Daniel Berman, profile picture
Uploaded byDaniel Berman
PPTX, PDF1,370 views

Monitoring Docker with ELK

This document discusses monitoring containers with the ELK stack. It introduces ELK (Elasticsearch, Logstash, Kibana) as a solution for centralized logging of containers. It describes using Logstash to collect logs from Docker containers via syslog and using a Docker log collector container to fetch logs and metrics from all containers on a Docker host. The document concludes with a demonstration of ELK for container monitoring.

Embed presentation

Downloaded 51 times
Monitoring Containers with the ELK Stack
Solomon Hykes, DockerCon 2016
Daniel Berman • Product Evangelist @Logzio • LAMPer • Contributor on SitePoint and DZone • TLV-PHP Meetup organizer • @proudboffin, daniel@logz.io
2-Mins on • End-to-end ELK as a service • Auto-scaling, secure • SOC-II compliant, ISO27001 • AWS-based • Alerting, user-control, ELK Apps
Agenda • Why logging? • The logging challenge • The Docker challenge • Common logging solutions • Introducing ELK • Docker log collector • Demo • Questions?
RFID Windows App Database asd Sensors App server Mainframe Active directory Network Security Exchange Why logging? Web server
State of logging
The shift to open source
The logging challenge
The logging challenge • No centralization • No consistency • No accessibility * Puppet DevOps Survey 2016
The Docker challenge
Distribution and diversification
2016-06-02T13:05:22.614090Z 0 [Note] InnoDB: 5.7.12 started; log sequence number 2522067 CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O 3747bd397456 0.01% 3.641 MB / 2.1 GB 0.17% 3.366 kB / 648 B 0 B / 0 B 396e42ba0d15 0.11% 1.638 MB / 2.1 GB 0.08% 9.79 kB / 648 B 348.2 kB / 0 B 468bf755240a 3.19% 45.67 MB / 2.1 GB 2.17% 25.19 MB / 17.95 MB 774.1 kB / 0 B 5f16814a3c0e 0.01% 495.6 kB / 2.1 GB 0.02% 8.564 kB / 648 B 0 B / 0 B 74cdfa7b8a0c 0.04% 3.908 MB / 2.1 GB 0.19% 2.028 kB / 648 B 0 B / 0 B 99bafb7600fc 0.00% 32.95 MB / 2.1 GB 1.57% 0 B / 0 B 2.093 MB / 20.48 kB a48f7ba0ace7 0.04% 390.4 MB / 2.1 GB 18.59% 4.704 kB / 648 B 31.29 MB / 306.5 MB d7b60560e4d8 0.27% 220.9 MB / 2.1 GB 10.52% 7.338 kB / 648 B 94.21 kB / 114.7 kB $ docker logs $ docker stats $ docker daemon time="2016-06-05T12:03:49.716900785Z" level=debug msg="received containerd event: &types.Event{Type:"exit", Id:"3747bd397456cd28058bb40799cd0642f431849b5c43ce56536ab7f55a98114f", Status:0x0, Pid:"4120a7625a592f7c95eab4b1b442a45370f6dd95b63d284714dbb58f00d0a20d", Timestamp:0x57541525}"
Containers are transient
$ tail -f is not enough
Common logging solutions • Application logging (data volumes) • Logspout • Drivers - json-file (default), syslog, fluentd, gelf, journald • Monitoring/Logging tools - Datadog, Papertail, Dynatrace, Sysdig
• World’s most popular open source log analysis platform • 4.5M downloads a month! • Centralized logging AND: search, BI, SEO, IoT, and more Introducing ELK
Old school logging $ grep ' 30[1234] ' /var/logs/apache2/access.log | grep -v baidu | grep -v Googlebot 173.230.156.8 - - [04/Sep/2015:06:10:10 +0000] "GET /morpht HTTP/1.0" 301 26 "-" "Mozilla/5.0 (pc-x86_64-linux-gnu)" 192.3.83.5 - - [04/Sep/2015:06:10:22 +0000] "GET /?q=node/add HTTP/1.0" 301 26 "http://morpht.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5" 192.3.83.5 - - [04/Sep/2015:06:10:23 +0000] "GET /?q=user/register HTTP/1.0" 301 26 "http://morpht.com/node/add" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600. 2.5"
New school logging type:apache AND website: "mysite" AND response: [500 TO *]
• A full-text search & analytics engine • Open source, written in Java and based on Apache Lucene • Designed for speed, scalability and high availability • Advanced querying using REST API
• Collects, processes, and forwards logs • Over 200 input, filter and output plugins for manipulating the data
• Open source visualization platform • For querying and analyzing logs • Visualizations and monitoring dashboards
The ELK pipeline
Docker —> ELK Setup ELK: Install Elasticsearch, Logstash and Kibana • Elasticsearch - https://hub.docker.com/_/elasticsearch/ • Logstash - https://hub.docker.com/_/logstash/ • Kibana - https://hub.docker.com/_/kibana/ • Full stack: https://hub.docker.com/r/sebp/elk/
Docker —> ELK • Use syslog logging driver logging: driver: syslog options: syslog-address: "udp://$IP_LOGSTASH:5000" syslog-tag: “nginx-with-syslog" • Use logspout and Logstash module : input { udp { port => 5000 codec => json } }
Docker Log Collector • Dedicated container • Unified logging layer, fetching: • Docker logs from all the running containers per Docker host • Docker stats for all the containers • Docker daemon events
How it works • Based on docker-loghose and docker-stats • POST /containers/{id}/attach, to fetch the logs • GET /containers/{id}/stats, to fetch the stats of the container • GET /containers/json, to detect the containers that are running when this module starts • GET /events, to detect new containers that will start after the module has started
Running it $ docker pull logzio/logzio-docker $ docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock logzio/logzio-docker -t UfKqCazQjUYnBNcJqSryIRyDIjExjwIZ
Running options -- no-stats, to not send stats -- no-logs, to not send logs -- no-dockerEvents, to not send daemon events -i/-- statsinterval, to set the stats interval -a, custom tag -- matchByName / -skipByName, blacklist or whitelist containers
What metrics to look out for • Errors and warnings • Container CPU% • Container memory usage • # of running containers • Network usage
Demo time!
Resources • Logz.io blog: http://logz.io/blog/ • Elastic: https://www.elastic.co/learn • Loggly blog: https://www.loggly.com/blog/topic/general/
Thanks! @proudboffin | daniel@logz.io
Performance agent $ docker pull logzio/logzio-perfagent $ docker run -d --net="host" -e LOGZ_TOKEN="UfKqCazQjUYnBNcJqSryIRyDIjExjwIZ"- e USER_TAG="workers" -e HOSTNAME=`hostname` - e INSTANCE="10.1.2.3" --restart=always logzio/logzio-perfagent

