SlideShare a Scribd company logo

Log analysis using Logstash,ElasticSearch and Kibana

Download as PPTX, PDF
Avinash Ramineni
Avinash Ramineni

This document provides an overview of Logstash, Elasticsearch, and Kibana for log analysis. It discusses how logging is used for troubleshooting, security, and monitoring. It then introduces Logstash as an open-source log collection and parsing tool. Elasticsearch is described as a search and analytics engine that indexes log data from Logstash. Kibana provides a web interface for visualizing and searching logs stored in Elasticsearch. The document concludes with discussing demo, installation, scaling, and deployment considerations for these log analysis tools.

SoftwareTechnologyEducation
1 of 20
Downloaded 611 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Log Analysis – Logstash, Elastic Search, Kibana Avinash Ramineni Shantanu Mirajkar
• Logging • Pains of Log Management • Introducing Logstash • Elasticsearch • Kibana • Demo • Installing Logstash, Elasticsearch Kibana • Questions Agenda
• Why do we need Logging ? – Troubleshoot Issues – Security • Analyze logs to detect patterns • Detect Malware Activity - Intrusion Detection, Denial of Service • Unauthorized Resource Usage – Monitoring • Monitor Resource Usage • Developers and Logging – Logging Aids in Development ? – Forget about Production !!!!! Logging
• “Capture-it-all” Approach • What to Log? Everything  • DevOps Movement • Logs are archived for years • Big Data • Application Usage Statistics Logging
• Searching the logs – Command line, cat, tail, sed, grep, awk – Regular Expressions • Multiple Servers behind the load balancer • Multi-Tier Architecture – Web Application – Service Layer – Correlation between various components in a System • Geographically distributed – Timestamps Log management
• Centralize all the Logs – Too much information to go through – Increasingly hard to correlate the contextual Data • Add Searching and Indexing Technology – grep – Custom logging frameworks , custom integration of logging, searching technologies • Monitor the Logs Log management
• Logstash to the Rescue –Integration Framework • Log Collection • Centralization • Parsing • Storage and Search Logstash
• JRuby – Run on Java Virtual Machine (JVM) – Simple Message Based Architecture – Single Agent that can be configured for multiple things – OPEN SOURCE • Four Components – Shipper – Broker and Indexer – Search and Storage – Web Interface Logstash
Architecture Image courtesy of Logstashbook
Architecture - Broker • Acts as Temp Buffer between Logstash Agents and the Central server – Enhance Performance by providing caching buffer for log events – Adds Resiliency • Incase the Indexing fails, the events are held in a queue instead of getting lost • AMQP,0MQ, Redis
• Indexing and Searching Tool – Built on Lucene • Search and Index data available Restfully as JSON over HTTP • Comes bundled with Logstash – embedded • Text indexing Search Engine – Searches on the Index rather than on the content • Creates Indexes of the incoming content – Uses Apache Lucene to create Indexes • ElasticSearch can have a schema – Fields on which Indexes are created ElasticSearch
• Indexes are stored in Lucene Instances called “Shards” • ElasticSearch can have multiple nodes • Two Types of Shards – Primary – Replica • Replicas of Primary Shards – Protect the data – Make Searches Faster ElasticSearch
• Wouldn’t it be good to have a webpage to do search on ElasticSearch instead of searching it through a Service • Kibana provides a Simple but Powerful web Interface – Customizable Dashboards – Search the log events • Support Lucene Query Syntax – Creation of tables, graphs and sophisticated visualizations Kibana
Kibana
Kibana
Demo
• Send Alerts – Emails – Instant Messaging – Other Monitoring System • Collect and Deliver Metrics to metric engine Alerts / Monitoring Support
• Small VMs with limited memory • Outsourced managed servers • Java not installed • Alternatives – Syslog • Rsyslog • Syslogd • Syslog-NG – Logstash Forwarder (Lumber Jack) Shipping Logs with Logstash Agent
• Scale each component as needed • Can be built into using chef and puppet scripts Scaling / Deployment
Industry ExperienceQuestions ? avinash@clairvoyantsoft.com Twitter:@avinashramineni shantanu@clairvoyantsoft.com

More Related Content

What's hot (20)

PDF
Kibana + timelion: time series with the elastic stack
Sylvain Wallez
 
PDF
ELK Stack
Eberhard Wolff
 
PDF
Observability & Datadog
JamesAnderson599331
 
PDF
CERN’s Next Generation Data Analysis Platform with Apache Spark with Enric Te...
Databricks
 
