SlideShare a Scribd company logo

Centralized Logging System Using ELK Stack

Download as PPTX, PDF
Rohit Sharma
Rohit Sharma

Centralized Logging System Using ELK Stack

Technology
1 of 15
Centralized Logging System By:- Rohit Sharma Email:- rohitrsh@gmail.com
Agenda The agenda of this session is below fields: a. Discuss about CLS b. Centralized logging tools c. ELK Stack : Introduction d. Implementation and configuration of ELK stack
What is CLS? • CLS stands for Centralized Logging System. The CLS is designed to collect and manage information retrieved from operating systems and/or applications. This information can then be processed by a central managing system to generate information for auditing and reporting. • Using the Central Logging System, your company is able to analysis the data quickly. The system automates control processes, giving users additional time to respond more effectively to any anomalies. Proper system configuration results in the automatic escalation of events, for example, according to predefined procedures.
Why CLS? – Logs are a critical part of any system, they provide vital information about the application and answer questions on what the system is doing and what has happened. Most of the processes running on the system generate logs in one form or other. For convenience, these logs are often collected in files on a local disk with the log rotation option. When the system is hosted on one machine, file logs are easy to access and analyze, but when system grows to multiple hosts, log management is becoming a nightmare. It is difficult to look up a particular error across thousands of log files on hundreds of servers without the help of specific tools. A common approach to this issue is to deploy and configure a centralized logging system, so that data from each log file of each host is pushed to a central location • Benefits for organization and IT department – Fulfillment of auditing/compliance requirements – Optimization of time and resources – Systems status information – Single point of control – Archived history of your activities – Universality and scalability of your systems – Historical log database
CLS Tools in Market • Splunk • Splunk, an industry-leading platform for machine data, automatically indexes all your log data, including structured, unstructured and complex multi-line application log data. Splunk aims to provide a deeper understanding of real-time data. • Loggly • A cloud-based log management service, Loggly makes the log management process much less cumbersome. With a simple set-up process and intuitive tools, Loggly doesn’t require a ton of on-ramping. Loggly provides immediate value by interpreting and making sense of data pouring in from your applications, platforms and systems instantly. • Graylog2 • An open-source data analytics system that’s been field-tested around the globe, Graylog2 collects and aggregates events from a multitude of sources and presents your data in a streamlines, simplified interface where you can drill down to important metrics, identify key relationships, generate powerful data visualizations and derive actionable insights. • Fluntd • An open-source data collector for processing data streams, fluentd offers more than 150 plugins for extended functionality, more robust log management and additional uses. It works with more than 125 types of systems and is designed for high-volume data streams. You don’t need any ad-hoc scripts to use fluentd; the functionality is built in out of the box. It’s similar to syslogd but uses JSON for log messages.
Introduction to ELK Stack
What is ELK Stack? – Elastisearch ELK Stack offers a set of applications and utilities, each serving a distinct purpose, which combine to create a powerful, end-to-end search and analytics platform. (L)ogstash captures log data in a central location,(E)lastisearch takes it a step further with real-time analysis and (K)ibana transforms data into powerful visualizations for actionable insights. This comprehensive platform is built on Apache Lucene and offered under an Apache 2 Open-Source License. • Key Features: – Stacked solution with powerful components – Powerful analytics with instant insights – Visualize data with Kibana – Resistant clusters for security and reliability – Document-oriented – No Schema; automatic interpretation – Conflict management with optimistic version control – Multi-tenancy with individual or group queries – Redundancy for data security
