SlideShare a Scribd company logo

Elk with Openstack

Download as PPTX, PDF
Arun prasath
Arun prasath

Log analysis challenges include searching logs across multiple services and servers. The ELK stack provides a solution with Logstash to centralize log collection, Elasticsearch for storage and search, and Kibana for visualization. Logstash uses input, filter, and output plugins to collect, parse, and forward logs. Example configurations show using stdin and filters to parse OpenStack logs before outputting to Elasticsearch and Kibana for analysis and dashboards.

Engineering
1 of 17
Downloaded 43 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
ELK with Openstack Arun prasath S June 16, 2016
Challenges in log analysis • Multiple services • Multiple servers behind load balancers • Searching the logs (cat, tail, sed, grep, awk) • Finding logs in particular time in multiple servers • Finding fields (Instance ID, name, IP address) in multiple servers and correlating them • Log analysis , summary, visualization
ELK user operation demo • Performing a normal search • Filtering based on time, fields • Viewing document data • Viewing field data statistics • Visualize data • Dashboards
ELK Architecture Logstash forwarder Servers Logstash (Indexer) Storage and search Dashboard
Broker • Temporary buffer between logstash agents and central server • Enhance performance by providing caching buffer for log events • Adds resiliency • Incase the indexing fails, the events are held in queue instead of getting lost
Logstash • Runs on JVM • Multiple Input / Multiple output • Centralize logs • Collect • Parse • Store / Forward • 3 components – Input, Filter and Output
Logstash conf - /etc/logstash/conf.d input { } filter{ } output{ }
Logstash - Input • Input plugin enables a specific source of events to be read by Logstash. • Some examples of input • Beats • File • Stdin • Eventlog • More here
Logstash - Filter • A filter plugin performs intermediary processing on an event. Filters are often applied conditionally depending on the characteristics of the event. • Some examples are • Csv • Date • Grok • Json • More here
Logstash - Output • An output plugin sends event data to a particular destination. • Some examples are • Csv • redis • elasticsearch • File • Jira, Nagios, pagerduty • stdout • More here
Logstash - codec • A codec plugin changes the data representation of an event • Some examples are • Collectd - Reads events from the collectd binary protocol using UDP • Graphite - Reads graphite formatted lines • Json - Reads JSON formatted content, creating one event per element in a JSON array • Plain - Reads plaintext with no delimiting between events • rubydebug - Applies the Ruby Awesome Print library to Logstash events • More here
Example - 1 (stdin input / rubydebug output) input { stdin {} } filter{ } output{ stdout { codec => rubydebug } }
Example – 2 (Basic filter on syslog with stdin input and rubydebug output) input { stdin {} } filter{ grok { match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } syslog_pri { } date { match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } } output{ stdout { codec => rubydebug } }
Example – 3 (Openstack filters with file input and multiple output) input { file { path => ['/var/log/nova/nova-api-metadata.log'] tags => ['nova', 'oslofmt', 'novametaapi'] type => "nova" } … } filter{ … else if "novaapi" in [tags] { if [module] == "nova.osapi_compute.wsgi.server" { mutate { gsub => ['logmessage',""",""] } grok { match => { "logmessage" => "[req-%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant}] %{NOTSPACE:requesterip} %{NOTSPACE:method} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} status: %{NUMBER:response} len: %{NUMBER:bytes} time: %{NUMBER:seconds}" } add_field => ["api", "nova"] add_tag => ["apimetrics"] } … } output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug } } Ref: https://github.com/bingoarunprasath/logstash-openstack-filters
Elasticsearch • Searching and storing of logs • Built on Apache lucene (https://lucene.apache.org/core/) • Massively distributed • High availability • Developer friendly , RESTful API
Kibana • Dashboard • Provides various options to search data • Creates bar charts, pie charts and various other data visualizations. • Can create custom dashboard and add the saved visualizations. • Simple data export
Installation notes • Install Java • Install elasticsearch and Kibana • Install nginx for reverse proxy and basic AUTH • Install logstash, generate SSH certificates • Configure one output to elasticsearch • Load Kibana dashboard • Setup filebeat / logstash in agent machines and output to logstash • Ansible role - https://galaxy.ansible.com/bingoarunprasath/elk/ • Filters - https://github.com/bingoarunprasath/logstash-openstack- filters

More Related Content

What's hot (20)

PDF
Introducing Exactly Once Semantics in Apache Kafka with Matthias J. Sax
Databricks
 
PPTX
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
 
PPTX
Scylla Summit 2022: Making Schema Changes Safe with Raft
ScyllaDB
 
PDF
Automating linux network performance testing
Antonio Ojea Garcia
 
PPTX
Change Data Capture to Data Lakes Using Apache Pulsar and Apache Hudi - Pulsa...
StreamNative
 
