SlideShare a Scribd company logo

Playground 11022017 user_monitoring

M
Matthijs Mali

The presentation belonging to the ALTEN Playground of november 2, 2017. More information on this playground can be found here: https://www.gitbook.com/book/matthijsmali/user-metrics/

Technology
1 of 52
Playground: User Monitoring Matthijs Mali UX Designer Joel Witteveen Software Engineer
Actually, let’s call it Data visualization We’re going to be doing more than user monitoring
Welcome • Slides available here • [slide link] • Preparation docs • https://www.gitbook.com/book/matthijsmali/user-metrics/
Contents • Why User Monitoring • Tools • Docker • ELK-Stack | X-Pack • Log Files • Use cases • Playground goal • Hands-on • Share results • Wrap-up
Who did not go through prep?
Why Data Visualization?
Yes, why? • Visualize user behavior • What is the status of our usage Hypothesis? • Is the application working as expected? • Easy insight in technical logging • Visually explore large datasets
TOOLS
DOCKER
Docker basics
ELK + X
LOGS
Logs • System logs • System did what and when? • Request logs • User requested what and when? • Event logs • User did what without requesting something when? • …
Use cases
Check potential security breach
Check potential security breach Has unsafe API endpoint been used from an external IP address?
Check usage hypothesis
Check usage hypothesis 50% of all sessions should contain usage of function X, is that the case?
Usage monitoring
Usage monitoring How often does the user search? At what time interval is the application used?
Exploring data
Exploring data We need insight in a large dataset and do not have a BI tool.
What had you crawling through log files recently?
Playground goal
RandomLogger Logfiles ELKX Container Application Container Own Logs Real-life logging situation
RandomLogger Logfiles ELKX Container Application Container Own Logs Dataset.csv Real-life logging situation Data exploration situation
Hands-on Form pairs if you don’t have a suitable laptop
Hands-on • Laptops ready & powered? • Pair up if you feel that is necessary • Working individually is also fine • The ‘random’-logger we use is not similar to a real-life situation. But gives a good idea.
Rough steps 1. Gathering information 2. Configure Filebeat (altenlogger) 3. Configure Logstash (elkx) 4. Restarting Logstash 5. Run Filebeat 6. Start logging 7. Create visualizations 8. Create a dashboard
Gathering information Terminal 1 - docker run –d –name altenlogger:altenlogger tail –f /dev/null - Docker exec –it altenlogger /bin/bash -l - Apt-get install net-tools - Apt-get install vim - Ifconfig (write down IP) Terminal 2 - docker run –m4G -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 9300:9300 -it --name elkx sebp/elkx - Docker exec –it elkx /bin/bash –l - Ifconfig (write down IP) For linux users
Configure Filebeat (Altenlogger) - vim /etc/filebeat/filebeat.yml - Loglocatie: /tmp/testlogfiles/error/*.log - Comment elasticsearch lines (92 – 100) - Uncomment logstash and write down correct host (“x.x.x.x:5044”) - Consider spacing and indenting while making edits.
Configure Logstash (elkx) - Look at /etc/logstash/conf.d/ directory - Pipeline, all files are executed -vim /etc/logstash/conf.d/02-beats-input.conf - Set SSL to false - Save the document :wq -cp 10-syslog.conf 12-altenlog.conf -vim 12-altenlog.conf
Gitbook > Cheatsheet > Log Grok pattern filter { if ([fields][log_type] == "error") { grok { match => { “message” => “%{IP:client} [%{TIMESTAMP_ISO8601:timestamp}] - %{WORD:username} - %{URIPATHPARAM:request} %{WORD:method} %{NUMBER:response}“ } } } else if ([fields][log_type] == "event") { grok { match => { "message" => "[%{TIMESTAMP_ISO8601:timestamp}] - %{WORD:username} - %{URIPATHPARAM:path} %{DATA:category} %{DATA:action} %{DATA:label}" } } } else if ([fields][log_type] == "request") { grok { match => { “message” => “%{IP:client} [%{TIMESTAMP_ISO8601:timestamp}] - %{WORD:username} - %{URIPATHPARAM:request} %{WORD:method} %{NUMBER:response}“ } } } } https://logz.io/blog/logstash-grok/
Restart Logstash • service --status-all • service logstash restart • ps aux | grep logstash • tail –f /var/log/logstash/logstash-plain.log
Run Filebeat from altenlogger -filebeat.sh –e - (-e shows debug information) - If it doesn’t show connection issues, all seems okay!
Start logging from altenlogger -docker exec –it altenlogger /bin/bash –l -java –jar com.altenlogger-etc…
Open Kibana • Navigate to localhost:5601 • Login with elastic/changeme • Create index pattern: “filebeat-*” • Choose “timestamp” for Time Filter field name • Click create • See no data? Adjust time filter on the top right and set to month to date
Discovering data • Try some queries • Username:Sydney • Username:”Sydney” method:post • Click Add Filter • Choose response is 200 • Drag across time to zoom in
Visualize • Demo • Most Active Users • Total amount of requests within selection • Requests per day
Steps to create a dashboard • Create new Visualization • Choose type • Choose index (filebeat-*) • Choose aggregation • Choose fields • Press “Play button” and finetune • Save Visualization • Choose a good name, ie. “Altenlogger-ActiveUsers” • Create new dashboard / Open dashboard • Click edit > Add • Choose visualizations to add • Save dashboard
Share results
What about other data? Open data sets ☺
Demo Fifa dataset • Demonstrate ‘finalized’ dashboard
Configuring an open data set • See Gitbook > Playing with other data • Stop logstash service • Import the CSV • Logstash configuration • Mutate data • CSV imported as strings by default, but we need numbers • Start Logstash service • Check logging elastic / logstash for errors
Discussion
Questionnaire http://bit.ly/2A7a2Xj
Thanks!
Thanks! • Slides available here • [slide link] • Preparation docs • https://tiny.cc/altenplayground • Questionnaire • http://bit.ly/2A7a2Xj {