More Related Content

PPT
'Scalable Logging and Analytics with LogStash'
byCloud Elements
 
PDF
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
byAirat Khisamov
 
PPT
Learn ELK in docker
byLarry Cai
 
PDF
"How about no grep and zabbix?". ELK based alerts and metrics.
byVladimir Pavkin
 
PPTX
MySQL Slow Query log Monitoring using Beats & ELK
byYoungHeon (Roy) Kim
 
PDF
LogStash in action
byManuj Aggarwal
 
PDF
Open Source Logging and Monitoring Tools
byPhase2
 
PPTX
ELK Stack
byPhuc Nguyen
 
'Scalable Logging and Analytics with LogStash'
byCloud Elements
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
byAirat Khisamov
 
Learn ELK in docker
byLarry Cai
 
"How about no grep and zabbix?". ELK based alerts and metrics.
byVladimir Pavkin
 
MySQL Slow Query log Monitoring using Beats & ELK
byYoungHeon (Roy) Kim
 
LogStash in action
byManuj Aggarwal
 
Open Source Logging and Monitoring Tools
byPhase2
 
ELK Stack
byPhuc Nguyen
 

What's hot

PPT
Logstash
by琛琳 饶
 
PDF
Elk devops
byIdeato
 
PDF
elk_stack_alexander_szalonnas
byAlexander Szalonnas
 
PPTX
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
byForgeRock
 
PDF
Logstash family introduction
byOwen Wu
 
PPTX
More kibana
by琛琳 饶
 
PDF
ELK introduction
byWaldemar Neto
 
PPTX
Logstash
byRajgourav Jain
 
PPTX
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
PDF
Docker Logging Webinar
bySematext Group, Inc.
 