PPTX
Getting started with Serverless on AWS
Adrian Hornsby
 
PDF
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
PDF
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
Open Source Consulting
 
PPTX
K8s security best practices
Sharon Vendrov
 
PDF
New Generation Oracle RAC Performance
Anil Nair
 
PDF
(Big) Data Serialization with Avro and Protobuf
Guido Schmutz
 
PDF
Amazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud
Noritaka Sekiyama
 
PDF
Disaggregating Ceph using NVMeoF
ShapeBlue
 
PDF
Working with JSON Data in PostgreSQL vs. MongoDB
ScaleGrid.io
 
PDF
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트
OpenStack Korea Community
 
PDF
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Tanel Poder
 
PDF
MariaDB Performance Tuning and Optimization
MariaDB plc
 
PDF
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
Ji-Woong Choi
 
PDF
Best Practices of HA and Replication of PostgreSQL in Virtualized Environments
Jignesh Shah
 
PDF
Oracle RAC Internals - The Cache Fusion Edition
Markus Michalewicz
 
Introducing Exactly Once Semantics in Apache Kafka with Matthias J. Sax
Databricks
 
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
 
Scylla Summit 2022: Making Schema Changes Safe with Raft
ScyllaDB
 
Automating linux network performance testing
Antonio Ojea Garcia
 
Change Data Capture to Data Lakes Using Apache Pulsar and Apache Hudi - Pulsa...
StreamNative
 
Getting started with Serverless on AWS
Adrian Hornsby
 
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
Open Source Consulting
 
K8s security best practices
Sharon Vendrov
 
New Generation Oracle RAC Performance
Anil Nair
 
(Big) Data Serialization with Avro and Protobuf
Guido Schmutz
 
Amazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud
Noritaka Sekiyama
 
Disaggregating Ceph using NVMeoF
ShapeBlue
 
Working with JSON Data in PostgreSQL vs. MongoDB
ScaleGrid.io
 
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트
OpenStack Korea Community
 
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Tanel Poder
 
MariaDB Performance Tuning and Optimization
MariaDB plc
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
Ji-Woong Choi
 
Best Practices of HA and Replication of PostgreSQL in Virtualized Environments
Jignesh Shah
 
Oracle RAC Internals - The Cache Fusion Edition
Markus Michalewicz
 

Viewers also liked (6)

ODP
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Md Safiyat Reza
 
PDF
Docker Hub Breakout Session at DockerCon by Ken Cochrane
Docker, Inc.
 
PDF
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
PPTX
Docker - Demo on PHP Application deployment
Arun prasath
 
PPTX
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
PDF
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Md Safiyat Reza
 
Docker Hub Breakout Session at DockerCon by Ken Cochrane
Docker, Inc.
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
Docker - Demo on PHP Application deployment
Arun prasath
 
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
Ad

Similar to Elk with Openstack (20)

PPT
ELK stack at weibo.com
琛琳 饶
 
PPT
Elk presentation 2#3
uzzal basak
 
PDF
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Startit
 
PPTX
Log management with ELK
Geert Pante
 
PPTX
Logstash
Rajgourav Jain
 
PDF
Logstash family introduction
Owen Wu
 
PDF
LogStash in action
Manuj Aggarwal
 
PPTX
Scaling an ELK stack at bol.com
Renzo Tomà
 
PDF
OpenStack Log Mining
John Stanford
 
PDF
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
PROIDEA
 
PDF
ELK: a log management framework
Giovanni Bechis
 
PPTX
Centralized Logging System Using ELK Stack
Rohit Sharma
 
PPT
Logstash
琛琳 饶
 
PDF
Log Management: AtlSecCon2015
cameronevans
 
ODP
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
 
PDF
Fluentd vs. Logstash for OpenStack Log Management
NTT Communications Technology Development
 
PDF
Application Logging With The ELK Stack
benwaine
 
PDF
Log analysis with the elk stack
Vikrant Chauhan
 
PDF
Javantura v3 - ELK – Big Data for DevOps – Maarten Mulders
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
KEY
Zero mq logs
Tomas Doran
 
ELK stack at weibo.com
琛琳 饶
 
Elk presentation 2#3
uzzal basak
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Startit
 
Log management with ELK
Geert Pante
 
Logstash
Rajgourav Jain
 
Logstash family introduction
Owen Wu
 
LogStash in action
Manuj Aggarwal
 
Scaling an ELK stack at bol.com
Renzo Tomà
 
OpenStack Log Mining
John Stanford
 
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
PROIDEA
 
ELK: a log management framework
Giovanni Bechis
 
Centralized Logging System Using ELK Stack
Rohit Sharma
 
Logstash
琛琳 饶
 
Log Management: AtlSecCon2015
cameronevans
 
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
 
Fluentd vs. Logstash for OpenStack Log Management
NTT Communications Technology Development
 