PDF
Elk - An introduction
Hossein Shemshadi
 
PDF
Log analysis with the elk stack
Vikrant Chauhan
 
PPTX
The Elastic Stack as a SIEM
John Hubbard
 
PPTX
ELK Elasticsearch Logstash and Kibana Stack for Log Management
El Mahdi Benzekri
 
PDF
Improve monitoring and observability for kubernetes with oss tools
Nilesh Gule
 
PPTX
Centralized log-management-with-elastic-stack
Rich Lee
 
PPTX
Introduction to Elasticsearch with basics of Lucene
Rahul Jain
 
PPTX
kafka
Amikam Snir
 
PDF
Kafka Streams: What it is, and how to use it?
confluent
 
PDF
What is Apache Kafka and What is an Event Streaming Platform?
confluent
 
PPTX
Autoscaling Flink with Reactive Mode
Flink Forward
 
PDF
Pinot: Enabling Real-time Analytics Applications @ LinkedIn's Scale
Seunghyun Lee
 
PDF
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
GetInData
 
PDF
ELK, a real case study
Paolo Tonin
 
PPTX
Data In Motion Paris 2023
confluent
 
PDF
Stream Processing with Apache Flink
C4Media
 
Kibana + timelion: time series with the elastic stack
Sylvain Wallez
 
ELK Stack
Eberhard Wolff
 
Observability & Datadog
JamesAnderson599331
 
CERN’s Next Generation Data Analysis Platform with Apache Spark with Enric Te...
Databricks
 
Elk - An introduction
Hossein Shemshadi
 
Log analysis with the elk stack
Vikrant Chauhan
 
The Elastic Stack as a SIEM
John Hubbard
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
El Mahdi Benzekri
 
Improve monitoring and observability for kubernetes with oss tools
Nilesh Gule
 
Centralized log-management-with-elastic-stack
Rich Lee
 
Introduction to Elasticsearch with basics of Lucene
Rahul Jain
 
kafka
Amikam Snir
 
Kafka Streams: What it is, and how to use it?
confluent
 
What is Apache Kafka and What is an Event Streaming Platform?
confluent
 
Autoscaling Flink with Reactive Mode
Flink Forward
 
Pinot: Enabling Real-time Analytics Applications @ LinkedIn's Scale
Seunghyun Lee
 
Best Practices for ETL with Apache NiFi on Kubernetes - Albert Lewandowski, G...
GetInData
 
ELK, a real case study
Paolo Tonin
 
Data In Motion Paris 2023
confluent
 
Stream Processing with Apache Flink
C4Media
 

Similar to Log analysis using Logstash,ElasticSearch and Kibana (20)

PPTX
Power of OpenStack & Hadoop
Tuan Yang
 
PPTX
Elasticsearch features presentation
Roopendra Vishwakarma
 
PDF
Technology behind-real-time-log-analytics
Data Science Thailand
 
PPTX
SF ElasticSearch Meetup 2013.04.06 - Monitoring
Sushant Shankar
 
PDF
Elasticsearch Introduction at BigData meetup
Eric Rodriguez (Hiring in Lex)
 
PDF
Agile infrastructure
Tarun Rajput
 
PDF
Roaring with elastic search sangam2018
Vinay Kumar
 
PDF
Vault
dawnlua
 
PPTX
Solr + Hadoop: Interactive Search for Hadoop
gregchanan
 
PPTX
Cloudifying your Security Operations on AWS
CloudHesive
 
PPTX
Elasticsearch { "Meetup" : "talk" }
Lutf Ur Rehman
 
PDF
JustGiving – Serverless Data Pipelines, API, Messaging and Stream Processing
Luis Gonzalez
 
PDF
JustGiving | Serverless Data Pipelines, API, Messaging and Stream Processing
BEEVA_es
 
PPTX
Deep thoughts from the real world of azure
Michele Leroux Bustamante
 
PPTX
Episerver and search engines
Mikko Huilaja
 
PPTX
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
PPTX
Serverless spark
MamathaBusi
 
PPTX
DEVNET-1106 Upcoming Services in OpenStack
Cisco DevNet
 
PDF
Webinar - DreamObjects/Ceph Case Study
Ceph Community
 
PPTX
Move your on prem data to a lake in a Lake in Cloud
CAMMS
 
Power of OpenStack & Hadoop
Tuan Yang
 
Elasticsearch features presentation
Roopendra Vishwakarma
 
Technology behind-real-time-log-analytics
Data Science Thailand
 
SF ElasticSearch Meetup 2013.04.06 - Monitoring
Sushant Shankar
 
Elasticsearch Introduction at BigData meetup
Eric Rodriguez (Hiring in Lex)
 
