I can't believe it's not a queue: Kafka and SpringI can't believe it's not a queue: Kafka and Spring
I can't believe it's not a queue: Kafka and Spring
Joe Kutner
 

Recommended

Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELK
Daniel Berman
 
Logstash
LogstashLogstash
Logstash
琛琳 饶
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnasAlexander Szalonnas
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introduction
Owen Wu
 
Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)Collect distributed application logging using fluentd (EFK stack)
Collect distributed application logging using fluentd (EFK stack)
Marco Pas
 
MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELK
YoungHeon (Roy) Kim
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.
Prajal Kulkarni
 
I can't believe it's not a queue: Kafka and Spring
I can't believe it's not a queue: Kafka and SpringI can't believe it's not a queue: Kafka and Spring
I can't believe it's not a queue: Kafka and Spring
Joe Kutner
 
Docker and Fluentd
Docker and FluentdDocker and Fluentd
Docker and Fluentd
SATOSHI TAGOMORI
 
Node.js
Node.jsNode.js
Node.js
hotrannam
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programminghotrannam
 
pgWALSync
pgWALSyncpgWALSync
pgWALSync
Rumman Iftekhar
 
How to improve ELK log pipeline performance
How to improve ELK log pipeline performanceHow to improve ELK log pipeline performance
How to improve ELK log pipeline performance
Steven Shim
 
The tale of 100 cve's
The tale of 100 cve'sThe tale of 100 cve's
The tale of 100 cve'sPrajal Kulkarni
 
Dexador Rises
Dexador RisesDexador Rises
Dexador Rises
fukamachi
 
Apache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whaleApache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whale
Henryk Konsek
 
Golang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war storyGolang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war story
Aerospike
 
Developing high-performance network servers in Lisp
Developing high-performance network servers in LispDeveloping high-performance network servers in Lisp
Developing high-performance network servers in Lisp
Vladimir Sedach
 
Kafka Workshop
Kafka WorkshopKafka Workshop
Kafka Workshop
Alexandre André
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet
 
Developing Java based microservices ready for the world of containers
Developing Java based microservices ready for the world of containersDeveloping Java based microservices ready for the world of containers
Developing Java based microservices ready for the world of containers
Claus Ibsen
 
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Puppet
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
Aman Kohli
 
Fluentd at Bay Area Kubernetes Meetup
Fluentd at Bay Area Kubernetes MeetupFluentd at Bay Area Kubernetes Meetup
Fluentd at Bay Area Kubernetes Meetup
Sadayuki Furuhashi
 
Consul - service discovery and others
Consul - service discovery and othersConsul - service discovery and others
Consul - service discovery and others
Walter Liu
 
Fluentd v1 and Roadmap
Fluentd v1 and RoadmapFluentd v1 and Roadmap
Fluentd v1 and Roadmap
Treasure Data, Inc.
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
N Masahiro
 
Ansible with AWS
Ansible with AWSAnsible with AWS
Ansible with AWS
Allan Denot
 
Elk stack
Elk stackElk stack
Elk stack
Jilles van Gurp
 
ELK Stack
ELK StackELK Stack
ELK Stack
Phuc Nguyen
 

More Related Content

What's hot

Docker and Fluentd
Docker and FluentdDocker and Fluentd
Docker and Fluentd
SATOSHI TAGOMORI
 
Node.js
Node.jsNode.js
Node.js
hotrannam
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programminghotrannam
 
pgWALSync
pgWALSyncpgWALSync
pgWALSync
Rumman Iftekhar
 
How to improve ELK log pipeline performance
How to improve ELK log pipeline performanceHow to improve ELK log pipeline performance
How to improve ELK log pipeline performance
Steven Shim
 
Dexador Rises
Dexador RisesDexador Rises
Dexador Rises
fukamachi
 
Apache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whaleApache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whale
Henryk Konsek
 
Golang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war storyGolang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war story
Aerospike
 
Developing high-performance network servers in Lisp
Developing high-performance network servers in LispDeveloping high-performance network servers in Lisp
Developing high-performance network servers in Lisp
Vladimir Sedach
 
Kafka Workshop
Kafka WorkshopKafka Workshop
Kafka Workshop
Alexandre André
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet
 
Developing Java based microservices ready for the world of containers
Developing Java based microservices ready for the world of containersDeveloping Java based microservices ready for the world of containers
Developing Java based microservices ready for the world of containers
Claus Ibsen
 
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Puppet
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
Aman Kohli
 
Fluentd at Bay Area Kubernetes Meetup
Fluentd at Bay Area Kubernetes MeetupFluentd at Bay Area Kubernetes Meetup
Fluentd at Bay Area Kubernetes Meetup
Sadayuki Furuhashi
 
