(Go: >> BACK << -|- >> HOME <<)
SlideShare a Scribd company logo

Elk with Openstack

Download as PPTX, PDF
Arun prasath
Arun prasath

Log analysis challenges include searching logs across multiple services and servers. The ELK stack provides a solution with Logstash to centralize log collection, Elasticsearch for storage and search, and Kibana for visualization. Logstash uses input, filter, and output plugins to collect, parse, and forward logs. Example configurations show using stdin and filters to parse OpenStack logs before outputting to Elasticsearch and Kibana for analysis and dashboards.

Related slideshows

Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
 
Exactly-once Stream Processing with Kafka Streams
Exactly-once Stream Processing with Kafka StreamsExactly-once Stream Processing with Kafka Streams
Exactly-once Stream Processing with Kafka Streams
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
1 of 17
ELK with Openstack Arun prasath S June 16, 2016
Challenges in log analysis • Multiple services • Multiple servers behind load balancers • Searching the logs (cat, tail, sed, grep, awk) • Finding logs in particular time in multiple servers • Finding fields (Instance ID, name, IP address) in multiple servers and correlating them • Log analysis , summary, visualization
ELK user operation demo • Performing a normal search • Filtering based on time, fields • Viewing document data • Viewing field data statistics • Visualize data • Dashboards
ELK Architecture Logstash forwarder Servers Logstash (Indexer) Storage and search Dashboard
Broker • Temporary buffer between logstash agents and central server • Enhance performance by providing caching buffer for log events • Adds resiliency • Incase the indexing fails, the events are held in queue instead of getting lost
Logstash • Runs on JVM • Multiple Input / Multiple output • Centralize logs • Collect • Parse • Store / Forward • 3 components – Input, Filter and Output
Logstash conf - /etc/logstash/conf.d input { } filter{ } output{ }
Logstash - Input • Input plugin enables a specific source of events to be read by Logstash. • Some examples of input • Beats • File • Stdin • Eventlog • More here
Logstash - Filter • A filter plugin performs intermediary processing on an event. Filters are often applied conditionally depending on the characteristics of the event. • Some examples are • Csv • Date • Grok • Json • More here
Logstash - Output • An output plugin sends event data to a particular destination. • Some examples are • Csv • redis • elasticsearch • File • Jira, Nagios, pagerduty • stdout • More here
Logstash - codec • A codec plugin changes the data representation of an event • Some examples are • Collectd - Reads events from the collectd binary protocol using UDP • Graphite - Reads graphite formatted lines • Json - Reads JSON formatted content, creating one event per element in a JSON array • Plain - Reads plaintext with no delimiting between events • rubydebug - Applies the Ruby Awesome Print library to Logstash events • More here
Example - 1 (stdin input / rubydebug output) input { stdin {} } filter{ } output{ stdout { codec => rubydebug } }
Example – 2 (Basic filter on syslog with stdin input and rubydebug output) input { stdin {} } filter{ grok { match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } syslog_pri { } date { match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } } output{ stdout { codec => rubydebug } }
Example – 3 (Openstack filters with file input and multiple output) input { file { path => ['/var/log/nova/nova-api-metadata.log'] tags => ['nova', 'oslofmt', 'novametaapi'] type => "nova" } … } filter{ … else if "novaapi" in [tags] { if [module] == "nova.osapi_compute.wsgi.server" { mutate { gsub => ['logmessage',""",""] } grok { match => { "logmessage" => "[req-%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant}] %{NOTSPACE:requesterip} %{NOTSPACE:method} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} status: %{NUMBER:response} len: %{NUMBER:bytes} time: %{NUMBER:seconds}" } add_field => ["api", "nova"] add_tag => ["apimetrics"] } … } output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug } } Ref: https://github.com/bingoarunprasath/logstash-openstack-filters
Elasticsearch • Searching and storing of logs • Built on Apache lucene (https://lucene.apache.org/core/) • Massively distributed • High availability • Developer friendly , RESTful API
Kibana • Dashboard • Provides various options to search data • Creates bar charts, pie charts and various other data visualizations. • Can create custom dashboard and add the saved visualizations. • Simple data export
Installation notes • Install Java • Install elasticsearch and Kibana • Install nginx for reverse proxy and basic AUTH • Install logstash, generate SSH certificates • Configure one output to elasticsearch • Load Kibana dashboard • Setup filebeat / logstash in agent machines and output to logstash • Ansible role - https://galaxy.ansible.com/bingoarunprasath/elk/ • Filters - https://github.com/bingoarunprasath/logstash-openstack- filters