Agile infrastructure
Tarun Rajput
 
Roaring with elastic search sangam2018
Vinay Kumar
 
Vault
dawnlua
 
Solr + Hadoop: Interactive Search for Hadoop
gregchanan
 
Cloudifying your Security Operations on AWS
CloudHesive
 
Elasticsearch { "Meetup" : "talk" }
Lutf Ur Rehman
 
JustGiving – Serverless Data Pipelines, API, Messaging and Stream Processing
Luis Gonzalez
 
JustGiving | Serverless Data Pipelines, API, Messaging and Stream Processing
BEEVA_es
 
Deep thoughts from the real world of azure
Michele Leroux Bustamante
 
Episerver and search engines
Mikko Huilaja
 
Elasticsearch - Scalability and Multitenancy
Bozhidar Bozhanov
 
Serverless spark
MamathaBusi
 
DEVNET-1106 Upcoming Services in OpenStack
Cisco DevNet
 
Webinar - DreamObjects/Ceph Case Study
Ceph Community
 
Move your on prem data to a lake in a Lake in Cloud
CAMMS
 
Ad

More from Avinash Ramineni (10)

PDF
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
PDF
Winning the war on data breaches in a changing data landscape
Avinash Ramineni
 
PDF
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Avinash Ramineni
 
PDF
Building zero data loss pipelines with apache kafka
Avinash Ramineni
 
PDF
Effectively deploying hadoop to the cloud
Avinash Ramineni
 
PPTX
Practical guide to architecting data lakes - Avinash Ramineni - Phoenix Data...
Avinash Ramineni
 
PPTX
MongoDB Replication fundamentals - Desert Code Camp - October 2014
Avinash Ramineni
 
PDF
HBase from the Trenches - Phoenix Data Conference 2015
Avinash Ramineni
 
PDF
Strata+Hadoop World NY 2016 - Avinash Ramineni
Avinash Ramineni
 
PPTX
Event Driven Architectures
Avinash Ramineni
 
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Winning the war on data breaches in a changing data landscape
Avinash Ramineni
 
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Avinash Ramineni
 
Building zero data loss pipelines with apache kafka
Avinash Ramineni
 
Effectively deploying hadoop to the cloud
Avinash Ramineni
 
Practical guide to architecting data lakes - Avinash Ramineni - Phoenix Data...
Avinash Ramineni
 
MongoDB Replication fundamentals - Desert Code Camp - October 2014
Avinash Ramineni
 
HBase from the Trenches - Phoenix Data Conference 2015
Avinash Ramineni
 
Strata+Hadoop World NY 2016 - Avinash Ramineni
Avinash Ramineni
 
Event Driven Architectures
Avinash Ramineni
 
Ad

Recently uploaded (20)

DOCX
Import Data Form Excel to Tally Services
Tally xperts
 
PPTX
Comprehensive Guide: Shoviv Exchange to Office 365 Migration Tool 2025
Shoviv Software
 
PPT
MergeSortfbsjbjsfk sdfik k
RafishaikIT02044
 
PDF
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
PDF
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
PDF
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
PDF
Capcut Pro Crack For PC Latest Version {Fully Unlocked} 2025
hashhshs786
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
PPTX
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
PPTX
MiniTool Power Data Recovery Full Crack Latest 2025
muhammadgurbazkhan
 
PPTX
How Apagen Empowered an EPC Company with Engineering ERP Software
SatishKumar2651
 
PPTX
MailsDaddy Outlook OST to PST converter.pptx
abhishekdutt366
 
PPTX
Feb 2021 Cohesity first pitch presentation.pptx
enginsayin1
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PDF
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
PDF
Thread In Android-Mastering Concurrency for Responsive Apps.pdf
Nabin Dhakal
 
PPTX
Migrating Millions of Users with Debezium, Apache Kafka, and an Acyclic Synch...
MD Sayem Ahmed
 
PDF
Alexander Marshalov - How to use AI Assistants with your Monitoring system Q2...
VictoriaMetrics
 
Import Data Form Excel to Tally Services
Tally xperts
 
Comprehensive Guide: Shoviv Exchange to Office 365 Migration Tool 2025
Shoviv Software
 
MergeSortfbsjbjsfk sdfik k
RafishaikIT02044
 
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
HiHelloHR – Simplify HR Operations for Modern Workplaces
HiHelloHR
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdf
Varsha Nayak
 
