Avinash Ramineni, profile picture
Uploaded byAvinash Ramineni
PPTX, PDF21,375 views

Log analysis using Logstash,ElasticSearch and Kibana

This document provides an overview of Logstash, Elasticsearch, and Kibana for log analysis. It discusses how logging is used for troubleshooting, security, and monitoring. It then introduces Logstash as an open-source log collection and parsing tool. Elasticsearch is described as a search and analytics engine that indexes log data from Logstash. Kibana provides a web interface for visualizing and searching logs stored in Elasticsearch. The document concludes with discussing demo, installation, scaling, and deployment considerations for these log analysis tools.

Embed presentation

Downloaded 611 times
Log Analysis – Logstash, Elastic Search, Kibana Avinash Ramineni Shantanu Mirajkar
• Logging • Pains of Log Management • Introducing Logstash • Elasticsearch • Kibana • Demo • Installing Logstash, Elasticsearch Kibana • Questions Agenda
• Why do we need Logging ? – Troubleshoot Issues – Security • Analyze logs to detect patterns • Detect Malware Activity - Intrusion Detection, Denial of Service • Unauthorized Resource Usage – Monitoring • Monitor Resource Usage • Developers and Logging – Logging Aids in Development ? – Forget about Production !!!!! Logging
• “Capture-it-all” Approach • What to Log? Everything  • DevOps Movement • Logs are archived for years • Big Data • Application Usage Statistics Logging
• Searching the logs – Command line, cat, tail, sed, grep, awk – Regular Expressions • Multiple Servers behind the load balancer • Multi-Tier Architecture – Web Application – Service Layer – Correlation between various components in a System • Geographically distributed – Timestamps Log management
• Centralize all the Logs – Too much information to go through – Increasingly hard to correlate the contextual Data • Add Searching and Indexing Technology – grep – Custom logging frameworks , custom integration of logging, searching technologies • Monitor the Logs Log management
• Logstash to the Rescue –Integration Framework • Log Collection • Centralization • Parsing • Storage and Search Logstash
• JRuby – Run on Java Virtual Machine (JVM) – Simple Message Based Architecture – Single Agent that can be configured for multiple things – OPEN SOURCE • Four Components – Shipper – Broker and Indexer – Search and Storage – Web Interface Logstash
Architecture Image courtesy of Logstashbook
Architecture - Broker • Acts as Temp Buffer between Logstash Agents and the Central server – Enhance Performance by providing caching buffer for log events – Adds Resiliency • Incase the Indexing fails, the events are held in a queue instead of getting lost • AMQP,0MQ, Redis
• Indexing and Searching Tool – Built on Lucene • Search and Index data available Restfully as JSON over HTTP • Comes bundled with Logstash – embedded • Text indexing Search Engine – Searches on the Index rather than on the content • Creates Indexes of the incoming content – Uses Apache Lucene to create Indexes • ElasticSearch can have a schema – Fields on which Indexes are created ElasticSearch
• Indexes are stored in Lucene Instances called “Shards” • ElasticSearch can have multiple nodes • Two Types of Shards – Primary – Replica • Replicas of Primary Shards – Protect the data – Make Searches Faster ElasticSearch
• Wouldn’t it be good to have a webpage to do search on ElasticSearch instead of searching it through a Service • Kibana provides a Simple but Powerful web Interface – Customizable Dashboards – Search the log events • Support Lucene Query Syntax – Creation of tables, graphs and sophisticated visualizations Kibana
Kibana
Kibana
Demo
• Send Alerts – Emails – Instant Messaging – Other Monitoring System • Collect and Deliver Metrics to metric engine Alerts / Monitoring Support
• Small VMs with limited memory • Outsourced managed servers • Java not installed • Alternatives – Syslog • Rsyslog • Syslogd • Syslog-NG – Logstash Forwarder (Lumber Jack) Shipping Logs with Logstash Agent
• Scale each component as needed • Can be built into using chef and puppet scripts Scaling / Deployment
Industry ExperienceQuestions ? avinash@clairvoyantsoft.com Twitter:@avinashramineni shantanu@clairvoyantsoft.com

More Related Content

PPTX
Centralized Logging System Using ELK Stack
byRohit Sharma
 
PPSX
Microservices Architecture - Cloud Native Apps
byAraf Karsh Hamid
 
PDF
Log analysis with the elk stack
byVikrant Chauhan
 
PPSX
Service Mesh - Observability
byAraf Karsh Hamid
 
PPTX
ELK Stack
byPhuc Nguyen
 
PDF
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
byEdureka!
 
PPTX
Introduction to ELK
byHarshakumar Ummerpillai
 
PDF
Docker 101: Introduction to Docker
byDocker, Inc.
 