Consul - service discovery and others
Consul - service discovery and othersConsul - service discovery and others
Consul - service discovery and others
Walter Liu
 
Fluentd v1 and Roadmap
Fluentd v1 and RoadmapFluentd v1 and Roadmap
Fluentd v1 and Roadmap
Treasure Data, Inc.
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
N Masahiro
 
Ansible with AWS
Ansible with AWSAnsible with AWS
Ansible with AWS
Allan Denot
 

What's hot (20)

Docker and Fluentd
Docker and FluentdDocker and Fluentd
Docker and Fluentd
 
Node.js
Node.jsNode.js
Node.js
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programming
 
pgWALSync
pgWALSyncpgWALSync
pgWALSync
 
How to improve ELK log pipeline performance
How to improve ELK log pipeline performanceHow to improve ELK log pipeline performance
How to improve ELK log pipeline performance
 
The tale of 100 cve's
The tale of 100 cve'sThe tale of 100 cve's
The tale of 100 cve's
 
Dexador Rises
Dexador RisesDexador Rises
Dexador Rises
 
Apache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whaleApache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whale
 
Golang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war storyGolang Performance : microbenchmarks, profilers, and a war story
Golang Performance : microbenchmarks, profilers, and a war story
 
Developing high-performance network servers in Lisp
Developing high-performance network servers in LispDeveloping high-performance network servers in Lisp
Developing high-performance network servers in Lisp
 
Kafka Workshop
Kafka WorkshopKafka Workshop
Kafka Workshop
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
 
Developing Java based microservices ready for the world of containers
Developing Java based microservices ready for the world of containersDeveloping Java based microservices ready for the world of containers
Developing Java based microservices ready for the world of containers
 
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
Performance Tuning Your Puppet Infrastructure - PuppetConf 2014
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
 
Fluentd at Bay Area Kubernetes Meetup
Fluentd at Bay Area Kubernetes MeetupFluentd at Bay Area Kubernetes Meetup
Fluentd at Bay Area Kubernetes Meetup
 
Consul - service discovery and others
Consul - service discovery and othersConsul - service discovery and others
Consul - service discovery and others
 
Fluentd v1 and Roadmap
Fluentd v1 and RoadmapFluentd v1 and Roadmap
Fluentd v1 and Roadmap
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 
Ansible with AWS
Ansible with AWSAnsible with AWS
Ansible with AWS
 

Viewers also liked

Elk stack
Elk stackElk stack
Elk stack
Jilles van Gurp
 
ELK Stack
ELK StackELK Stack
ELK Stack
Phuc Nguyen
 
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learnedELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
Tin Le
 
Tecnologías Aplicadas a Business Intelligence 2015
Tecnologías Aplicadas a Business Intelligence 2015Tecnologías Aplicadas a Business Intelligence 2015
Tecnologías Aplicadas a Business Intelligence 2015
Paola Amadeo
 
Toronto High Scalability meetup - Scaling ELK
Toronto High Scalability meetup - Scaling ELKToronto High Scalability meetup - Scaling ELK
Toronto High Scalability meetup - Scaling ELK
Andrew Trossman
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stack
Sylvain Wallez
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Surasak Sanguanpong
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.com
Renzo Tomà
 
Real-time data analysis using ELK
Real-time data analysis using ELKReal-time data analysis using ELK
Real-time data analysis using ELK
Jettro Coenradie
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerRunning High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Sematext Group, Inc.
 

Viewers also liked (11)

Elk stack
Elk stackElk stack
Elk stack
 
ELK Stack
ELK StackELK Stack
ELK Stack
 
ELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learnedELK at LinkedIn - Kafka, scaling, lessons learned
ELK at LinkedIn - Kafka, scaling, lessons learned
 
Tecnologías Aplicadas a Business Intelligence 2015
Tecnologías Aplicadas a Business Intelligence 2015Tecnologías Aplicadas a Business Intelligence 2015
Tecnologías Aplicadas a Business Intelligence 2015
 
Toronto High Scalability meetup - Scaling ELK
Toronto High Scalability meetup - Scaling ELKToronto High Scalability meetup - Scaling ELK
Toronto High Scalability meetup - Scaling ELK
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stack
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and Visualization
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.com
 
Real-time data analysis using ELK
Real-time data analysis using ELKReal-time data analysis using ELK
Real-time data analysis using ELK
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerRunning High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
 

Similar to Learn ELK in docker

Learn flask in 90mins
Learn flask in 90minsLearn flask in 90mins
Learn flask in 90mins
Larry Cai
 