Application Logging With The ELK Stack
benwaine
 
Log analysis with the elk stack
Vikrant Chauhan
 
Javantura v3 - ELK – Big Data for DevOps – Maarten Mulders
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Zero mq logs
Tomas Doran
 
Ad

More from Arun prasath (8)

PDF
Managing Microservices traffic using Istio
Arun prasath
 
ODP
Istio
Arun prasath
 
PPTX
Openstack Heat
Arun prasath
 
PPT
HP CloudSystem Matrix
Arun prasath
 
PDF
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
Arun prasath
 
PDF
Highly confidential security system - sole survivors - SRS
Arun prasath
 
PDF
Toll application - .NET and Android - SRS
Arun prasath
 
PPTX
Toll app - Android project
Arun prasath
 
Managing Microservices traffic using Istio
Arun prasath
 
Istio
Arun prasath
 
Openstack Heat
Arun prasath
 
HP CloudSystem Matrix
Arun prasath
 
ARCHITECTING TENANT BASED QOS IN MULTI-TENANT CLOUD PLATFORMS
Arun prasath
 
Highly confidential security system - sole survivors - SRS
Arun prasath
 
Toll application - .NET and Android - SRS
Arun prasath
 
Toll app - Android project
Arun prasath
 

Recently uploaded (20)

PDF
MAD Unit - 1 Introduction of Android IT Department
JappanMavani
 
PPTX
GitOps_Without_K8s_Training_detailed git repository
DanialHabibi2
 
DOCX
8th International Conference on Electrical Engineering (ELEN 2025)
elelijjournal653
 
PPTX
Element 11. ELECTRICITY safety and hazards
merrandomohandas
 
PPTX
What is Shot Peening | Shot Peening is a Surface Treatment Process
Vibra Finish
 
PPTX
DATA BASE MANAGEMENT AND RELATIONAL DATA
gomathisankariv2
 
PPTX
Introduction to Basic Renewable Energy.pptx
examcoordinatormesu
 
PDF
Biomechanics of Gait: Engineering Solutions for Rehabilitation (www.kiu.ac.ug)
publication11
 
PPTX
Knowledge Representation : Semantic Networks
Amity University, Patna
 
PPTX
Presentation 2.pptx AI-powered home security systems Secure-by-design IoT fr...
SoundaryaBC2
 
PPTX
Solar Thermal Energy System Seminar.pptx
Gpc Purapuza
 
PPTX
Shinkawa Proposal to meet Vibration API670.pptx
AchmadBashori2
 
PPTX
2025 CGI Congres - Surviving agile v05.pptx
Derk-Jan de Grood
 
PDF
Pressure Measurement training for engineers and Technicians
AIESOLUTIONS
 
PDF
Zilliz Cloud Demo for performance and scale
Zilliz
 
PPTX
Lecture 1 Shell and Tube Heat exchanger-1.pptx
mailforillegalwork
 
PPTX
fatigue in aircraft structures-221113192308-0ad6dc8c.pptx
aviatecofficial
 
PDF
Basic_Concepts_in_Clinical_Biochemistry_2018كيمياء_عملي.pdf
AdelLoin
 
PDF
Electrical Engineer operation Supervisor
ssaruntatapower143
 
PDF
PORTFOLIO Golam Kibria Khan — architect with a passion for thoughtful design...
MasumKhan59
 
MAD Unit - 1 Introduction of Android IT Department
JappanMavani
 
GitOps_Without_K8s_Training_detailed git repository
DanialHabibi2
 
8th International Conference on Electrical Engineering (ELEN 2025)
elelijjournal653
 
Element 11. ELECTRICITY safety and hazards
merrandomohandas
 
What is Shot Peening | Shot Peening is a Surface Treatment Process
Vibra Finish
 
DATA BASE MANAGEMENT AND RELATIONAL DATA
gomathisankariv2
 
Introduction to Basic Renewable Energy.pptx
examcoordinatormesu
 
Biomechanics of Gait: Engineering Solutions for Rehabilitation (www.kiu.ac.ug)
publication11
 
Knowledge Representation : Semantic Networks
Amity University, Patna
 
Presentation 2.pptx AI-powered home security systems Secure-by-design IoT fr...
SoundaryaBC2
 