Centralized Logging System Using ELK Stack
byRohit Sharma
 
Microservices Architecture - Cloud Native Apps
byAraf Karsh Hamid
 
Log analysis with the elk stack
byVikrant Chauhan
 
Service Mesh - Observability
byAraf Karsh Hamid
 
ELK Stack
byPhuc Nguyen
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
byEdureka!
 
Introduction to ELK
byHarshakumar Ummerpillai
 
Docker 101: Introduction to Docker
byDocker, Inc.
 

What's hot

PDF
OpenShift-Technical-Overview.pdf
byJuanSalinas593459
 
PDF
Microservices for Application Modernisation
byAjay Kumar Uppal
 
PDF
Observability
byDiego Pacheco
 
PPSX
Elastic-Engineering
byAraf Karsh Hamid
 
PPTX
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
bySplunk
 
PDF
Azure Application insights - An Introduction
byMatthias Güntert
 
PPTX
Elastic stack Presentation
byAmr Alaa Yassen
 
PDF
Cloud-Native Observability
byTyler Treat
 
PPTX
Hashicorp Vault Open Source vs Enterprise
byStenio Ferreira
 
PPTX
Elastic Stack Introduction
byVikram Shinde
 
PPTX
Azure Data Factory Data Flows Training (Sept 2020 Update)
byMark Kromer
 
PPTX
Azure App Service
byBizTalk360
 
PPTX
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
byForgeRock
 
PDF
[오픈테크넷서밋2022] 국내 PaaS(Kubernetes) Best Practice 및 DevOps 환경 구축 사례.pdf
byOpen Source Consulting
 
PPTX
Elk
byCaleb Wang
 
PPTX
An Intro to Elasticsearch and Kibana
byObjectRocket
 
PDF
OpenStack Architecture
byMirantis
 
PPTX
Elastic search overview
byABC Talks
 
PPTX
Impala presentation
bytrihug
 
PDF
Introduction To Kibana
byJen Stirrup
 
OpenShift-Technical-Overview.pdf
byJuanSalinas593459
 
Microservices for Application Modernisation
byAjay Kumar Uppal
 
Observability
byDiego Pacheco
 
Elastic-Engineering
byAraf Karsh Hamid
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
bySplunk
 
Azure Application insights - An Introduction
byMatthias Güntert
 
Elastic stack Presentation
byAmr Alaa Yassen
 
Cloud-Native Observability
byTyler Treat
 
Hashicorp Vault Open Source vs Enterprise
byStenio Ferreira
 
Elastic Stack Introduction
byVikram Shinde
 
Azure Data Factory Data Flows Training (Sept 2020 Update)
byMark Kromer
 
Azure App Service
byBizTalk360
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
byForgeRock
 
[오픈테크넷서밋2022] 국내 PaaS(Kubernetes) Best Practice 및 DevOps 환경 구축 사례.pdf
byOpen Source Consulting
 
Elk
byCaleb Wang
 
An Intro to Elasticsearch and Kibana
byObjectRocket
 
OpenStack Architecture
byMirantis
 
Elastic search overview
byABC Talks
 
Impala presentation
bytrihug
 
Introduction To Kibana
byJen Stirrup
 

Similar to Log analysis using Logstash,ElasticSearch and Kibana

PPTX
The Elastic Stack as a SIEM
byJohn Hubbard
 
PDF
Introduction to Kibana
byVineet .
 
PDF
ELK stack introduction
byabenyeung1
 
PPTX
Log management with ELK
byGeert Pante
 
PDF
Mulesoft ELK
byIntegration Assistance
 
PDF
Technology behind-real-time-log-analytics
byData Science Thailand
 
PPTX
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
PPTX
Elk ruminating on logs
byMathew Beane
 
PDF
Logs aggregation and analysis
byDivante
 
PPTX
Kibana+ElasticSearch+LogStash to handle Log messages on Prod servers
byHYS Enterprise
 
DOCX
ESB APPLICTAION IMPROVEMENT -2024 - this
byumabaskaran171094
 
DOCX
Log management with_logstash_and_elastic_search
byRishav Rohit
 
PDF
Logstash: Get to know your logs
bySmartLogic
 
PPT
'Scalable Logging and Analytics with LogStash'
byCloud Elements
 
PPTX
Open source log analytics
byVinod Nayal
 
PDF
Scaling ELK Stack - DevOpsDays Singapore
byAngad Singh
 
PDF
Eko10 - Security Monitoring for Big Infrastructures without a Million Dollar ...
byHernan Costante
 
PDF
elkstack-161217091231.pdf
byAgusNursidik
 
PDF
Logging logs with Logstash - Devops MK 10-02-2016
bySteve Howe
 
PPTX
ELK-Stack-Grid-KA-School.pptx
byabenyeung1
 
The Elastic Stack as a SIEM
byJohn Hubbard
 
Introduction to Kibana
byVineet .
 
