• Home

  • Documents

  • Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum...
14
Log Analysis using Open Source Scalable Systems Gurvinder Singh UNINETT

Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

  • Upload
    others

  • View
    8

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Log Analysis using Open Source Scalable SystemsGurvinder SinghUNINETT

Page 2: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Motivation

● Distributed Systems

● In the moment of heat

● Centeralized interface to logs

● Easier access

● Detection of hidden pattern

4/25/14 SLIDE 2

http://www.themeparkreview.com/tatsumediaday/tatsumediaday57.jpg

http://www.themeparkreview.com/tatsumediaday/tatsumediaday57.jpg
Page 3: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Challenges

● Almost every component generates logs

● Different Formats and logging methods

● Different requirements for processing

● Dashboards

● Alerts

4/25/14 SLIDE 3

http://img72.imageshack.us/img72/3885/nephew2logs.jpg

http://img72.imageshack.us/img72/3885/nephew2logs.jpg
Page 4: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Components

● Logstash

● Elasticsearch

● Kibana

● Redis

● Beaver

● Logstash-forwarder

● .....

4/25/14 SLIDE 4

Page 5: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Most Common Architecture

Page 6: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Architecture

Page 7: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Architecture

Page 8: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Architecture

Page 9: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Architecture

Page 10: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Production Architecture

Page 11: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Demo

Page 12: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Possible Input/Processing/Output Options

4/25/14SLIDE

12

Page 13: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Experience till yet

● Data Model to make consistent view of log fields across services

– e.g. Search for user «xyz» in all different services

– Give me all the logs from host «X» for all the services

● Avoid single point of failure if possible

● Automate setup to help scale easily

● Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue

● No users concept in the Elasticsearch or Kibana

● Lack of access & authorization control

● Lack of Hierarichical storage support to exploit fast stroage medium to hot data and slow storage medium for cold data

4/25/14SLIDE

13

Page 14: Log Analysis using Open Source Scalable Systems...Automate setup to help scale easily Set minimum number of master nodes in Elasticsearch cluster to avoid split-brain issue No users

Questions?

4/25/14SLIDE

14


Elasticsearch Py

Elasticsearch Py

Documents
ElasticSearch - EuroPython · elasticsearch • Mostly by Shay Banon • Open Source - Apache Licence • Java • Backed by the ElasticSearch company • Careful feature development

ElasticSearch - EuroPython · elasticsearch • Mostly by Shay Banon • Open Source - Apache Licence • Java • Backed by the ElasticSearch company • Careful feature development

Documents
ELASTICSEARCH INTRODUCTION › content › download › 6739 › 115193 › file...ELASTICSEARCH INTRODUCTION Zagreb, 27.03.2015. Kristijan Duvnjak & Mladen Maravi ć Elasticsearch

ELASTICSEARCH INTRODUCTION › content › download › 6739 › 115193 › file...ELASTICSEARCH INTRODUCTION Zagreb, 27.03.2015. Kristijan Duvnjak & Mladen Maravi ć Elasticsearch

Documents
Elasticsearch: Accelerating the Django Admin · Elasticsearch Service elastic cloud Elasticsearch Reference + + + + + + + Elasticsearch Reference: 6.4 (current) Getting Started Set

Elasticsearch: Accelerating the Django Admin · Elasticsearch Service elastic cloud Elasticsearch Reference + + + + + + + Elasticsearch Reference: 6.4 (current) Getting Started Set

Documents
PeopleSoft Spotlight Series - Oracle...Understanding the Elasticsearch DPK The Elasticsearch Deployment Package (DPK): •Contains scripts to automate most of the tasks needed to set

PeopleSoft Spotlight Series - Oracle...Understanding the Elasticsearch DPK The Elasticsearch Deployment Package (DPK): •Contains scripts to automate most of the tasks needed to set

Documents
Intro to Elasticsearch

Intro to Elasticsearch

Technology
Elasticsearch Aggregations

Elasticsearch Aggregations

Software
1010-Managing Black Friday Logs BigDataDays · Data your{beat} Elasticsearch Master Nodes (3) Ingest Nodes (X) Data Nodes Hot (X) Data Notes Warm (X) Logstash Nodes (X) Kibana Instances