Solar Thermal Energy System Seminar.pptx
Gpc Purapuza
 
Shinkawa Proposal to meet Vibration API670.pptx
AchmadBashori2
 
2025 CGI Congres - Surviving agile v05.pptx
Derk-Jan de Grood
 
Pressure Measurement training for engineers and Technicians
AIESOLUTIONS
 
Zilliz Cloud Demo for performance and scale
Zilliz
 
Lecture 1 Shell and Tube Heat exchanger-1.pptx
mailforillegalwork
 
fatigue in aircraft structures-221113192308-0ad6dc8c.pptx
aviatecofficial
 
Basic_Concepts_in_Clinical_Biochemistry_2018كيمياء_عملي.pdf
AdelLoin
 
Electrical Engineer operation Supervisor
ssaruntatapower143
 
PORTFOLIO Golam Kibria Khan — architect with a passion for thoughtful design...
MasumKhan59
 

Elk with Openstack

  • 1. ELK with Openstack Arun prasath S June 16, 2016
  • 2. Challenges in log analysis • Multiple services • Multiple servers behind load balancers • Searching the logs (cat, tail, sed, grep, awk) • Finding logs in particular time in multiple servers • Finding fields (Instance ID, name, IP address) in multiple servers and correlating them • Log analysis , summary, visualization
  • 3. ELK user operation demo • Performing a normal search • Filtering based on time, fields • Viewing document data • Viewing field data statistics • Visualize data • Dashboards
  • 5. Broker • Temporary buffer between logstash agents and central server • Enhance performance by providing caching buffer for log events • Adds resiliency • Incase the indexing fails, the events are held in queue instead of getting lost
  • 6. Logstash • Runs on JVM • Multiple Input / Multiple output • Centralize logs • Collect • Parse • Store / Forward • 3 components – Input, Filter and Output
  • 7. Logstash conf - /etc/logstash/conf.d input { } filter{ } output{ }
  • 8. Logstash - Input • Input plugin enables a specific source of events to be read by Logstash. • Some examples of input • Beats • File • Stdin • Eventlog • More here
  • 9. Logstash - Filter • A filter plugin performs intermediary processing on an event. Filters are often applied conditionally depending on the characteristics of the event. • Some examples are • Csv • Date • Grok • Json • More here
  • 10. Logstash - Output • An output plugin sends event data to a particular destination. • Some examples are • Csv • redis • elasticsearch • File • Jira, Nagios, pagerduty • stdout • More here
  • 11. Logstash - codec • A codec plugin changes the data representation of an event • Some examples are • Collectd - Reads events from the collectd binary protocol using UDP • Graphite - Reads graphite formatted lines • Json - Reads JSON formatted content, creating one event per element in a JSON array • Plain - Reads plaintext with no delimiting between events • rubydebug - Applies the Ruby Awesome Print library to Logstash events • More here
  • 12. Example - 1 (stdin input / rubydebug output) input { stdin {} } filter{ } output{ stdout { codec => rubydebug } }
  • 13. Example – 2 (Basic filter on syslog with stdin input and rubydebug output) input { stdin {} } filter{ grok { match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } syslog_pri { } date { match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } } output{ stdout { codec => rubydebug } }
  • 14. Example – 3 (Openstack filters with file input and multiple output) input { file { path => ['/var/log/nova/nova-api-metadata.log'] tags => ['nova', 'oslofmt', 'novametaapi'] type => "nova" } … } filter{ … else if "novaapi" in [tags] { if [module] == "nova.osapi_compute.wsgi.server" { mutate { gsub => ['logmessage',""",""] } grok { match => { "logmessage" => "[req-%{NOTSPACE:requestid} %{NOTSPACE:user_id} %{NOTSPACE:tenant}] %{NOTSPACE:requesterip} %{NOTSPACE:method} %{NOTSPACE:url_path} %{NOTSPACE:http_ver} status: %{NUMBER:response} len: %{NUMBER:bytes} time: %{NUMBER:seconds}" } add_field => ["api", "nova"] add_tag => ["apimetrics"] } … } output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug } } Ref: https://github.com/bingoarunprasath/logstash-openstack-filters
  • 15. Elasticsearch • Searching and storing of logs • Built on Apache lucene (https://lucene.apache.org/core/) • Massively distributed • High availability • Developer friendly , RESTful API
  • 16. Kibana • Dashboard • Provides various options to search data • Creates bar charts, pie charts and various other data visualizations. • Can create custom dashboard and add the saved visualizations. • Simple data export
  • 17. Installation notes • Install Java • Install elasticsearch and Kibana • Install nginx for reverse proxy and basic AUTH • Install logstash, generate SSH certificates • Configure one output to elasticsearch • Load Kibana dashboard • Setup filebeat / logstash in agent machines and output to logstash • Ansible role - https://galaxy.ansible.com/bingoarunprasath/elk/ • Filters - https://github.com/bingoarunprasath/logstash-openstack- filters