手把手帶你學Docker 03042017
手把手帶你學Docker 03042017手把手帶你學Docker 03042017
手把手帶你學Docker 03042017
Paul Chao
 
手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇
Philip Zheng
 
Docker workshop 0507 Taichung
Docker workshop 0507 Taichung Docker workshop 0507 Taichung
Docker workshop 0507 Taichung
Paul Chao
 
Novices guide to docker
Novices guide to dockerNovices guide to docker
Novices guide to docker
Alec Clews
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇
Philip Zheng
 
Scala Vienna Website: reloaded
Scala Vienna Website: reloadedScala Vienna Website: reloaded
Scala Vienna Website: reloadedNikolay Kushin
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
Hyun-Mook Choi
 
Continuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECSContinuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECS
Amazon Web Services
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Puppet
 
Automated testing on steroids – Trick for managing test data using Docker sna...
Automated testing on steroids – Trick for managing test data using Docker sna...Automated testing on steroids – Trick for managing test data using Docker sna...
Automated testing on steroids – Trick for managing test data using Docker sna...
Lucas Jellema
 
Flask Introduction - Python Meetup
Flask Introduction - Python MeetupFlask Introduction - Python Meetup
Flask Introduction - Python Meetup
Areski Belaid
 
Continuous Integration With Jenkins Docker SQL Server
Continuous Integration With Jenkins Docker SQL ServerContinuous Integration With Jenkins Docker SQL Server
Continuous Integration With Jenkins Docker SQL Server
Chris Adkin
 
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
Eric Smalling
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
Thomas Tong, FRM, PMP
 
Playground 11022017 user_monitoring
Playground 11022017 user_monitoringPlayground 11022017 user_monitoring
Playground 11022017 user_monitoring
Matthijs Mali
 
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
LogeekNightUkraine
 
Kamailio World 2018 - Workshop: kamailio-tests
Kamailio World 2018 - Workshop: kamailio-testsKamailio World 2018 - Workshop: kamailio-tests
Kamailio World 2018 - Workshop: kamailio-tests
Giacomo Vacca
 
Apache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kickApache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kick
Vishwanath Krishnamurthi
 
Docker perl build
Docker perl buildDocker perl build
Docker perl build
Workhorse Computing
 

Similar to Learn ELK in docker (20)

Learn flask in 90mins
Learn flask in 90minsLearn flask in 90mins
Learn flask in 90mins
 
手把手帶你學Docker 03042017
手把手帶你學Docker 03042017手把手帶你學Docker 03042017
手把手帶你學Docker 03042017
 
手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇
 
Docker workshop 0507 Taichung
Docker workshop 0507 Taichung Docker workshop 0507 Taichung
Docker workshop 0507 Taichung
 
Novices guide to docker
Novices guide to dockerNovices guide to docker
Novices guide to docker
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇
 
Scala Vienna Website: reloaded
Scala Vienna Website: reloadedScala Vienna Website: reloaded
Scala Vienna Website: reloaded
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
 
Continuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECSContinuous Delivery with Docker and Amazon ECS
Continuous Delivery with Docker and Amazon ECS
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
 
Automated testing on steroids – Trick for managing test data using Docker sna...
Automated testing on steroids – Trick for managing test data using Docker sna...Automated testing on steroids – Trick for managing test data using Docker sna...
Automated testing on steroids – Trick for managing test data using Docker sna...
 
Flask Introduction - Python Meetup
Flask Introduction - Python MeetupFlask Introduction - Python Meetup
Flask Introduction - Python Meetup
 
Continuous Integration With Jenkins Docker SQL Server
Continuous Integration With Jenkins Docker SQL ServerContinuous Integration With Jenkins Docker SQL Server
Continuous Integration With Jenkins Docker SQL Server
 
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
IBM Index 2018 Conference Workshop: Modernizing Traditional Java App's with D...
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Playground 11022017 user_monitoring
Playground 11022017 user_monitoringPlayground 11022017 user_monitoring
Playground 11022017 user_monitoring
 
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
 
Kamailio World 2018 - Workshop: kamailio-tests
Kamailio World 2018 - Workshop: kamailio-testsKamailio World 2018 - Workshop: kamailio-tests
Kamailio World 2018 - Workshop: kamailio-tests
 
Apache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kickApache TomEE - Tomcat with a kick
Apache TomEE - Tomcat with a kick
 
Docker perl build
Docker perl buildDocker perl build
Docker perl build
 

More from Larry Cai

Learn kubernetes in 90 minutes
Learn kubernetes in 90 minutesLearn kubernetes in 90 minutes
Learn kubernetes in 90 minutes
Larry Cai
 