More Related Content

What's hot

Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
Viyaan Jhiingade
 
Exactly-once Stream Processing with Kafka Streams
Exactly-once Stream Processing with Kafka StreamsExactly-once Stream Processing with Kafka Streams
Exactly-once Stream Processing with Kafka Streams
Guozhang Wang
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
Knoldus Inc.
 
Airflow Best Practises & Roadmap to Airflow 2.0
Airflow Best Practises & Roadmap to Airflow 2.0Airflow Best Practises & Roadmap to Airflow 2.0
Airflow Best Practises & Roadmap to Airflow 2.0
Kaxil Naik
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Arnab Mitra
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWS
Shiva Narayanaswamy
 
Query logging with proxysql
Query logging with proxysqlQuery logging with proxysql
Query logging with proxysql
YoungHeon (Roy) Kim
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
Mongo DB Presentation
Mongo DB PresentationMongo DB Presentation
Mongo DB Presentation
Jaya Naresh Kovela
 
The Basics of MongoDB
The Basics of MongoDBThe Basics of MongoDB
The Basics of MongoDB
valuebound
 
Vert.x for Microservices Architecture
Vert.x for Microservices ArchitectureVert.x for Microservices Architecture
Vert.x for Microservices Architecture
Idan Fridman
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Flink Forward
 
Jenkins presentation
Jenkins presentationJenkins presentation
Jenkins presentation
Valentin Buryakov
 
MySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaMySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & Grafana
YoungHeon (Roy) Kim
 
Jenkins-CI
Jenkins-CIJenkins-CI
Jenkins-CI
Gong Haibing
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQL
Amazon Web Services
 
Shuffle phase as the bottleneck in Hadoop Terasort
Shuffle phase as the bottleneck in Hadoop TerasortShuffle phase as the bottleneck in Hadoop Terasort
Shuffle phase as the bottleneck in Hadoop Terasort
pramodbiligiri
 
Secrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on KubernetesSecrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on Kubernetes
Bruno Borges
 

What's hot (20)

Jenkins CI
Jenkins CIJenkins CI
Jenkins CI
 
Exactly-once Stream Processing with Kafka Streams
Exactly-once Stream Processing with Kafka StreamsExactly-once Stream Processing with Kafka Streams
Exactly-once Stream Processing with Kafka Streams
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
 
Airflow Best Practises & Roadmap to Airflow 2.0
Airflow Best Practises & Roadmap to Airflow 2.0Airflow Best Practises & Roadmap to Airflow 2.0
Airflow Best Practises & Roadmap to Airflow 2.0
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWS
 
Query logging with proxysql
Query logging with proxysqlQuery logging with proxysql
Query logging with proxysql
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Mongo DB Presentation
Mongo DB PresentationMongo DB Presentation
Mongo DB Presentation
 
The Basics of MongoDB
The Basics of MongoDBThe Basics of MongoDB
The Basics of MongoDB
 
Vert.x for Microservices Architecture
Vert.x for Microservices ArchitectureVert.x for Microservices Architecture
Vert.x for Microservices Architecture
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
 
Jenkins presentation
Jenkins presentationJenkins presentation
Jenkins presentation
 
MySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & GrafanaMySQL Monitoring using Prometheus & Grafana
MySQL Monitoring using Prometheus & Grafana
 
Jenkins-CI
Jenkins-CIJenkins-CI
Jenkins-CI
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQL
 
Shuffle phase as the bottleneck in Hadoop Terasort
Shuffle phase as the bottleneck in Hadoop TerasortShuffle phase as the bottleneck in Hadoop Terasort
Shuffle phase as the bottleneck in Hadoop Terasort
 
Secrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on KubernetesSecrets of Performance Tuning Java on Kubernetes
Secrets of Performance Tuning Java on Kubernetes
 

Viewers also liked

Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, KibanaLogging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Md Safiyat Reza
 
Docker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken CochraneDocker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken Cochrane
Docker, Inc.
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireNYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 

Viewers also liked (6)

Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, KibanaLogging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
 
Docker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken CochraneDocker Hub Breakout Session at DockerCon by Ken Cochrane
Docker Hub Breakout Session at DockerCon by Ken Cochrane
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireNYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!
 