ELK stack introduction
byabenyeung1
 
Log management with ELK
byGeert Pante
 
Mulesoft ELK
byIntegration Assistance
 
Technology behind-real-time-log-analytics
byData Science Thailand
 
ELK Ruminating on Logs (Zendcon 2016)
byMathew Beane
 
Elk ruminating on logs
byMathew Beane
 
Logs aggregation and analysis
byDivante
 
Kibana+ElasticSearch+LogStash to handle Log messages on Prod servers
byHYS Enterprise
 
ESB APPLICTAION IMPROVEMENT -2024 - this
byumabaskaran171094
 
Log management with_logstash_and_elastic_search
byRishav Rohit
 
Logstash: Get to know your logs
bySmartLogic
 
'Scalable Logging and Analytics with LogStash'
byCloud Elements
 
Open source log analytics
byVinod Nayal
 
Scaling ELK Stack - DevOpsDays Singapore
byAngad Singh
 
Eko10 - Security Monitoring for Big Infrastructures without a Million Dollar ...
byHernan Costante
 
elkstack-161217091231.pdf
byAgusNursidik
 
Logging logs with Logstash - Devops MK 10-02-2016
bySteve Howe
 
ELK-Stack-Grid-KA-School.pptx
byabenyeung1
 

More from Avinash Ramineni

PPTX
Event Driven Architectures
byAvinash Ramineni
 
PPTX
Practical guide to architecting data lakes - Avinash Ramineni - Phoenix Data...
byAvinash Ramineni
 
PPTX
MongoDB Replication fundamentals - Desert Code Camp - October 2014
byAvinash Ramineni
 
PDF
HBase from the Trenches - Phoenix Data Conference 2015
byAvinash Ramineni
 
PDF
Building zero data loss pipelines with apache kafka
byAvinash Ramineni
 
PDF
Strata+Hadoop World NY 2016 - Avinash Ramineni
byAvinash Ramineni
 
PDF
Effectively deploying hadoop to the cloud
byAvinash Ramineni
 
PDF
Winning the war on data breaches in a changing data landscape
byAvinash Ramineni
 
PDF
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
byAvinash Ramineni
 
PDF
Simplifying the data privacy governance quagmire building automated privacy ...
byAvinash Ramineni
 
Event Driven Architectures
byAvinash Ramineni
 
Practical guide to architecting data lakes - Avinash Ramineni - Phoenix Data...
byAvinash Ramineni
 
MongoDB Replication fundamentals - Desert Code Camp - October 2014
byAvinash Ramineni
 
HBase from the Trenches - Phoenix Data Conference 2015
byAvinash Ramineni
 
Building zero data loss pipelines with apache kafka
byAvinash Ramineni
 
Strata+Hadoop World NY 2016 - Avinash Ramineni
byAvinash Ramineni
 
Effectively deploying hadoop to the cloud
byAvinash Ramineni
 
Winning the war on data breaches in a changing data landscape
byAvinash Ramineni
 
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
byAvinash Ramineni
 
Simplifying the data privacy governance quagmire building automated privacy ...
byAvinash Ramineni
 

Recently uploaded

PDF
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
PPTX
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
PDF
DSD-INT 2025 DevOps - Automated testing and delivery of Delft3D FM - van West...
byDeltares
 
PPTX
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
PDF
Testing in Terraform: only for platform nerds?
byQAware GmbH
 
PPTX
CRM Development Company | Custom CRM Development Services
byyugababu033
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PPTX
Revolutionizing Application Modernization with AI
byKrzysztofKkol1
 
PDF
Oracle NetSuite Integration_ Automation, Benefits and Guide 2026
byTechWize
 
PPTX
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
PDF
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
PDF
DSD-INT 2025 How mangroves and past land-use change are affecting compound fl...
byDeltares
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PDF
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
PDF
Internship Project Training Report-3.pdf
byPawank36
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PDF
DSD-INT 2025 Delft3D-GeoTool - an interface for long-term numerical modelling...
byDeltares
 
PDF
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
PDF
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
PDF
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
DSD-INT 2025 DevOps - Automated testing and delivery of Delft3D FM - van West...
byDeltares
 
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
Testing in Terraform: only for platform nerds?
byQAware GmbH
 
CRM Development Company | Custom CRM Development Services
byyugababu033
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
Revolutionizing Application Modernization with AI
byKrzysztofKkol1
 
Oracle NetSuite Integration_ Automation, Benefits and Guide 2026
byTechWize
 
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
DSD-INT 2025 How mangroves and past land-use change are affecting compound fl...
byDeltares
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
Internship Project Training Report-3.pdf
byPawank36
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
DSD-INT 2025 Delft3D-GeoTool - an interface for long-term numerical modelling...
byDeltares
 
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
In this document
Powered by AI

Overview of logging, log management challenges, introduction to Logstash, Elasticsearch, Kibana and demo.