Learn jobDSL for Jenkins
Learn jobDSL for JenkinsLearn jobDSL for Jenkins
Learn jobDSL for Jenkins
Larry Cai
 
Learn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90minsLearn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90mins
Larry Cai
 
Software Engineer Talk
Software Engineer TalkSoftware Engineer Talk
Software Engineer Talk
Larry Cai
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90mins
Larry Cai
 
Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using docker
Larry Cai
 
Build service with_docker_in_90mins
Build service with_docker_in_90minsBuild service with_docker_in_90mins
Build service with_docker_in_90mins
Larry Cai
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutes
Larry Cai
 
Learn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutesLearn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutes
Larry Cai
 
Learn REST API with Python
Learn REST API with PythonLearn REST API with Python
Learn REST API with PythonLarry Cai
 
Jenkins Scriptler in 90mins
Jenkins Scriptler in 90minsJenkins Scriptler in 90mins
Jenkins Scriptler in 90mins
Larry Cai
 
Python virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutesPython virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutes
Larry Cai
 
Lead changes in software development
Lead changes in software developmentLead changes in software development
Lead changes in software development
Larry Cai
 
Python in 90mins
Python in 90minsPython in 90mins
Python in 90mins
Larry Cai
 
Practical way to experience of Specification by Example
Practical way to experience of Specification by ExamplePractical way to experience of Specification by Example
Practical way to experience of Specification by ExampleLarry Cai
 
Experience from specification_by_examples
Experience from specification_by_examplesExperience from specification_by_examples
Experience from specification_by_examplesLarry Cai
 
Write book in markdown
Write book in markdownWrite book in markdown
Write book in markdown
Larry Cai
 
Continuous Integration Introduction
Continuous Integration IntroductionContinuous Integration Introduction
Continuous Integration Introduction
Larry Cai
 
Agile & ALM tools
Agile & ALM toolsAgile & ALM tools
Agile & ALM tools
Larry Cai
 

More from Larry Cai (19)

Learn kubernetes in 90 minutes
Learn kubernetes in 90 minutesLearn kubernetes in 90 minutes
Learn kubernetes in 90 minutes
 
Learn jobDSL for Jenkins
Learn jobDSL for JenkinsLearn jobDSL for Jenkins
Learn jobDSL for Jenkins
 
Learn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90minsLearn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90mins
 
Software Engineer Talk
Software Engineer TalkSoftware Engineer Talk
Software Engineer Talk
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90mins
 
Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using docker
 
Build service with_docker_in_90mins
Build service with_docker_in_90minsBuild service with_docker_in_90mins
Build service with_docker_in_90mins
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutes
 
Learn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutesLearn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutes
 
Learn REST API with Python
Learn REST API with PythonLearn REST API with Python
Learn REST API with Python
 
Jenkins Scriptler in 90mins
Jenkins Scriptler in 90minsJenkins Scriptler in 90mins
Jenkins Scriptler in 90mins
 
Python virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutesPython virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutes
 
Lead changes in software development
Lead changes in software developmentLead changes in software development
Lead changes in software development
 
Python in 90mins
Python in 90minsPython in 90mins
Python in 90mins
 
Practical way to experience of Specification by Example
Practical way to experience of Specification by ExamplePractical way to experience of Specification by Example
Practical way to experience of Specification by Example
 
Experience from specification_by_examples
Experience from specification_by_examplesExperience from specification_by_examples
Experience from specification_by_examples
 
Write book in markdown
Write book in markdownWrite book in markdown
Write book in markdown
 
Continuous Integration Introduction
Continuous Integration IntroductionContinuous Integration Introduction
Continuous Integration Introduction
 
Agile & ALM tools
Agile & ALM toolsAgile & ALM tools
Agile & ALM tools
 

Recently uploaded

1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
ShahulHameed54211
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 

Recently uploaded (16)