Similar to Elk with Openstack

Logstash
LogstashLogstash
Logstash
琛琳 饶
 
Logstash
LogstashLogstash
Logstash
Rajgourav Jain
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
uzzal basak
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
dknx01
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
琛琳 饶
 
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et KibanaJournée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Publicis Sapient Engineering
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
PROIDEA
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
Jakub Hajek
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
ForgeRock
 
Stress test data pipeline
Stress test data pipelineStress test data pipeline
Stress test data pipeline
Marina Grechuhin
 
Logs management
Logs managementLogs management
Logs management
Mantas Klasavicius
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
Harshakumar Ummerpillai
 
Log Aggregation
Log AggregationLog Aggregation
Log Aggregation
Ahmed Gaber
 
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
INSIGHT FORENSIC
 
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Apex
 
Using akka streams to access s3 objects
Using akka streams to access s3 objectsUsing akka streams to access s3 objects
Using akka streams to access s3 objects
Mikhail Girkin
 
Log4j2
Log4j2Log4j2
Log4j2
joergreichert
 
Logging for Production Systems in The Container Era
Logging for Production Systems in The Container EraLogging for Production Systems in The Container Era
Logging for Production Systems in The Container Era
Sadayuki Furuhashi
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
Sematext Group, Inc.
 
JDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A Logstack
JDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A LogstackJDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A Logstack
JDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A Logstack
PROIDEA
 

Similar to Elk with Openstack (20)

Logstash
LogstashLogstash
Logstash
 
Logstash
LogstashLogstash
Logstash
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
 
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et KibanaJournée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
Journée DevOps : Des dashboards pour tous avec ElasticSearch, Logstash et Kibana
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
 
Stress test data pipeline
Stress test data pipelineStress test data pipeline
Stress test data pipeline
 
Logs management
Logs managementLogs management
Logs management
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
 
Log Aggregation
Log AggregationLog Aggregation
Log Aggregation
 
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
 
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
 
Using akka streams to access s3 objects
Using akka streams to access s3 objectsUsing akka streams to access s3 objects
Using akka streams to access s3 objects
 
Log4j2
Log4j2Log4j2
Log4j2
 
Logging for Production Systems in The Container Era
Logging for Production Systems in The Container EraLogging for Production Systems in The Container Era
Logging for Production Systems in The Container Era
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
 
JDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A Logstack
JDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A LogstackJDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A Logstack
JDD 2016 - Tomasz Gagor, Pawel Torbus - A Needle In A Logstack
 

More from Arun prasath

Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using Istio
Arun prasath
 
Istio
Istio Istio
Istio
Arun prasath
 
Openstack Heat
Openstack HeatOpenstack Heat
Openstack Heat
Arun prasath
 
HP CloudSystem Matrix
HP CloudSystem MatrixHP CloudSystem Matrix
HP CloudSystem Matrix
Arun prasath
 
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMSARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
Arun prasath
 
Highly confidential security system - sole survivors - SRS
Highly confidential security system - sole survivors - SRSHighly confidential security system - sole survivors - SRS
Highly confidential security system - sole survivors - SRS
Arun prasath
 
Toll application - .NET and Android - SRS
Toll application - .NET and Android - SRSToll application - .NET and Android - SRS
Toll application - .NET and Android - SRS
Arun prasath
 
Toll app - Android project
Toll app - Android projectToll app - Android project
Toll app - Android project
Arun prasath
 

More from Arun prasath (8)

Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using Istio
 
Istio
Istio Istio
Istio
 
Openstack Heat
Openstack HeatOpenstack Heat
Openstack Heat
 
HP CloudSystem Matrix
HP CloudSystem MatrixHP CloudSystem Matrix
HP CloudSystem Matrix
 