Recommended

Hacking on WildFly 9
Hacking on WildFly 9Hacking on WildFly 9
Hacking on WildFly 9JBUG London
 
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and KibanaPuppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibanapkill
 
XNA L01–Introduction
XNA L01–IntroductionXNA L01–Introduction
XNA L01–IntroductionMohammad Shaker
 
Deploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetDeploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetColin Brown
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and GithubSomkiat Puisungnoen
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and GithubRoland Emmanuel Salunga
 
RunDeck
RunDeckRunDeck
RunDeckBruno Bonfils
 
The story and tech of Read the Docs
The story and tech of Read the DocsThe story and tech of Read the Docs
The story and tech of Read the Docsericholscher
 

Recommended

Hacking on WildFly 9
Hacking on WildFly 9Hacking on WildFly 9
Hacking on WildFly 9JBUG London
 
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and KibanaPuppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibana
Puppetconf 2015 - Puppet Reporting with Elasticsearch Logstash and Kibanapkill
 
XNA L01–Introduction
XNA L01–IntroductionXNA L01–Introduction
XNA L01–IntroductionMohammad Shaker
 
Deploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetDeploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetColin Brown
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and GithubSomkiat Puisungnoen
 
Introduction to Git and Github
Introduction to Git and GithubIntroduction to Git and Github
Introduction to Git and GithubRoland Emmanuel Salunga
 
RunDeck
RunDeckRunDeck
RunDeckBruno Bonfils
 
The story and tech of Read the Docs
The story and tech of Read the DocsThe story and tech of Read the Docs
The story and tech of Read the Docsericholscher
 
DevOps Fest 2020. Alexey Golub. GitHub Actions in action
DevOps Fest 2020. Alexey Golub. GitHub Actions in actionDevOps Fest 2020. Alexey Golub. GitHub Actions in action
DevOps Fest 2020. Alexey Golub. GitHub Actions in actionDevOps_Fest
 
Git 101
Git 101Git 101
Git 101Sachet Mittal
 
Logstash and friends
Logstash and friendsLogstash and friends
Logstash and friendsJulien Pivotto
 
Git and github 101
Git and github 101Git and github 101
Git and github 101Senthilkumar Gopal
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation EasyPeter Sankauskas
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Daniel Bohannon
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellBeau Bullock
 
PowerShell for SharePoint Admins
PowerShell for SharePoint AdminsPowerShell for SharePoint Admins
PowerShell for SharePoint AdminsRick Taylor
 
CNIT 126 Ch 9: OllyDbg
CNIT 126 Ch 9: OllyDbgCNIT 126 Ch 9: OllyDbg
CNIT 126 Ch 9: OllyDbgSam Bowne
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerDennis Rowe
 
Introduction to ACI APIs
Introduction to ACI APIsIntroduction to ACI APIs
Introduction to ACI APIsCisco DevNet
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
 
CNIT 126 Ch 11: Malware Behavior
CNIT 126 Ch 11: Malware BehaviorCNIT 126 Ch 11: Malware Behavior
CNIT 126 Ch 11: Malware BehaviorSam Bowne
 
Ansible + WordPress
Ansible + WordPressAnsible + WordPress
Ansible + WordPressAlan Lok
 