PPTX
The ELK Stack - Get to Know Logs
byGlobalLogic Ukraine
 
PPTX
Elastic - ELK, Logstash & Kibana
bySpringPeople
 
PDF
Collect distributed application logging using fluentd (EFK stack)
byMarco Pas
 
PDF
Elastic{ON} 2016 Review - 김종민 님
byNAVER D2
 
PDF
Logging logs with Logstash - Devops MK 10-02-2016
bySteve Howe
 
PDF
Shipping & Visualize Your Data With ELK
byAdam Chen
 
PDF
Logstash: Get to know your logs
bySmartLogic
 
PDF
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
byPublicis Sapient Engineering
 
PPTX
Scaling an ELK stack at bol.com
byRenzo Tomà
 
PPT
ELK stack at weibo.com
by琛琳 饶
 
Logstash
by琛琳 饶
 
Elk devops
byIdeato
 
elk_stack_alexander_szalonnas
byAlexander Szalonnas
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
byForgeRock
 
Logstash family introduction
byOwen Wu
 
More kibana
by琛琳 饶
 
ELK introduction
byWaldemar Neto
 
Logstash
byRajgourav Jain
 
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
Docker Logging Webinar
bySematext Group, Inc.
 
The ELK Stack - Get to Know Logs
byGlobalLogic Ukraine
 
Elastic - ELK, Logstash & Kibana
bySpringPeople
 
Collect distributed application logging using fluentd (EFK stack)
byMarco Pas
 
Elastic{ON} 2016 Review - 김종민 님
byNAVER D2
 
Logging logs with Logstash - Devops MK 10-02-2016
bySteve Howe
 
Shipping & Visualize Your Data With ELK
byAdam Chen
 
Logstash: Get to know your logs
bySmartLogic
 
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
byPublicis Sapient Engineering
 
Scaling an ELK stack at bol.com
byRenzo Tomà
 
ELK stack at weibo.com
by琛琳 饶
 

Viewers also liked

PDF
Interactive learning analytics dashboards with ELK (Elasticsearch Logstash Ki...
byAndrii Vozniuk
 
PPTX
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
byCohesive Networks
 
PPTX
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
byBizTalk360
 
PDF
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
byNederlandstalige Zabbix Gebruikersgroep
 
PDF
Intro to sysdig in 15 minutes
bySysdig
 
PDF
The Dark Art of Container Monitoring - Spanish
bySysdig
 
PDF
Interactive Animated Projected Elk Map and Terrain Model
bynacis_slides
 
PDF
Venture classpresentation
byAnton Tyukov
 
PDF
Extending Sysdig with Chisel
bySysdig
 
ODP
Building Trustworthy Containers
bySysdig
 
PDF
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
bySysdig
 
PPTX
09 application security fundamentals - part 2 - security mechanisms - logging
byappsec
 
PDF
Web Application Security 101 - 12 Logging
byWebsecurify
 
PDF
Behavioural activity monitoring on CoreOS with Sysdig Falco
bySysdig
 
PDF
ELK: a log management framework
byGiovanni Bechis
 
PPTX
Introduction to ELK
byYuHsuan Chen
 
PDF
Log analysis with the elk stack
byVikrant Chauhan
 
PDF
IT Infrastructure Monitoring Strategies in Healthcare
byCA Technologies
 
PPTX
Elk with Openstack
byArun prasath
 
PPTX
Docker Indy Meetup Monitoring 30-Aug-2016
byMatt Bentley
 
Interactive learning analytics dashboards with ELK (Elasticsearch Logstash Ki...
byAndrii Vozniuk
 
Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)
byCohesive Networks
 
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
byBizTalk360
 
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
byNederlandstalige Zabbix Gebruikersgroep
 
Intro to sysdig in 15 minutes
bySysdig
 
The Dark Art of Container Monitoring - Spanish
bySysdig
 
Interactive Animated Projected Elk Map and Terrain Model
bynacis_slides
 
Venture classpresentation
byAnton Tyukov
 
Extending Sysdig with Chisel
bySysdig
 
Building Trustworthy Containers
bySysdig
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
bySysdig
 
09 application security fundamentals - part 2 - security mechanisms - logging
byappsec
 
Web Application Security 101 - 12 Logging
byWebsecurify
 
Behavioural activity monitoring on CoreOS with Sysdig Falco
bySysdig
 
ELK: a log management framework
byGiovanni Bechis
 
Introduction to ELK
byYuHsuan Chen
 
Log analysis with the elk stack
byVikrant Chauhan
 
IT Infrastructure Monitoring Strategies in Healthcare
byCA Technologies
 
Elk with Openstack
byArun prasath
 
Docker Indy Meetup Monitoring 30-Aug-2016
byMatt Bentley
 

Similar to Monitoring Docker with ELK

PPTX
Machine Learning and Logging for Monitoring Microservices
byDaniel Berman
 
PDF
The State of Logging on Docker
byTrevor Parsons
 
PPTX
Docker and the Container Ecosystem
bypsconnolly
 
PDF
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
PDF
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
PDF
Docker-v3.pdf
byBruno Cornec
 