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMSARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
 
Highly confidential security system - sole survivors - SRS
Highly confidential security system - sole survivors - SRSHighly confidential security system - sole survivors - SRS
Highly confidential security system - sole survivors - SRS
 
Toll application - .NET and Android - SRS
Toll application - .NET and Android - SRSToll application - .NET and Android - SRS
Toll application - .NET and Android - SRS
 
Toll app - Android project
Toll app - Android projectToll app - Android project
Toll app - Android project
 

Recently uploaded

Simple Lang Compiledsadasdasdadawkodjaisr(1).pptx
Simple Lang Compiledsadasdasdadawkodjaisr(1).pptxSimple Lang Compiledsadasdasdadawkodjaisr(1).pptx
Simple Lang Compiledsadasdasdadawkodjaisr(1).pptx
SiddharthJadhav62
 
Smart Irrigation Systems - Enhancing Agriculture Through Automation
Smart Irrigation Systems - Enhancing Agriculture Through AutomationSmart Irrigation Systems - Enhancing Agriculture Through Automation
Smart Irrigation Systems - Enhancing Agriculture Through Automation
indrajithgoswami
 
Kerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdfKerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdf
Nicky Xiong熊妮
 
NOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System PresentationNOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System Presentation
miniruwan1
 
Human_assault project using jetson nano new
Human_assault project using jetson nano newHuman_assault project using jetson nano new
Human_assault project using jetson nano new
frostflash010
 
Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)
rkpv2002
 
Modified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNNModified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNN
ijwmn
 
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdfMachine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
Dr. Shivashankar
 
AFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdfAFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdf
vibhapatil140
 
Basic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethicsBasic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethics
mpa7083
 
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdfRed Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
mdfkobir
 
REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...
REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...
REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...
CSEIJJournal
 
constitutionofindia-fgfg191129033126.pptx
constitutionofindia-fgfg191129033126.pptxconstitutionofindia-fgfg191129033126.pptx
constitutionofindia-fgfg191129033126.pptx
zarinajinna7432
 
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
John Gallagher
 
Concepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.pptConcepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.ppt
princeshah76
 
AI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.pptAI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.ppt
GeethaAL
 
Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...
Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...
Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...
saroni night girls
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
huseindihon
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
huseindihon
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
princeshah76
 

Recently uploaded (20)

Simple Lang Compiledsadasdasdadawkodjaisr(1).pptx
Simple Lang Compiledsadasdasdadawkodjaisr(1).pptxSimple Lang Compiledsadasdasdadawkodjaisr(1).pptx
Simple Lang Compiledsadasdasdadawkodjaisr(1).pptx
 
Smart Irrigation Systems - Enhancing Agriculture Through Automation
Smart Irrigation Systems - Enhancing Agriculture Through AutomationSmart Irrigation Systems - Enhancing Agriculture Through Automation
Smart Irrigation Systems - Enhancing Agriculture Through Automation
 
Kerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdfKerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdf
 
NOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System PresentationNOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System Presentation
 
Human_assault project using jetson nano new
Human_assault project using jetson nano newHuman_assault project using jetson nano new
Human_assault project using jetson nano new
 
Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)Generative AI and Large Language Models (LLMs)
Generative AI and Large Language Models (LLMs)
 
Modified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNNModified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNN
 
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdfMachine Learning_SVM_KNN_K-MEANSModule 2.pdf
Machine Learning_SVM_KNN_K-MEANSModule 2.pdf
 
AFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdfAFCAT STATIC Genral knowledge important CAPSULE.pdf
AFCAT STATIC Genral knowledge important CAPSULE.pdf
 
Basic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethicsBasic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethics
 
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdfRed Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
 
REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...
REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...
REVOLUTIONISING TRANSLATION TECHNOLOGY: A COMPARATIVE STUDY OF VARIANT TRANSF...
 
constitutionofindia-fgfg191129033126.pptx
constitutionofindia-fgfg191129033126.pptxconstitutionofindia-fgfg191129033126.pptx
constitutionofindia-fgfg191129033126.pptx
 
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
 
Concepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.pptConcepts of Automatic Block Signalling.ppt
Concepts of Automatic Block Signalling.ppt
 