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...How to Build & Deploy a HelloWorld API function using Java on OpenShift in...
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...Jan Vosecky
 
GitHub Actions - Melbourne UG
GitHub Actions - Melbourne UGGitHub Actions - Melbourne UG
GitHub Actions - Melbourne UGNatraj Yegnaraman
 
Super Fast Gevent Introduction
Super Fast Gevent IntroductionSuper Fast Gevent Introduction
Super Fast Gevent IntroductionWalter Liu
 
Introduction to git & GitHub
Introduction to git & GitHubIntroduction to git & GitHub
Introduction to git & GitHubPoornachandrakashi
 
Celery workshop
Celery workshopCelery workshop
Celery workshopEswar Vandanapu
 
#vBrownBag OpenStack - Review & Kickoff for Phase 2
#vBrownBag OpenStack - Review & Kickoff for Phase 2#vBrownBag OpenStack - Review & Kickoff for Phase 2
#vBrownBag OpenStack - Review & Kickoff for Phase 2ProfessionalVMware
 
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoStorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoAlluxio, Inc.
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
 

More Related Content

What's hot

DevOps Fest 2020. Alexey Golub. GitHub Actions in action
DevOps Fest 2020. Alexey Golub. GitHub Actions in actionDevOps Fest 2020. Alexey Golub. GitHub Actions in action
DevOps Fest 2020. Alexey Golub. GitHub Actions in actionDevOps_Fest
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation EasyPeter Sankauskas
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Daniel Bohannon
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellBeau Bullock
 
PowerShell for SharePoint Admins
PowerShell for SharePoint AdminsPowerShell for SharePoint Admins
PowerShell for SharePoint AdminsRick Taylor
 
CNIT 126 Ch 9: OllyDbg
CNIT 126 Ch 9: OllyDbgCNIT 126 Ch 9: OllyDbg
CNIT 126 Ch 9: OllyDbgSam Bowne
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerDennis Rowe
 
Introduction to ACI APIs
Introduction to ACI APIsIntroduction to ACI APIs
Introduction to ACI APIsCisco DevNet
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Idan Tohami
 
CNIT 126 Ch 11: Malware Behavior
CNIT 126 Ch 11: Malware BehaviorCNIT 126 Ch 11: Malware Behavior
CNIT 126 Ch 11: Malware BehaviorSam Bowne
 
Ansible + WordPress
Ansible + WordPressAnsible + WordPress
Ansible + WordPressAlan Lok
 
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...How to Build & Deploy a HelloWorld API function using Java on OpenShift in...
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...Jan Vosecky
 
GitHub Actions - Melbourne UG
GitHub Actions - Melbourne UGGitHub Actions - Melbourne UG
GitHub Actions - Melbourne UGNatraj Yegnaraman
 
Super Fast Gevent Introduction
Super Fast Gevent IntroductionSuper Fast Gevent Introduction
Super Fast Gevent IntroductionWalter Liu
 
#vBrownBag OpenStack - Review & Kickoff for Phase 2
#vBrownBag OpenStack - Review & Kickoff for Phase 2#vBrownBag OpenStack - Review & Kickoff for Phase 2
#vBrownBag OpenStack - Review & Kickoff for Phase 2ProfessionalVMware
 

What's hot (20)

DevOps Fest 2020. Alexey Golub. GitHub Actions in action
DevOps Fest 2020. Alexey Golub. GitHub Actions in actionDevOps Fest 2020. Alexey Golub. GitHub Actions in action
DevOps Fest 2020. Alexey Golub. GitHub Actions in action
 
Git 101
Git 101Git 101
Git 101
 
Logstash and friends
Logstash and friendsLogstash and friends
Logstash and friends
 
Git and github 101
Git and github 101Git and github 101
Git and github 101
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShell
 
PowerShell for SharePoint Admins
PowerShell for SharePoint AdminsPowerShell for SharePoint Admins
PowerShell for SharePoint Admins
 
CNIT 126 Ch 9: OllyDbg
CNIT 126 Ch 9: OllyDbgCNIT 126 Ch 9: OllyDbg
CNIT 126 Ch 9: OllyDbg
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
 
Introduction to ACI APIs
Introduction to ACI APIsIntroduction to ACI APIs
Introduction to ACI APIs
 
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.Ansible 2.0 - How to use Ansible to automate your applications in AWS.
Ansible 2.0 - How to use Ansible to automate your applications in AWS.
 