Need for logging includes troubleshooting and security, captures application usage and big data insights.

Discusses the need for searching logs across environments, centralization of logs, and addition of indexing technologies.

Introduces Logstash as an integration framework, describing its components and operational capabilities.

Explains Logstash architecture with a focus on the broker's role for performance and resiliency.

Details on Elasticsearch's indexing mechanism and the shard architecture for data protection and search speed.

Kibana enables user-friendly web interface for searching and creating visualizations on Elasticsearch data.

Practical demo of functionalities and how to send alerts via various channels when specific events occur.

Discusses alternatives for log shipping when traditional environments face constraints like limited memory.

Focus on scaling components independently and deployment strategies using tools like Chef and Puppet.

Wrap-up of the presentation, inviting questions and providing contact information for follow-up.

Log analysis using Logstash,ElasticSearch and Kibana

  • 1.
    Log Analysis –Logstash, Elastic Search, Kibana Avinash Ramineni Shantanu Mirajkar
  • 2.
    • Logging • Painsof Log Management • Introducing Logstash • Elasticsearch • Kibana • Demo • Installing Logstash, Elasticsearch Kibana • Questions Agenda
  • 3.
    • Why dowe need Logging ? – Troubleshoot Issues – Security • Analyze logs to detect patterns • Detect Malware Activity - Intrusion Detection, Denial of Service • Unauthorized Resource Usage – Monitoring • Monitor Resource Usage • Developers and Logging – Logging Aids in Development ? – Forget about Production !!!!! Logging
  • 4.
    • “Capture-it-all” Approach •What to Log? Everything  • DevOps Movement • Logs are archived for years • Big Data • Application Usage Statistics Logging
  • 5.
    • Searching thelogs – Command line, cat, tail, sed, grep, awk – Regular Expressions • Multiple Servers behind the load balancer • Multi-Tier Architecture – Web Application – Service Layer – Correlation between various components in a System • Geographically distributed – Timestamps Log management
  • 6.
    • Centralize allthe Logs – Too much information to go through – Increasingly hard to correlate the contextual Data • Add Searching and Indexing Technology – grep – Custom logging frameworks , custom integration of logging, searching technologies • Monitor the Logs Log management
  • 7.
    • Logstash tothe Rescue –Integration Framework • Log Collection • Centralization • Parsing • Storage and Search Logstash
  • 8.
    • JRuby – Runon Java Virtual Machine (JVM) – Simple Message Based Architecture – Single Agent that can be configured for multiple things – OPEN SOURCE • Four Components – Shipper – Broker and Indexer – Search and Storage – Web Interface Logstash
  • 9.
  • 10.
    Architecture - Broker •Acts as Temp Buffer between Logstash Agents and the Central server – Enhance Performance by providing caching buffer for log events – Adds Resiliency • Incase the Indexing fails, the events are held in a queue instead of getting lost • AMQP,0MQ, Redis
  • 11.
    • Indexing andSearching Tool – Built on Lucene • Search and Index data available Restfully as JSON over HTTP • Comes bundled with Logstash – embedded • Text indexing Search Engine – Searches on the Index rather than on the content • Creates Indexes of the incoming content – Uses Apache Lucene to create Indexes • ElasticSearch can have a schema – Fields on which Indexes are created ElasticSearch
  • 12.
    • Indexes arestored in Lucene Instances called “Shards” • ElasticSearch can have multiple nodes • Two Types of Shards – Primary – Replica • Replicas of Primary Shards – Protect the data – Make Searches Faster ElasticSearch
  • 13.
    • Wouldn’t itbe good to have a webpage to do search on ElasticSearch instead of searching it through a Service • Kibana provides a Simple but Powerful web Interface – Customizable Dashboards – Search the log events • Support Lucene Query Syntax – Creation of tables, graphs and sophisticated visualizations Kibana
  • 14.
  • 15.
  • 16.
  • 17.
    • Send Alerts –Emails – Instant Messaging – Other Monitoring System • Collect and Deliver Metrics to metric engine Alerts / Monitoring Support
  • 18.
    • Small VMswith limited memory • Outsourced managed servers • Java not installed • Alternatives – Syslog • Rsyslog • Syslogd • Syslog-NG – Logstash Forwarder (Lumber Jack) Shipping Logs with Logstash Agent
  • 19.
    • Scale eachcomponent as needed • Can be built into using chef and puppet scripts Scaling / Deployment
  • 20.

Editor's Notes

  • #4 DevOps -- the kind of guys who have both a developer and an operator hat making sure that custom developed applications are running smoothly