PDF
Shipping Applications to Production in Containers with Docker
byJérôme Petazzoni
 
PPTX
Docker
byHussien Elhannan
 
PDF
Docker
byBrian Hogan
 
PDF
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
byPROIDEA
 
PDF
[scala.by] Launching new application fast
byDenis Karpenko
 
PDF
On-Demand Image Resizing Extended - External Meet-up
byJonathan Lee
 
PDF
A Hands-on Introduction to Docker
byCodeOps Technologies LLP
 
PDF
Docker Online Meetup #3: Docker in Production
byDocker, Inc.
 
PDF
Docker Essentials Workshop— Innovation Labs July 2020
byCloudHero
 
PPTX
Learn docker Interactively with Examples
bydewilearnaws
 
PPTX
Introduction to automated environment management with Docker Containers - for...
byLucas Jellema
 
PDF
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
byErica Windisch
 
PDF
Introduction to Docker and Monitoring with InfluxData
byInfluxData
 
PDF
Learning Docker with Thomas
byThomas Tong, FRM, PMP
 
Machine Learning and Logging for Monitoring Microservices
byDaniel Berman
 
The State of Logging on Docker
byTrevor Parsons
 
Docker and the Container Ecosystem
bypsconnolly
 
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
Docker-v3.pdf
byBruno Cornec
 
Shipping Applications to Production in Containers with Docker
byJérôme Petazzoni
 
Docker
byHussien Elhannan
 
Docker
byBrian Hogan
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
byPROIDEA
 
[scala.by] Launching new application fast
byDenis Karpenko
 
On-Demand Image Resizing Extended - External Meet-up
byJonathan Lee
 
A Hands-on Introduction to Docker
byCodeOps Technologies LLP
 
Docker Online Meetup #3: Docker in Production
byDocker, Inc.
 
Docker Essentials Workshop— Innovation Labs July 2020
byCloudHero
 
Learn docker Interactively with Examples
bydewilearnaws
 
Introduction to automated environment management with Docker Containers - for...
byLucas Jellema
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
byErica Windisch
 
Introduction to Docker and Monitoring with InfluxData
byInfluxData
 
Learning Docker with Thomas
byThomas Tong, FRM, PMP
 

Recently uploaded

PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
PDF
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
PPTX
WIFI Enabled 8 by 32 Matrix.pptx for final year project
bymdsabbirhossain524856
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
PDF
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PDF
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
PDF
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
connectives-linking words in English.ppt
byAmrMohammed82
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
WIFI Enabled 8 by 32 Matrix.pptx for final year project
bymdsabbirhossain524856
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 