CNIT 126 Ch 11: Malware Behavior
CNIT 126 Ch 11: Malware BehaviorCNIT 126 Ch 11: Malware Behavior
CNIT 126 Ch 11: Malware Behavior
 
Ansible + WordPress
Ansible + WordPressAnsible + WordPress
Ansible + WordPress
 
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...How to Build & Deploy a HelloWorld API function using Java on OpenShift in...
How to Build & Deploy a HelloWorld API function using Java on OpenShift in...
 
GitHub Actions - Melbourne UG
GitHub Actions - Melbourne UGGitHub Actions - Melbourne UG
GitHub Actions - Melbourne UG
 
Super Fast Gevent Introduction
Super Fast Gevent IntroductionSuper Fast Gevent Introduction
Super Fast Gevent Introduction
 
Introduction to git & GitHub
Introduction to git & GitHubIntroduction to git & GitHub
Introduction to git & GitHub
 
Celery workshop
Celery workshopCelery workshop
Celery workshop
 
#vBrownBag OpenStack - Review & Kickoff for Phase 2
#vBrownBag OpenStack - Review & Kickoff for Phase 2#vBrownBag OpenStack - Review & Kickoff for Phase 2
#vBrownBag OpenStack - Review & Kickoff for Phase 2
 

Similar to Playground 11022017 user_monitoring

StorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoStorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoAlluxio, Inc.
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
 
OSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica Sarbu
OSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica SarbuOSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica Sarbu
OSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica SarbuNETWAYS
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsGraham Dumpleton
 
DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2Vincent Mercier
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE
 
DockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopDockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopBrian Christner
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek PROIDEA
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackJakub Hajek
 
Django dev-env-my-way
Django dev-env-my-wayDjango dev-env-my-way
Django dev-env-my-wayRobert Lujo
 
Digital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meetingDigital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meetingHenry Schreiner
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackCesar Capillas
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsAnthony D Hendricks
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidMatthew Johnson
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analyticsDrew Crawford
 
Fullstack workshop
Fullstack workshopFullstack workshop
Fullstack workshopAssaf Gannon
 
Cashing in on logging and exception data
Cashing in on logging and exception dataCashing in on logging and exception data
Cashing in on logging and exception dataStackify
 
Where's the source, Luke? : How to find and debug the code behind Plone
Where's the source, Luke? : How to find and debug the code behind PloneWhere's the source, Luke? : How to find and debug the code behind Plone
Where's the source, Luke? : How to find and debug the code behind PloneVincenzo Barone
 
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...gree_tech
 

Similar to Playground 11022017 user_monitoring (20)

StorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and PrestoStorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 
OSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica Sarbu
OSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica SarbuOSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica Sarbu
OSDC 2016 - Unifying Logs and Metrics Data with Elastic Beats by Monica Sarbu
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web Applications
 
DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
 
DockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopDockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging Workshop
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
 
Django dev-env-my-way
Django dev-env-my-wayDjango dev-env-my-way
Django dev-env-my-way
 
Digital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meetingDigital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meeting
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shells
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
 
PowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue KidPowerShell - Be A Cool Blue Kid
PowerShell - Be A Cool Blue Kid
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analytics
 
Fullstack workshop
Fullstack workshopFullstack workshop
Fullstack workshop
 
Cashing in on logging and exception data
Cashing in on logging and exception dataCashing in on logging and exception data
Cashing in on logging and exception data
 
Where's the source, Luke? : How to find and debug the code behind Plone
Where's the source, Luke? : How to find and debug the code behind PloneWhere's the source, Luke? : How to find and debug the code behind Plone
Where's the source, Luke? : How to find and debug the code behind Plone
 
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Playground 11022017 user_monitoring

