ELK
Elasticsearch Logstash Kibana
Alina GHERMAN
20/04/2017
About me
AGENDA - ELK
- La stack ELK
- Les trois principaux composants de la stack
- Comment peut-on tester la stack ELK rapidement?
- Demo
- D'autres composants de la stack
La stack ELK
Elasticsearch Logstash Kibana
- Est une full stack distribuée utilisé souvent pour l'analyse des logs, mais aussi pour l'exploration des données en temps rèel
- Alternative:
- Splunk :)
- Solr pour elasticsearch
- Grafana pour Kibana
- ...
ELK
End To End Stack that can deliver big data real time analysis
Utilisateur
Logstash
Mes données
Elasticsearch
Kibana
Vizualisation
Sauvegarde et recherche
Ingestion et traitements de nettoyage
- json
- http
- kafka
- salesforce
- s3
- file (logs,json...)
...
- Temps-Reel
- Distribué
- Schema-less
- Speaks JSON
- Restful API
- Basé sur Lucene
- Intégration facile avec Elasticsearch
- Mise en place facile
- Analyse Ad-Hoc
- Dashboards
Comment tester LA STACK ELK RAPIDEMENT?
1. Utiliser le "ELK as a Service"
https://www.elastic.co/fr/cloud/as-a-service
-
Trial de 14 jours
-
1 GB mémoire
-
24 GB disk
2. UTILISER DOCKER
https://hub.docker.com/r/sebp/elk/
- https://hub.docker.com/r/sebp/elk/
- 1GB memory
- 24GB storage
- High availability across two zones
DEMO
https://github.com/veve90/VideoCapgeminiELK
Les DONNES DE DEMO
{
"venue": {"venue_name": "Lavender MRT Station","lon": 103.841484,"lat": 1.289644, "venue_id": 23389692},
"visibility": "public",
"response": "yes",
"guests": 0,
"member": {
"member_id": 98130812,
"photo": "https:\/\/secure.meetupstatic.com\/photos\/member\/1\/4\/f\/2\/thumb_126845362.jpeg",
"member_name": "LOO CHOON BOON"
},
"rsvp_id": 1662954951,
"mtime": 1491964070655,
"event": {
"event_name": "Nature cafe @Aperia mall ", "event_id": "239125933", "time": 1493116200000,
"event_url": "https:\/\/www.meetup.com\/TRAVEL-LEISURE-CARE\/events\/239125933\/"},
"group": {
"group_topics": [{
"urlkey": "hiking",
"topic_name": "Hiking"
},
{
"urlkey": "socialnetwork",
"topic_name": "Social Networking"
}],
"group_city": "Singapore",
"group_country": "sg","group_id": 14057192,
"group_name": "TRAVEL, LEISURE & CARE (TLC)",
"group_lon": 103.85,"group_urlname": "TRAVEL-LEISURE-CARE","group_lat": 1.3
}
}
LES DONNES DE DEMO
LA CONFIGURATION LOGSTASH
input { pipe { command => "curl -i http://stream.meetup.com/2/rsvps"} }
filter {
json { source => "message" }
}
output {
elasticsearch{
hosts=>["127.0.0.1:9200"]
index => "capgemini_meetup"
document_type => "capgemini_meetup_rsvp"
flush_size => 1000 }
stdout{ codec=>rubydebug}
}
D'autres composants de la stack
- Beats
- La X-PACK contient:
- Securité : l'ancien shield
- Alerting : watcher
- Monitoring: marvel
- Reporting: Kibana
- Graph: graph
- ...
Merci beaucoup!
ELK #Capgemini
By Alina GHERMAN