Capcut Pro Crack For PC Latest Version {Fully Unlocked} 2025
hashhshs786
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
MiniTool Power Data Recovery Full Crack Latest 2025
muhammadgurbazkhan
 
How Apagen Empowered an EPC Company with Engineering ERP Software
SatishKumar2651
 
MailsDaddy Outlook OST to PST converter.pptx
abhishekdutt366
 
Feb 2021 Cohesity first pitch presentation.pptx
enginsayin1
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
Thread In Android-Mastering Concurrency for Responsive Apps.pdf
Nabin Dhakal
 
Migrating Millions of Users with Debezium, Apache Kafka, and an Acyclic Synch...
MD Sayem Ahmed
 
Alexander Marshalov - How to use AI Assistants with your Monitoring system Q2...
VictoriaMetrics
 

Log analysis using Logstash,ElasticSearch and Kibana

  • 1. Log Analysis – Logstash, Elastic Search, Kibana Avinash Ramineni Shantanu Mirajkar
  • 2. • Logging • Pains of Log Management • Introducing Logstash • Elasticsearch • Kibana • Demo • Installing Logstash, Elasticsearch Kibana • Questions Agenda
  • 3. • Why do we need Logging ? – Troubleshoot Issues – Security • Analyze logs to detect patterns • Detect Malware Activity - Intrusion Detection, Denial of Service • Unauthorized Resource Usage – Monitoring • Monitor Resource Usage • Developers and Logging – Logging Aids in Development ? – Forget about Production !!!!! Logging
  • 4. • “Capture-it-all” Approach • What to Log? Everything  • DevOps Movement • Logs are archived for years • Big Data • Application Usage Statistics Logging
  • 5. • Searching the logs – Command line, cat, tail, sed, grep, awk – Regular Expressions • Multiple Servers behind the load balancer • Multi-Tier Architecture – Web Application – Service Layer – Correlation between various components in a System • Geographically distributed – Timestamps Log management
  • 6. • Centralize all the Logs – Too much information to go through – Increasingly hard to correlate the contextual Data • Add Searching and Indexing Technology – grep – Custom logging frameworks , custom integration of logging, searching technologies • Monitor the Logs Log management
  • 7. • Logstash to the Rescue –Integration Framework • Log Collection • Centralization • Parsing • Storage and Search Logstash
  • 8. • JRuby – Run on Java Virtual Machine (JVM) – Simple Message Based Architecture – Single Agent that can be configured for multiple things – OPEN SOURCE • Four Components – Shipper – Broker and Indexer – Search and Storage – Web Interface Logstash
  • 10. Architecture - Broker • Acts as Temp Buffer between Logstash Agents and the Central server – Enhance Performance by providing caching buffer for log events – Adds Resiliency • Incase the Indexing fails, the events are held in a queue instead of getting lost • AMQP,0MQ, Redis
  • 11. • Indexing and Searching Tool – Built on Lucene • Search and Index data available Restfully as JSON over HTTP • Comes bundled with Logstash – embedded • Text indexing Search Engine – Searches on the Index rather than on the content • Creates Indexes of the incoming content – Uses Apache Lucene to create Indexes • ElasticSearch can have a schema – Fields on which Indexes are created ElasticSearch
  • 12. • Indexes are stored in Lucene Instances called “Shards” • ElasticSearch can have multiple nodes • Two Types of Shards – Primary – Replica • Replicas of Primary Shards – Protect the data – Make Searches Faster ElasticSearch
  • 13. • Wouldn’t it be good to have a webpage to do search on ElasticSearch instead of searching it through a Service • Kibana provides a Simple but Powerful web Interface – Customizable Dashboards – Search the log events • Support Lucene Query Syntax – Creation of tables, graphs and sophisticated visualizations Kibana
  • 16. Demo
  • 17. • Send Alerts – Emails – Instant Messaging – Other Monitoring System • Collect and Deliver Metrics to metric engine Alerts / Monitoring Support
  • 18. • Small VMs with limited memory • Outsourced managed servers • Java not installed • Alternatives – Syslog • Rsyslog • Syslogd • Syslog-NG – Logstash Forwarder (Lumber Jack) Shipping Logs with Logstash Agent
  • 19. • Scale each component as needed • Can be built into using chef and puppet scripts Scaling / Deployment

Editor's Notes

  • #4: DevOps -- the kind of guys who have both a developer and an operator hat making sure that custom developed applications are running smoothly