  • 1. Playground: User Monitoring Matthijs Mali UX Designer Joel Witteveen Software Engineer
  • 2. Actually, let’s call it Data visualization We’re going to be doing more than user monitoring
  • 3. Welcome • Slides available here • [slide link] • Preparation docs • https://www.gitbook.com/book/matthijsmali/user-metrics/
  • 4. Contents • Why User Monitoring • Tools • Docker • ELK-Stack | X-Pack • Log Files • Use cases • Playground goal • Hands-on • Share results • Wrap-up
  • 5. Who did not go through prep?
  • 7. Yes, why? • Visualize user behavior • What is the status of our usage Hypothesis? • Is the application working as expected? • Easy insight in technical logging • Visually explore large datasets
  • 11.
  • 13.
  • 14.
  • 15.
  • 16. LOGS
  • 17. Logs • System logs • System did what and when? • Request logs • User requested what and when? • Event logs • User did what without requesting something when? • …
  • 20. Check potential security breach Has unsafe API endpoint been used from an external IP address?
  • 22. Check usage hypothesis 50% of all sessions should contain usage of function X, is that the case?
  • 24. Usage monitoring How often does the user search? At what time interval is the application used?
  • 26. Exploring data We need insight in a large dataset and do not have a BI tool.
  • 27. What had you crawling through log files recently?
  • 31. Hands-on Form pairs if you don’t have a suitable laptop
  • 32. Hands-on • Laptops ready & powered? • Pair up if you feel that is necessary • Working individually is also fine • The ‘random’-logger we use is not similar to a real-life situation. But gives a good idea.
  • 33. Rough steps 1. Gathering information 2. Configure Filebeat (altenlogger) 3. Configure Logstash (elkx) 4. Restarting Logstash 5. Run Filebeat 6. Start logging 7. Create visualizations 8. Create a dashboard
  • 34. Gathering information Terminal 1 - docker run –d –name altenlogger:altenlogger tail –f /dev/null - Docker exec –it altenlogger /bin/bash -l - Apt-get install net-tools - Apt-get install vim - Ifconfig (write down IP) Terminal 2 - docker run –m4G -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 9300:9300 -it --name elkx sebp/elkx - Docker exec –it elkx /bin/bash –l - Ifconfig (write down IP) For linux users
  • 35. Configure Filebeat (Altenlogger) - vim /etc/filebeat/filebeat.yml - Loglocatie: /tmp/testlogfiles/error/*.log - Comment elasticsearch lines (92 – 100) - Uncomment logstash and write down correct host (“x.x.x.x:5044”) - Consider spacing and indenting while making edits.
  • 36. Configure Logstash (elkx) - Look at /etc/logstash/conf.d/ directory - Pipeline, all files are executed -vim /etc/logstash/conf.d/02-beats-input.conf - Set SSL to false - Save the document :wq -cp 10-syslog.conf 12-altenlog.conf -vim 12-altenlog.conf
  • 37. Gitbook > Cheatsheet > Log Grok pattern filter { if ([fields][log_type] == "error") { grok { match => { “message” => “%{IP:client} [%{TIMESTAMP_ISO8601:timestamp}] - %{WORD:username} - %{URIPATHPARAM:request} %{WORD:method} %{NUMBER:response}“ } } } else if ([fields][log_type] == "event") { grok { match => { "message" => "[%{TIMESTAMP_ISO8601:timestamp}] - %{WORD:username} - %{URIPATHPARAM:path} %{DATA:category} %{DATA:action} %{DATA:label}" } } } else if ([fields][log_type] == "request") { grok { match => { “message” => “%{IP:client} [%{TIMESTAMP_ISO8601:timestamp}] - %{WORD:username} - %{URIPATHPARAM:request} %{WORD:method} %{NUMBER:response}“ } } } } https://logz.io/blog/logstash-grok/
  • 38. Restart Logstash • service --status-all • service logstash restart • ps aux | grep logstash • tail –f /var/log/logstash/logstash-plain.log
  • 39. Run Filebeat from altenlogger -filebeat.sh –e - (-e shows debug information) - If it doesn’t show connection issues, all seems okay!
  • 40. Start logging from altenlogger -docker exec –it altenlogger /bin/bash –l -java –jar com.altenlogger-etc…
  • 41. Open Kibana • Navigate to localhost:5601 • Login with elastic/changeme • Create index pattern: “filebeat-*” • Choose “timestamp” for Time Filter field name • Click create • See no data? Adjust time filter on the top right and set to month to date
  • 42. Discovering data • Try some queries • Username:Sydney • Username:”Sydney” method:post • Click Add Filter • Choose response is 200 • Drag across time to zoom in
  • 43. Visualize • Demo • Most Active Users • Total amount of requests within selection • Requests per day
  • 44. Steps to create a dashboard • Create new Visualization • Choose type • Choose index (filebeat-*) • Choose aggregation • Choose fields • Press “Play button” and finetune • Save Visualization • Choose a good name, ie. “Altenlogger-ActiveUsers” • Create new dashboard / Open dashboard • Click edit > Add • Choose visualizations to add • Save dashboard
  • 46. What about other data? Open data sets ☺
  • 47. Demo Fifa dataset • Demonstrate ‘finalized’ dashboard
  • 48. Configuring an open data set • See Gitbook > Playing with other data • Stop logstash service • Import the CSV • Logstash configuration • Mutate data • CSV imported as strings by default, but we need numbers • Start Logstash service • Check logging elastic / logstash for errors
  • 52. Thanks! • Slides available here • [slide link] • Preparation docs • https://tiny.cc/altenplayground • Questionnaire • http://bit.ly/2A7a2Xj {