Monitoring Docker with ELK

  • 1.
  • 2.
  • 3.
    Daniel Berman • ProductEvangelist @Logzio • LAMPer • Contributor on SitePoint and DZone • TLV-PHP Meetup organizer • @proudboffin, daniel@logz.io
  • 5.
    2-Mins on • End-to-endELK as a service • Auto-scaling, secure • SOC-II compliant, ISO27001 • AWS-based • Alerting, user-control, ELK Apps
  • 6.
    Agenda • Why logging? •The logging challenge • The Docker challenge • Common logging solutions • Introducing ELK • Docker log collector • Demo • Questions?
  • 7.
    RFID Windows App Database asd SensorsApp server Mainframe Active directory Network Security Exchange Why logging? Web server
  • 8.
  • 9.
    The shift toopen source
  • 10.
  • 11.
    The logging challenge •No centralization • No consistency • No accessibility * Puppet DevOps Survey 2016
  • 12.
  • 13.
  • 14.
    2016-06-02T13:05:22.614090Z 0 [Note]InnoDB: 5.7.12 started; log sequence number 2522067 CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O 3747bd397456 0.01% 3.641 MB / 2.1 GB 0.17% 3.366 kB / 648 B 0 B / 0 B 396e42ba0d15 0.11% 1.638 MB / 2.1 GB 0.08% 9.79 kB / 648 B 348.2 kB / 0 B 468bf755240a 3.19% 45.67 MB / 2.1 GB 2.17% 25.19 MB / 17.95 MB 774.1 kB / 0 B 5f16814a3c0e 0.01% 495.6 kB / 2.1 GB 0.02% 8.564 kB / 648 B 0 B / 0 B 74cdfa7b8a0c 0.04% 3.908 MB / 2.1 GB 0.19% 2.028 kB / 648 B 0 B / 0 B 99bafb7600fc 0.00% 32.95 MB / 2.1 GB 1.57% 0 B / 0 B 2.093 MB / 20.48 kB a48f7ba0ace7 0.04% 390.4 MB / 2.1 GB 18.59% 4.704 kB / 648 B 31.29 MB / 306.5 MB d7b60560e4d8 0.27% 220.9 MB / 2.1 GB 10.52% 7.338 kB / 648 B 94.21 kB / 114.7 kB $ docker logs $ docker stats $ docker daemon time="2016-06-05T12:03:49.716900785Z" level=debug msg="received containerd event: &types.Event{Type:"exit", Id:"3747bd397456cd28058bb40799cd0642f431849b5c43ce56536ab7f55a98114f", Status:0x0, Pid:"4120a7625a592f7c95eab4b1b442a45370f6dd95b63d284714dbb58f00d0a20d", Timestamp:0x57541525}"
  • 15.
  • 16.
    $ tail -f isnot enough
  • 17.
    Common logging solutions •Application logging (data volumes) • Logspout • Drivers - json-file (default), syslog, fluentd, gelf, journald • Monitoring/Logging tools - Datadog, Papertail, Dynatrace, Sysdig
  • 18.
    • World’s mostpopular open source log analysis platform • 4.5M downloads a month! • Centralized logging AND: search, BI, SEO, IoT, and more Introducing ELK
  • 19.
    Old school logging $grep ' 30[1234] ' /var/logs/apache2/access.log | grep -v baidu | grep -v Googlebot 173.230.156.8 - - [04/Sep/2015:06:10:10 +0000] "GET /morpht HTTP/1.0" 301 26 "-" "Mozilla/5.0 (pc-x86_64-linux-gnu)" 192.3.83.5 - - [04/Sep/2015:06:10:22 +0000] "GET /?q=node/add HTTP/1.0" 301 26 "http://morpht.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5" 192.3.83.5 - - [04/Sep/2015:06:10:23 +0000] "GET /?q=user/register HTTP/1.0" 301 26 "http://morpht.com/node/add" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600. 2.5"
  • 20.
    New school logging type:apacheAND website: "mysite" AND response: [500 TO *]
  • 21.
    • A full-textsearch & analytics engine • Open source, written in Java and based on Apache Lucene • Designed for speed, scalability and high availability • Advanced querying using REST API
  • 22.
    • Collects, processes,and forwards logs • Over 200 input, filter and output plugins for manipulating the data
  • 23.
    • Open sourcevisualization platform • For querying and analyzing logs • Visualizations and monitoring dashboards
  • 24.
  • 25.
    Docker —> ELK SetupELK: Install Elasticsearch, Logstash and Kibana • Elasticsearch - https://hub.docker.com/_/elasticsearch/ • Logstash - https://hub.docker.com/_/logstash/ • Kibana - https://hub.docker.com/_/kibana/ • Full stack: https://hub.docker.com/r/sebp/elk/
  • 26.
    Docker —> ELK •Use syslog logging driver logging: driver: syslog options: syslog-address: "udp://$IP_LOGSTASH:5000" syslog-tag: “nginx-with-syslog" • Use logspout and Logstash module : input { udp { port => 5000 codec => json } }
  • 27.
    Docker Log Collector •Dedicated container • Unified logging layer, fetching: • Docker logs from all the running containers per Docker host • Docker stats for all the containers • Docker daemon events
  • 28.
    How it works •Based on docker-loghose and docker-stats • POST /containers/{id}/attach, to fetch the logs • GET /containers/{id}/stats, to fetch the stats of the container • GET /containers/json, to detect the containers that are running when this module starts • GET /events, to detect new containers that will start after the module has started
  • 29.
    Running it $ dockerpull logzio/logzio-docker $ docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock logzio/logzio-docker -t UfKqCazQjUYnBNcJqSryIRyDIjExjwIZ
  • 30.
    Running options -- no-stats,to not send stats -- no-logs, to not send logs -- no-dockerEvents, to not send daemon events -i/-- statsinterval, to set the stats interval -a, custom tag -- matchByName / -skipByName, blacklist or whitelist containers
  • 31.
    What metrics tolook out for • Errors and warnings • Container CPU% • Container memory usage • # of running containers • Network usage
  • 32.
  • 34.
    Resources • Logz.io blog:http://logz.io/blog/ • Elastic: https://www.elastic.co/learn • Loggly blog: https://www.loggly.com/blog/topic/general/
  • 35.
  • 36.
    Performance agent $ dockerpull logzio/logzio-perfagent $ docker run -d --net="host" -e LOGZ_TOKEN="UfKqCazQjUYnBNcJqSryIRyDIjExjwIZ"- e USER_TAG="workers" -e HOSTNAME=`hostname` - e INSTANCE="10.1.2.3" --restart=always logzio/logzio-perfagent

