Awesome Monitoring Infrastructure Using the Elastic Stack

LINUX.CONF.AU21-25 January 2019 | Christchurch | NZ

The Linux of Things#LCA2019@linuxconfau

Awesome MonitoringInfrastructure Using the

Elastic Stack

LINUX.CONF.AU21-25 January 2019 Christchurch, NZ

The Linux of Things | #LCA2019 | @linuxconfau

Mark Walkom @warkolmKaren Carcamo @karencfv

www.elastic.co

Please install Docker :)

docker pull docker.elastic.co/elasticsearch/elasticsearch:6.5.4docker.elastic.co/elasticsearch/elasticsearch:6.5.4-oss

docker pull docker.elastic.co/kibana/kibana:6.5.4docker pull docker.elastic.co/kibana/kibana:6.5.4-oss

Commands at https://go.es.io/2MjxC9MSlides at https://go.es.io/2FN9ufo

https://github.com/markwalkom/bloomsky-on-elastic

Elastic Stack Elasticsearch, Kibana, Beats, and Logstash

Store, Search, & Analyze

Visualize & Manage

Ingest

Elastic Stack

Kibana

Elasticsearch

Beats Logstash

Elastic Stack

● Scalable

● Real-time

● Highly available

● Developer-friendly

● Versatile storage

● Query & aggregations

ElasticsearchHeart of the Elastic Stack

MACHINE LEARNING

TEMPORAL

GEOSPATIAL

AGGREGATION

● Visualize and explore

● Manage and monitor

● Share and report

● Developer tools

● Time-series analysis

● Geospatial exploration

KibanaWindow into the Elastic Stack

All the visualizations you expect, and then some more

OOTB dashboards for 50+ (and growing) data sources

● Ship from any source

● Transform at the edge

● Docker and k8s ready

● Cloud metadata enrichment

● 70+ community Beats

● 50+ modules

BeatsLightweight data shippers

FILEBEATLog Files

METRICBEATMetrics

PACKETBEATNetwork Data

WINLOGBEATWindow Events

HEARTBEATUptime Monitoring

AUDITBEATAudit Data

FUNCTIONBEATServerless Monitoring

Plus a growing set of community Beats

● Flexible ETL engine

● Parse & transform data

● Many inputs & outputs

● Horizontally scalable

● 200+ pluginsLogstash

Data processing pipeline

ModulesData to dashboards in 5 minutes

Turnkey for many formatsAutomated data parsing Out of the box dashboardsPreconfigured ML jobs

Let’s get started

Let’s Install Elasticsearch

docker pull docker.elastic.co/elasticsearch/elasticsearch:6.5.4

docker pull docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4

• https://www.elastic.co/guide/en/elasticsearch/reference/6.5/docker.html

• https://www.docker.elastic.co/

• https://hub.docker.com/_/elasticsearch

Let’s Run Elasticsearch

docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:6.5.4

docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:6.5.4

• https://www.elastic.co/guide/en/elasticsearch/reference/6.5/docker.html

version: '2.2'services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:6.5.4 volumes: - esdata:/usr/share/elasticsearch/data ports: - 9200:9200

volumes: esdata: driver: local

Let’s docker-compose Elasticsearch

Let’s (just) Elasticsearch

curl 0:9200/_cat/

curl 0:9200/_cat/health

curl 0:9200/_cat/indices?v

• https://www.elastic.co/guide/en/elasticsearch/reference/6.5/cat.html

docker pull docker.elastic.co/kibana/kibana:6.5.4

docker pull docker.elastic.co/kibana/kibana-oss:6.5.4

• https://www.elastic.co/guide/en/kibana/6.5/docker.html

• https://www.docker.elastic.co/

• https://hub.docker.com/_/kibana

Kibana Install

docker run docker.elastic.co/kibana/kibana:6.5.4 -p 5601:5601 -e "elasticsearch.url=localhost:9200"

• (wait for it)• Open http://localhost:5601/

Kibana Run

kibana: image: docker.elastic.co/kibana/kibana:6.5.4 links: - elasticsearch ports: - 5601:5601

• Use the complete Docker compose file in the gist

Let’s docker-compose Kibana

• Just run that command• Alternatively;

docker-compose up -d

docker-compose up

Metricbeat

https://www.elastic.co/guide/en/beats/metricbeat/current/index.html

• Download the binary• Extract

./metricbeat

• STOP!