1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 

Learn ELK in docker

  • 1. Larry Cai larry.caiyu@gmail.com Leo Luo leorowe.wei@gmail.com
  • 2. Agenda  ELK Stack Introduction  Prerequisite: Setup environment using Docker  Exercise 1: Say Hello To ELK Stack  Exercise 2:Analyze Shakespeare works  Exercise 3: Customize your Kibana Dashboard  Exercise 4: Use customize grok rule to parse your "Hello World"  Exercise 5: Use pre-defined grok rule to filter Apache log Learn ELK in Docker in 90 minutes2 01/09/15
  • 3. What is ELK stack  ElasticSearch  Store the data that LogStash processed and provide full-text index  LogStash  Collecting and parsing log files.Transform unstructured log into meaningful and searchable.  Kibana  Provide a friendly web console for user to interact with ElasticSearch. Learn ELK in Docker in 90 minutes3 01/09/15
  • 4. What is ELK stack – Deploy Diagram Learn ELK in Docker in 90 minutes4 01/09/15
  • 5. Environment (docker) Learn ELK in Docker in 90 minutes5 01/09/15 http://boot2docker.io/ Boot2docker 1.3.x /recommend  $ docker -v  User/Passwd: docker/tcuser  Start the container  docker pull leorowe/codingwithme-elk  docker tag leorowe/codingwithme-elk elk  docker run -d --name elk -p 80:80 -p 3333:3333 -p 9200:9200 elk  Enter the container  docker exec -it elk bash
  • 6. Exercise 1: Say Hello To ELK Stack  Open the browser and visit Kibana (192.168.59.103 )  If it return HTTP 404 then ifconfig (docker@boot2docker: and find eth1 ip, begin with 192.168.)  Say “Hello World” to ELK  echo ‘Hello World’ | nc localhost 3333 (boot2Docker)  Check the greeting in Kibana Learn ELK in Docker in 90 minutes6 01/09/15
  • 7. Exercise 2: Analyze Shakespeare works  Enter ELK container: docker exec –it elk bash  /build.sh  Find line_id of “to be or not to be”  How many times did “food” and “love” appear in the same sentence. Learn ELK in Docker in 90 minutes7 01/09/15
  • 8. Exercise 3 : Customize your Kibana Dashboard Learn ELK in Docker in 90 minutes8 01/09/15  Open a blank dashboard  Add a row  1.click “Add A Row” button  2.type the row name then click Create Row and Save button
  • 9. Add a terms panels  Click Add Panel button  Select terms as Panel Type  Type speaker as Fileld  Toggle Other checkbox  Select bar asView Options Style  Click Save button Learn ELK in Docker in 90 minutes9 01/09/15
  • 10. Men vs Women. Who wins?  Add a new query box  Type men and women in each query box  Click search button  Add a Hits Panel  Choose hits as type  Choose pie as Style  Click Save button Learn ELK in Docker in 90 minutes10 01/09/15
  • 11. Exercise 4 : Use customize grok filter to parse your "Hello World" Learn ELK in Docker in 90 minutes11 01/09/15  add a grok filter into /logstash.conf input { tcp { port => 3333 type => "text event"}} filter{ grok{ match=>['message','%{WORD:greetings}%{SPACE}% {WORD:name}'] } } output { elasticsearch { host => localhost } }
  • 12. Restart logstash  Restart logstash (or /restart-logstash.sh)  ps –ef | grep logstash (find the logstash pid)  kill -9 <logstash pid>  exec /logstash/bin/logstash agent -f /logstash.conf &  echo ‘Hello <your name>’ | nc localhost 3333  Check out Logstash Dashboard page Learn ELK in Docker in 90 minutes12 01/09/15
  • 13. Exercise 5 : Use Logstash to filter Apache log Learn ELK in Docker in 90 minutes13 01/09/15
  • 14. Exercise 5 : Use Logstash to filter Apache log  Using grok Learn ELK in Docker in 90 minutes14 01/09/15
  • 15. Workflow Learn ELK in Docker in 90 minutes15 01/09/15 See http://logstash.net/docs/1.4.2/tutorials/getting-started-with-logstash
  • 16. Add a file input input { tcp { port => 3333 type => "text event"} } file { type => 'apache-log' path => '/*.log‘ start_position => "beginning" } } Learn ELK in Docker in 90 minutes16 01/09/15
  • 17. Add a filter to deal with Apache logs filter{ if [type]=='apache-log'{ grok{ match=>['message','%{COMMONAPACHELOG:message}'] } date{ match=>['timestamp','dd/MMM/yyyy:HH:mm:ss Z'] } mutate { convert => { "response" => "integer" } convert => { "bytes" => "integer" } } } } Learn ELK in Docker in 90 minutes17 01/09/15
  • 18. Exercise 5 : Use Logstash to filter Apache log  Restart logstash (/restart-logstash.sh)  Check out Logstash Dashboard Page. Learn ELK in Docker in 90 minutes18 01/09/15
  • 19. Exercise 5 : Use Logstash to filter Apache log  Add response query  response:200 response:304 response:401 Learn ELK in Docker in 90 minutes19 01/09/15
  • 20. Summary  ELK Stack is the off the shelf toolkits to manage and analyze your logs or whatever it has a timestamp attribute. Learn ELK in Docker in 90 minutes20 01/09/15