ELK Solution Architecture  The Shippers usually known as agents , it will forward all the logs to broker which is configure in syslogs to be forward. I have used logstash jumberjack shipper agent.  The Broker just like shipper agent just need to configure it as broker (collector), its store logs in local storage forwarded by shipper agent.  Elasticsearch index all the logs collected by broker agent. For indexing It converts all the logs in Json. So It can be easily stored in any non-structure database (ie mongodb, hadoop)
Logstash – Logstash is a tool for managing events and logs. It is written in JRuby and requires JVM to run it. Usually one client is installed per host, and can listen to multiple sources including log files, Windows events, syslog events, etc. The downside of using JVM is that memory usage can be higher than you would expect for log transportation. However, community has developed Lumberjack that is deployed on each host. It collects and ships logs to Logstash which is running centralized log hosts. Logstash itself is only a client (shipper) that can send log message to centralized storage. • Input: Input can be file, syslog, Redis, logstash-farwarder (Lumberjack) • Filers: are format the logs as per the require format. i.e. apache, syslog. Also we can create custom filer using GROK pattern. • Output: Filtered log output can be stored on Elasticsearch, File, Graphite.  Log processing Input  Filters  Codecs Output
Elasticsearch – ElasticSearch,built on top of Apache Lucene, is a search engine with focus on real-time analysis of the data, and is based on the RESTful architecture. It provides standard full text search functionality and powerful search based on query. ElasticSearch is document-oriented/based and you can store everything you want as JSON. This makes it powerful, simple and flexible. • Indexing: ElasticSearch is able to achieve fast search responses because, instead of searching the text directly, it searches an index instead. • DSL Query: The Query DSL is ElasticSearch's way of making Lucene's query syntax accessible to users, allowing complex queries to be composed using a JSON syntax • Visualize: It can be integrate with any frontend tool which visualize JSON data. • NoSQL Integration: Usually it index and store all the data in local disk, but in big infrastructure it can be integrate with Any NoSQL DB i.e. Cassandra, MongoDB, Hadoop.
Kibana – Kibana is the frontend part of the ELK stack, which will present the data stored from Logstash into ElasticSearch, in a very customizable interface with histogram and other panels which will create a big overview for you. Great for real-time analysis and search of data you have parsed into ElasticSearch, and very easy to implement • Query Dashboard: is use to fetch the data to analytical data for any request of incident on basis of custom query and time stamp. • Monitoring Dashboard: Its static dashboard need, provide various monitoring graphs such as histogram, pie chart on the basis of configured queries.
Enhancements? – As its open source below are the future enhancements : • Email alerting: Currently, Kabana doesn't support email alerting however there’s some plugins are available on github. From that email alerting can be integrate. • GROK Patterns: Using GROK pattern we can easily parse any log format in logstash its uses regex to read the log files print complete exception traces. There are GROK debugger available which reads the logs format and create the GROK patterns – http://grokdebug.herokuapp.com/ • PacketBeat Integration: PacketBeat another frontend solution to visualise elasticsearch index, it provides enhance capabilities to monitor and analysis the logs. – http://packetbeat.com/ • Kibana Queries: As Kibana user DSL (Distributed search language) to analyse the data need to work on it. So we can have good hands on DSL.
Other Solutions – All other open source solution like ELK stack : • Fluentd: Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data – http://www.fluentd.org/architecture • Apache Flume: Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. It has a simple and flexible architecture based on streaming data flows. – http://flume.apache.org/ • Socket Appenders: For log4j can use socket appender, it directly forward logs to logstash broker node. So we can remove logstash-farwarder. – https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/S ocketAppender.html • MongoDB Appenders: This is directly forward log4j logs into MongoDB database. So we can there is no requirement of logstash, we can directly configured eslasticsearch with MongoDB plugin. – https://github.com/log4mongo/log4mongo-net
ELK Stack Questions?
ELK Stack Thank You! Rohit Sharma