Editor's Notes

  • #3 Need to start looking at our Docker environment from a more high level view. This talk will also try and approach Docker from a more holistic point of view.
  • #5 One picture is worth 1000 words! Chaos
  • #8 Logging is hands down the best way to see how your application is behaving, and when utilized properly allows you to catch problems early and make key technical decisions. IT infrastructures on the cloud
  • #9 Multiple use cases across operations, security, BI and IoT
  • #10 Log analytics market - divided into two disproportionate parts Splunk invented the space, small section of the market. Majority of the market are using ELK. Open source sitting on the convergence of various log analytics software: Hadoop, Spark, Elasticsearch Hadoop, Spark, Graphite, Kafka…ELK!
  • #11  Log analysis is like automated testing. Everyone know they need to do it, but no one ever does do it.
  • #12 Logs are coming in from a huge amount of servers all over the place - they can be on the cloud, local or hybrid. Puppet survey. Logging is different for each app/system: PHP/node, apache/nginx Large production environments consist of hundreds of servers Large data volume, difficult to find - remote access, authentication SSHing + GREPing is simply not enough
  • #14 Multiple containers per host, each with its own env, dedicated process - monitoring logs for each container is not a viable option Number of processes running within the same container Logz.io: 60 hosts running at any given time, each with a number of containers
  • #15 Various types of data being outputted by each container
  • #16 Traditional logging and monitoring took metrics static servers with long uptime Containers come and go, constantly moving, dynamic - some Docker servers run hundreds of short-term containers s You can’t log to the container since the data will be lost
  • #17 Data is no longer persistent and accessible, in the container era - data is ephemeral and distributed, turning log analytics into an engineering art Log analytics has become black magic - not unprone to human mistakes and errors.
  • #18 Application logging using data volumes - app handles logging using a logging framework, drawbacks: requires setup in app, no stats/events Logspout - runs as a container per host, drawbacks: only for stdout/stderr, no stats/events, not meant for management so no retention. Extremely popular (Datadog research) Drivers - drawbacks: tough to troubleshoot and administrate, miss out on daemon events and stats, requires extra config SaaS - cost, focus on monitoring metrics
  • #19 Why so popular? Simple and beautiful! Easy to get started UI is awesome! Open Source and free! Fast, very fast!
  • #20 Website down scenario
  • #22 Distributed architecture (sharding, replication) allows for huge capacity, scaling up to hundreds of servers and storing petabytes of data On the same hardware, queries that would take more than 10 seconds using SQL will return results in under 10 milliseconds in Elasticsearch. The result of all this is: a fast, scalable and reliable data store that can power any data discovery application.
  • #23 The stack’s workhorse - can process data from any source Hundreds of output plugins: AWS S3, MongoDB, Redis, Riak and many more
  • #26 2225 Elasticsearch images Over 100K pulls, configures log rotation, certification keys for log shippers.
  • #27 In both cases, stdout and stderr output Downfalls: Per host Resource consumption No stats/events
  • #28 Dedicated container making logging a part of the architecture Simplified scaling - simply run a container Daemon events: attach, commit, copy, create, destroy, detach, die, etc. — for understanding the lifecycle of containers
  • #30 On GitHub, so you can customize it any way you want.
  • #32 Errors and warnings Container CPU% - will help you set CPU limits for containers Container memory usage - will help you set memory limits for containers # of running containers - handy during deployments and updates to check that everything is running like before Network usage
  • #34 No silver bullet! (Bela Lugosi, 1931) Docker is still not mature enough, does not mean that logging is not necessary! ELK - is scalable, adds visualization layer, easier centralized analysis
  • #37 Monitoring host performance (not just Docker) collectl Rsyslog