1010-Managing Black Friday Logs BigDataDays · Data your{beat} Elasticsearch Master Nodes (3) Ingest Nodes (X) Data Nodes Hot (X) Data Notes Warm (X) Logstash Nodes (X) Kibana Instances

Documents
ElasticSearch Introduction

ElasticSearch Introduction

Engineering
Elasticsearch 5 in Amazon Elasticsearch Service

Elasticsearch 5 in Amazon Elasticsearch Service

Technology
BigData, NoSQL & ElasticSearch

BigData, NoSQL & ElasticSearch

Technology
Discovering ElasticSearch

Discovering ElasticSearch

Technology
Elasticsearch Documentation

Elasticsearch Documentation

Documents
Elasticsearch Workshop

Elasticsearch Workshop

Data & Analytics
Elasticsearch at CrowdWorks

Elasticsearch at CrowdWorks

Technology
Elasticsearch - nosqlroadshow.comnosqlroadshow.com/.../elasticsearch_Alexander_Reelsen.pdf · Elasticsearch - The Company • Founded in 2012 • By the people behind the Elasticsearch

Elasticsearch - nosqlroadshow.comnosqlroadshow.com/.../elasticsearch_Alexander_Reelsen.pdf · Elasticsearch - The Company • Founded in 2012 • By the people behind the Elasticsearch

Documents
Elasticsearch at Dailymotion

Elasticsearch at Dailymotion

Presentations & Public Speaking
Introduction to ElasticSearch

Introduction to ElasticSearch

Technology
Elasticsearch Terminology

Elasticsearch Terminology

Technology
Neo4j Integration with ElasticSearch - ElasticSearch Meetup

Neo4j Integration with ElasticSearch - ElasticSearch Meetup

Data & Analytics
Elasticsearch, Logstash, and Other Data · Elasticsearch, Logstash, and Other Data Preamble and Introduction Overview • Elasticsearch – a search engine • Logstash – filters

Elasticsearch, Logstash, and Other Data · Elasticsearch, Logstash, and Other Data Preamble and Introduction Overview • Elasticsearch – a search engine • Logstash – filters

Documents
Elasticsearch 5.0

Elasticsearch 5.0

Technology
The Elasticsearch-Kibana plugin for Fuel Documentationplugins.mirantis.com/docs/e/l/elasticsearch_kibana/elasticsearch... · CHAPTER ONE USER DOCUMENTATION 1.1Overview The Elasticsearch-Kibana

The Elasticsearch-Kibana plugin for Fuel Documentationplugins.mirantis.com/docs/e/l/elasticsearch_kibana/elasticsearch... · CHAPTER ONE USER DOCUMENTATION 1.1Overview The Elasticsearch-Kibana

Documents
Dell EMC Search · above Elasticsearch. Elasticsearch cluster ports NGINX TCP/ HTTPS 9300– 9400 Ports for communicating with Elasticsearch (Index data nodes). Elasticsearch cluster

Dell EMC Search · above Elasticsearch. Elasticsearch cluster ports NGINX TCP/ HTTPS 9300– 9400 Ports for communicating with Elasticsearch (Index data nodes). Elasticsearch cluster

Documents
Elasticsearch 20150107

Elasticsearch 20150107

Engineering
Dirty Jobs: Database Edition · Elasticsearch ObjectRocket for Elasticsearch offers various data node sizes (for vertical scaling) and can support anywhere from 2 to 30+ data nodes

Dirty Jobs: Database Edition · Elasticsearch ObjectRocket for Elasticsearch offers various data node sizes (for vertical scaling) and can support anywhere from 2 to 30+ data nodes

Documents
ElasticSearch 5.x - New Tricks - 2017-02-08 - Elasticsearch Meetup

ElasticSearch 5.x - New Tricks - 2017-02-08 - Elasticsearch Meetup

Data & Analytics
ElasticSearch with Tire

ElasticSearch with Tire

Documents
Elasticsearch @ Keboola

Elasticsearch @ Keboola

Software
Elasticsearch & Docker

Elasticsearch & Docker

Documents