Recommended

ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to KibanaVineet .
 
Centralised logging with ELK stack
Centralised logging with ELK stackCentralised logging with ELK stack
Centralised logging with ELK stackSimon Hanmer
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
Introducing ELK
Introducing ELKIntroducing ELK
Introducing ELKAllBits BVBA (freelancer)
 

Recommended

ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to KibanaVineet .
 
Centralised logging with ELK stack
Centralised logging with ELK stackCentralised logging with ELK stack
Centralised logging with ELK stackSimon Hanmer
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
Introducing ELK
Introducing ELKIntroducing ELK
Introducing ELKAllBits BVBA (freelancer)
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaAvinash Ramineni
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
 
Elk
Elk Elk
Elk Caleb Wang
 
ELK introduction
ELK introductionELK introduction
ELK introductionWaldemar Neto
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case studyPaolo Tonin
 
Optimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database DriversOptimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database DriversScyllaDB
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introductionHossein Shemshadi
 
Grafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsGrafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsMarco Pracucci
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explainedconfluent
 
Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stackAWS User Group Bengaluru
 
Graylog
GraylogGraylog
GraylogDiwakar Upadhyay
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Edureka!
 
ELK Stack
ELK StackELK Stack
ELK StackEberhard Wolff
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stackVikrant Chauhan
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaObjectRocket
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersSATOSHI TAGOMORI
 
Centralized logging
Centralized loggingCentralized logging
Centralized loggingblessYahu
 
Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)Thierry Gayet
 
2015 03-16-elk at-bsides
2015 03-16-elk at-bsides2015 03-16-elk at-bsides
2015 03-16-elk at-bsidesJeremy Cohoe
 

More Related Content

What's hot

Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaAvinash Ramineni
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case studyPaolo Tonin
 
Optimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database DriversOptimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database DriversScyllaDB
 
Grafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsGrafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsMarco Pracucci
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explainedconfluent
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Edureka!
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stackVikrant Chauhan
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaObjectRocket
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersSATOSHI TAGOMORI
 
Centralized logging
Centralized loggingCentralized logging
Centralized loggingblessYahu
 

What's hot (20)

Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack Presentation
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
 
Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
 
Log analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and Kibana
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
 
Elk
Elk Elk
Elk
 
ELK introduction
ELK introductionELK introduction
ELK introduction
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case study
 
Optimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database DriversOptimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database Drivers
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
 
Grafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsGrafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for Logs
 
Apache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals ExplainedApache Kafka Architecture & Fundamentals Explained
Apache Kafka Architecture & Fundamentals Explained
 
Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stack
 
Graylog
GraylogGraylog
Graylog
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
 
ELK Stack
ELK StackELK Stack
ELK Stack
 
Log analysis with the elk stack
Log analysis with the elk stackLog analysis with the elk stack
Log analysis with the elk stack
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and Kibana
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
 
Centralized logging
Centralized loggingCentralized logging
Centralized logging
 

Similar to Centralized Logging System Using ELK Stack

Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)Thierry Gayet
 
2015 03-16-elk at-bsides
2015 03-16-elk at-bsides2015 03-16-elk at-bsides
2015 03-16-elk at-bsidesJeremy Cohoe
 
Filebeat Elastic Search Presentation.pptx
Filebeat Elastic Search Presentation.pptxFilebeat Elastic Search Presentation.pptx
Filebeat Elastic Search Presentation.pptxKnoldus Inc.
 
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...ShapeBlue
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudRick Bilodeau
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudStreamsets Inc.
 
Roaring with elastic search sangam2018
Roaring with elastic search sangam2018Roaring with elastic search sangam2018
Roaring with elastic search sangam2018Vinay Kumar
 
Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Data Science Thailand
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3uzzal basak
 
Logging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesLogging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesVineet Sabharwal
 
Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016Sumo Logic
 
Otimizações de Projetos de Big Data, Dw e AI no Microsoft Azure
Otimizações de Projetos de Big Data, Dw e AI no Microsoft AzureOtimizações de Projetos de Big Data, Dw e AI no Microsoft Azure
Otimizações de Projetos de Big Data, Dw e AI no Microsoft AzureLuan Moreno Medeiros Maciel
 
Elk ruminating on logs
Elk ruminating on logsElk ruminating on logs
Elk ruminating on logsMathew Beane
 
Log management with_logstash_and_elastic_search
Log management with_logstash_and_elastic_searchLog management with_logstash_and_elastic_search
Log management with_logstash_and_elastic_searchRishav Rohit
 
Elasticsearch features and ecosystem
Elasticsearch features and ecosystemElasticsearch features and ecosystem
Elasticsearch features and ecosystemPavel Alexeev
 
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly SolarWinds Loggly
 
Introduction to Apache Apex
Introduction to Apache ApexIntroduction to Apache Apex
Introduction to Apache ApexApache Apex
 

Similar to Centralized Logging System Using ELK Stack (20)

Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)
 
2015 03-16-elk at-bsides
2015 03-16-elk at-bsides2015 03-16-elk at-bsides
2015 03-16-elk at-bsides
 
Filebeat Elastic Search Presentation.pptx
Filebeat Elastic Search Presentation.pptxFilebeat Elastic Search Presentation.pptx
Filebeat Elastic Search Presentation.pptx
 
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
 
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets at Cisco Intercloud
 
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco IntercloudCase Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
Case Study: Elasticsearch Ingest Using StreamSets @ Cisco Intercloud
 
Roaring with elastic search sangam2018
Roaring with elastic search sangam2018Roaring with elastic search sangam2018
Roaring with elastic search sangam2018
 
Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
 
Logging using ELK Stack for Microservices
Logging using ELK Stack for MicroservicesLogging using ELK Stack for Microservices
Logging using ELK Stack for Microservices
 
Scality_Presentation.pptx
Scality_Presentation.pptxScality_Presentation.pptx
Scality_Presentation.pptx
 
Prashant_Agrawal_CV
Prashant_Agrawal_CVPrashant_Agrawal_CV
Prashant_Agrawal_CV
 
Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016
 
Otimizações de Projetos de Big Data, Dw e AI no Microsoft Azure
Otimizações de Projetos de Big Data, Dw e AI no Microsoft AzureOtimizações de Projetos de Big Data, Dw e AI no Microsoft Azure
Otimizações de Projetos de Big Data, Dw e AI no Microsoft Azure
 
Elk ruminating on logs
Elk ruminating on logsElk ruminating on logs
Elk ruminating on logs
 
Graylog
GraylogGraylog
Graylog
 
Log management with_logstash_and_elastic_search
Log management with_logstash_and_elastic_searchLog management with_logstash_and_elastic_search
Log management with_logstash_and_elastic_search
 
Elasticsearch features and ecosystem
Elasticsearch features and ecosystemElasticsearch features and ecosystem
Elasticsearch features and ecosystem
 
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly
 
Introduction to Apache Apex
Introduction to Apache ApexIntroduction to Apache Apex
Introduction to Apache Apex
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Centralized Logging System Using ELK Stack