./metricbeat setup --help

./metricbeat modules --help

Metricbeat Install and Run

./metricbeat modules list

./metricbeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'

./metricbeat setup --dashboards

./metricbeat

• Enable the system module• See also https://go.es.io/2T44qWN

Filebeat

https://www.elastic.co/guide/en/beats/filebeat/current/index.html

./filebeat

• Remember

./filebeat setup --help

./filebeat modules --help

Filebeat Install and Run

./filebeat modules list

./filebeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'

./filebeat setup --dashboards

./filebeat

• Enable the system module• See also https://go.es.io/2T44qWN

Filebeat Install and Run

Let’s kick it up a notch

Metricbeat - Enable the docker module

Filebeat - Enable the docker input

Let’s analyse Elasticsearch traffic!

Packetbeat

https://www.elastic.co/guide/en/beats/packetbeat/current/index.html

./packetbeat

• Remember

./packetbeat setup --help

./packetbeat modules --help

Packetbeat Install and Run

./packetbeat modules list

./packetbeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'

./packetbeat setup --dashboards

./packetbeat

• See also https://go.es.io/2T44qWN

Heartbeat

https://www.elastic.co/guide/en/beats/heartbeat/current/index.html

./heartbeat

• Remember

./heartbeat setup --help

./heartbeat modules --help

Heartbeat Install and Run

./heartbeat modules list

./heartbeat setup --template -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["localhost:9200"]'

./heartbeat setup --dashboards

./heartbeat

• See also https://go.es.io/2T44qWN

Heartbeat Install and Run

Community beatsLogstash!Elasticsearch Ingest[Heart|Winlog|DIY]beatAPMDashboards

Whakawhetai Koe!

Awesome Monitoring Infrastructure Using the Elastic Stack

Documents

Kibana + timelion: time series with the elastic stack

Deploying the Elastic Stack on Dell EMC PowerFlex family

IBM Common Data Provider for z Systems: Elastic Stack

Three Pilars of Observability Kubernetes with Elastic Stack · Docker • Kubernetes ... APM adds end-user experience and application-level monitoring to the stack ... • Fluentd

Machine Learning and the Elastic Stack

Update (sys)logging UNIPR a Elastic Stack

Elastic Inversion Using Partial Stack Seismic Data: Case Histories in China

Elastic stack

Observability with elastic · Why elastic stack? 7 • Opensource or free • Fast and reliable • Heavily used in world –good support • Simple to install and operate (excluding

Lo Stack Elastic e l'analisi dei LOG - Seacom

02 December 2021 Elastic Stack Workshop

Elastic Stack Overview · Elastic Stack Overview The world’s most popular enterprise products for real-time search, logging, analytics, and more . ... Kafka Redis Messaging Queue

Big data expo - machine learning in the elastic stack

Cisco UCS Integrated Infrastructure for Big Data with ... · The Elastic Stack (previously known as the ELK Stack) is a combination of powerful, open-source software products for

Elastic Stack for Security Monitoring 1 in a Nutshell · Monitoring) Why Elastic Stack? • (Free) Open Source Software • Distributed, real-time search and analytics (very scalable)

Elastic Reports Strong Second Quarter Fiscal 2021 Financial Results · 2020. 12. 2. · Elastic released version 7.10 of the Elastic Stack. Included in this release were innovations

How bol.com makes sense of its logs, using the Elastic technology stack

Elastic Stack Overview · Store, Search, & Analyze Visualize & Manage Ingest Elastic Stack SOLUTIONS Elastic Stack Kibana Elasticsearch Beats Logstash ... Elasticsearch Master (3)

201708 Seoul Meetup - s3.ap-northeast-2. · PDF fileCommon Architecture of Elastic Stack Beats ... •es-hadoop에서maven을이용하여library를추가하는방법도있는데,

The Elastic Stack - openSUSE · The Elastic stack ... The Elastic stack (formerly: ELK stack) Elasticsearch Kibana Logstash. Database UI Log server / parser. 12