AI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.pptAI INTRODUCTION Artificial intelligence.ppt
AI INTRODUCTION Artificial intelligence.ppt
 
Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...
Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...
Female Service Girls Call Thane 9910780858 Provide Best And Top Girl Service ...
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
 

Elk with Openstack

  • 1. ELK with Openstack Arun prasath S June 16, 2016
  • 2. Challenges in log analysis • Multiple services • Multiple servers behind load balancers • Searching the logs (cat, tail, sed, grep, awk) • Finding logs in particular time in multiple servers • Finding fields (Instance ID, name, IP address) in multiple servers and correlating them • Log analysis , summary, visualization
  • 3. ELK user operation demo • Performing a normal search • Filtering based on time, fields • Viewing document data • Viewing field data statistics • Visualize data • Dashboards
  • 5. Broker • Temporary buffer between logstash agents and central server • Enhance performance by providing caching buffer for log events • Adds resiliency • Incase the indexing fails, the events are held in queue instead of getting lost
  • 6. Logstash • Runs on JVM • Multiple Input / Multiple output • Centralize logs • Collect • Parse • Store / Forward • 3 components – Input, Filter and Output
  • 7. Logstash conf - /etc/logstash/conf.d input { } filter{ } output{ }
  • 8. Logstash - Input • Input plugin enables a specific source of events to be read by Logstash. • Some examples of input • Beats • File • Stdin • Eventlog • More here
  • 9. Logstash - Filter • A filter plugin performs intermediary processing on an event. Filters are often applied conditionally depending on the characteristics of the event. • Some examples are • Csv • Date • Grok • Json • More here
  • 10. Logstash - Output • An output plugin sends event data to a particular destination. • Some examples are • Csv • redis • elasticsearch • File • Jira, Nagios, pagerduty • stdout • More here
  • 11. Logstash - codec • A codec plugin changes the data representation of an event • Some examples are • Collectd - Reads events from the collectd binary protocol using UDP • Graphite - Reads graphite formatted lines • Json - Reads JSON formatted content, creating one event per element in a JSON array • Plain - Reads plaintext with no delimiting between events • rubydebug - Applies the Ruby Awesome Print library to Logstash events • More here
  • 12. Example - 1 (stdin input / rubydebug output) input { stdin {} } filter{ } output{ stdout { codec => rubydebug } }
  • 13. Example – 2 (Basic filter on syslog with stdin input and rubydebug output) input { stdin {} } filter{ grok { match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } syslog_pri { } date { match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } } output{ stdout { codec => rubydebug } }
  • 14. Example – 3 (Openstack filters with file input and multiple output) input { file { path => ['/var/log/nova/nova-api-metadata.log'] tags => ['nova', 'oslofmt', 'novametaapi'] type => "nova" } … } filter{ … else if "novaapi" in [tags] { if [module] == "nova.osapi_compute.wsgi.server" { mutate { gsub => ['logmessage',""",""] } grok { match => { "logmessage" => "[req-%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant}] %{NOTSPACE:requesterip} %{NOTSPACE:method} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} status: %{NUMBER:response} len: %{NUMBER:bytes} time: %{NUMBER:seconds}" } add_field => ["api", "nova"] add_tag => ["apimetrics"] } … } output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug } } Ref: https://github.com/bingoarunprasath/logstash-openstack-filters
  • 15. Elasticsearch • Searching and storing of logs • Built on Apache lucene (https://lucene.apache.org/core/) • Massively distributed • High availability • Developer friendly , RESTful API
  • 16. Kibana • Dashboard • Provides various options to search data • Creates bar charts, pie charts and various other data visualizations. • Can create custom dashboard and add the saved visualizations. • Simple data export
  • 17. Installation notes • Install Java • Install elasticsearch and Kibana • Install nginx for reverse proxy and basic AUTH • Install logstash, generate SSH certificates • Configure one output to elasticsearch • Load Kibana dashboard • Setup filebeat / logstash in agent machines and output to logstash • Ansible role - https://galaxy.ansible.com/bingoarunprasath/elk/ • Filters - https://github.com/bingoarunprasath/logstash-openstack- filters