  • 1. Centralized Logging System By:- Rohit Sharma Email:- rohitrsh@gmail.com
  • 2. Agenda The agenda of this session is below fields: a. Discuss about CLS b. Centralized logging tools c. ELK Stack : Introduction d. Implementation and configuration of ELK stack
  • 3. What is CLS? • CLS stands for Centralized Logging System. The CLS is designed to collect and manage information retrieved from operating systems and/or applications. This information can then be processed by a central managing system to generate information for auditing and reporting. • Using the Central Logging System, your company is able to analysis the data quickly. The system automates control processes, giving users additional time to respond more effectively to any anomalies. Proper system configuration results in the automatic escalation of events, for example, according to predefined procedures.
  • 4. Why CLS? – Logs are a critical part of any system, they provide vital information about the application and answer questions on what the system is doing and what has happened. Most of the processes running on the system generate logs in one form or other. For convenience, these logs are often collected in files on a local disk with the log rotation option. When the system is hosted on one machine, file logs are easy to access and analyze, but when system grows to multiple hosts, log management is becoming a nightmare. It is difficult to look up a particular error across thousands of log files on hundreds of servers without the help of specific tools. A common approach to this issue is to deploy and configure a centralized logging system, so that data from each log file of each host is pushed to a central location • Benefits for organization and IT department – Fulfillment of auditing/compliance requirements – Optimization of time and resources – Systems status information – Single point of control – Archived history of your activities – Universality and scalability of your systems – Historical log database
  • 5. CLS Tools in Market • Splunk • Splunk, an industry-leading platform for machine data, automatically indexes all your log data, including structured, unstructured and complex multi-line application log data. Splunk aims to provide a deeper understanding of real-time data. • Loggly • A cloud-based log management service, Loggly makes the log management process much less cumbersome. With a simple set-up process and intuitive tools, Loggly doesn’t require a ton of on-ramping. Loggly provides immediate value by interpreting and making sense of data pouring in from your applications, platforms and systems instantly. • Graylog2 • An open-source data analytics system that’s been field-tested around the globe, Graylog2 collects and aggregates events from a multitude of sources and presents your data in a streamlines, simplified interface where you can drill down to important metrics, identify key relationships, generate powerful data visualizations and derive actionable insights. • Fluntd • An open-source data collector for processing data streams, fluentd offers more than 150 plugins for extended functionality, more robust log management and additional uses. It works with more than 125 types of systems and is designed for high-volume data streams. You don’t need any ad-hoc scripts to use fluentd; the functionality is built in out of the box. It’s similar to syslogd but uses JSON for log messages.
  • 7. What is ELK Stack? – Elastisearch ELK Stack offers a set of applications and utilities, each serving a distinct purpose, which combine to create a powerful, end-to-end search and analytics platform. (L)ogstash captures log data in a central location,(E)lastisearch takes it a step further with real-time analysis and (K)ibana transforms data into powerful visualizations for actionable insights. This comprehensive platform is built on Apache Lucene and offered under an Apache 2 Open-Source License. • Key Features: – Stacked solution with powerful components – Powerful analytics with instant insights – Visualize data with Kibana – Resistant clusters for security and reliability – Document-oriented – No Schema; automatic interpretation – Conflict management with optimistic version control – Multi-tenancy with individual or group queries – Redundancy for data security
  • 8. ELK Solution Architecture  The Shippers usually known as agents , it will forward all the logs to broker which is configure in syslogs to be forward. I have used logstash jumberjack shipper agent.  The Broker just like shipper agent just need to configure it as broker (collector), its store logs in local storage forwarded by shipper agent.  Elasticsearch index all the logs collected by broker agent. For indexing It converts all the logs in Json. So It can be easily stored in any non-structure database (ie mongodb, hadoop)
  • 9. Logstash – Logstash is a tool for managing events and logs. It is written in JRuby and requires JVM to run it. Usually one client is installed per host, and can listen to multiple sources including log files, Windows events, syslog events, etc. The downside of using JVM is that memory usage can be higher than you would expect for log transportation. However, community has developed Lumberjack that is deployed on each host. It collects and ships logs to Logstash which is running centralized log hosts. Logstash itself is only a client (shipper) that can send log message to centralized storage. • Input: Input can be file, syslog, Redis, logstash-farwarder (Lumberjack) • Filers: are format the logs as per the require format. i.e. apache, syslog. Also we can create custom filer using GROK pattern. • Output: Filtered log output can be stored on Elasticsearch, File, Graphite.  Log processing Input  Filters  Codecs Output
  • 10. Elasticsearch – ElasticSearch,built on top of Apache Lucene, is a search engine with focus on real-time analysis of the data, and is based on the RESTful architecture. It provides standard full text search functionality and powerful search based on query. ElasticSearch is document-oriented/based and you can store everything you want as JSON. This makes it powerful, simple and flexible. • Indexing: ElasticSearch is able to achieve fast search responses because, instead of searching the text directly, it searches an index instead. • DSL Query: The Query DSL is ElasticSearch's way of making Lucene's query syntax accessible to users, allowing complex queries to be composed using a JSON syntax • Visualize: It can be integrate with any frontend tool which visualize JSON data. • NoSQL Integration: Usually it index and store all the data in local disk, but in big infrastructure it can be integrate with Any NoSQL DB i.e. Cassandra, MongoDB, Hadoop.
  • 11. Kibana – Kibana is the frontend part of the ELK stack, which will present the data stored from Logstash into ElasticSearch, in a very customizable interface with histogram and other panels which will create a big overview for you. Great for real-time analysis and search of data you have parsed into ElasticSearch, and very easy to implement • Query Dashboard: is use to fetch the data to analytical data for any request of incident on basis of custom query and time stamp. • Monitoring Dashboard: Its static dashboard need, provide various monitoring graphs such as histogram, pie chart on the basis of configured queries.
  • 12. Enhancements? – As its open source below are the future enhancements : • Email alerting: Currently, Kabana doesn't support email alerting however there’s some plugins are available on github. From that email alerting can be integrate. • GROK Patterns: Using GROK pattern we can easily parse any log format in logstash its uses regex to read the log files print complete exception traces. There are GROK debugger available which reads the logs format and create the GROK patterns – http://grokdebug.herokuapp.com/ • PacketBeat Integration: PacketBeat another frontend solution to visualise elasticsearch index, it provides enhance capabilities to monitor and analysis the logs. – http://packetbeat.com/ • Kibana Queries: As Kibana user DSL (Distributed search language) to analyse the data need to work on it. So we can have good hands on DSL.
  • 13. Other Solutions – All other open source solution like ELK stack : • Fluentd: Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data – http://www.fluentd.org/architecture • Apache Flume: Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. It has a simple and flexible architecture based on streaming data flows. – http://flume.apache.org/ • Socket Appenders: For log4j can use socket appender, it directly forward logs to logstash broker node. So we can remove logstash-farwarder. – https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/S ocketAppender.html • MongoDB Appenders: This is directly forward log4j logs into MongoDB database. So we can there is no requirement of logstash, we can directly configured eslasticsearch with MongoDB plugin. – https://github.com/log4mongo/log4mongo-net