And the beats go on! - SoftShake 2016

Transcript

1. ‹#› And the beats go on! David Pilato Developer |

   Evangelist @dadoonet

2. ‹#›

3. 3

4. 4 The only Elasticsearch as a Service offering powered by

   the creators of the Elastic Stack • Always runs on the latest software • One-click to scale/upgrade with no downtime • Free Kibana and backups every 30 minutes • Dedicated, SLA-based support • Easily add X-Pack features: security (Shield), alerting (Watcher), and monitoring (Marvel) • Pricing starts at $45 a month

5. 5

6. None

7. Beats are lightweight shippers that collect and ship all kinds

   of operational data to Elasticsearch

8. Beats are lightweight shippers that collect and ship all kinds

   of operational data to Elasticsearch

9. Beats are lightweight shippers that collect and ship all kinds

   of operational data to Elasticsearch

10. Examples of operational data 10 wire data system stats logs

    Packetbeat Metricbeat Filebeat Winlogbeat

11. Captures insights from network packets 11 Packetbeat

12. Sniffing the network traffic 12 Client Server sniff sniff •

    Copy traffic at OS or hardware level • Is completely passive • ZERO latency overhead • Not in the request/response path, cannot break your application

13. Packetbeat: Real-time application monitoring 13 1 2 3 4 capture

    network traffic decodes network traffic correlates request with response in transactions extract measurements like response time, status 5 group meta info in json objects to send to Elasticsearch It does all of these in real-time directly on the target servers.

14. Packetbeat: Available decoders 14 HTTP MySQL PostgreSQL MongoDB Memcache ICMP

    + Add your own Thrift-RPC DNS Redis AMQP

15. Like the Unix top command but sends the output periodically

    to Elasticsearch. Also works on Windows. 15 Metricsbeat

16. Topbeat: Exported data 16 • system load • total CPU

    usage • CPU usage per core • Swap, memory usage System wide • state • name • command line • pid • CPU usage • memory usage Per process • available disks • used, free space • mounted points Disk usage

17. Forwards log lines to Elasticsearch 17 Filebeat

18. Filebeat: Never lose a log line 18 line line line

    line line read pointer Filebeat Back-pressure sensitive protocol Yo Filebeat, slow it down a bit, pls K buddy line The original log lines act like a queue

19. Filebeat: Parse logs with Logstash Parse logs with Logstash 19

    • Filebeat sends out unparsed log lines • Use filters from Logstash to parse the log lines • Flexible, with conditionals & custom filters • Forward data to other systems using the Logstash output plugins Filebeat Other systems

20. Filebeat: Parse logs with Ingest Node Parse logs with Ingest

    node in Elasticsearch 20 • Filebeat sends out unparsed log lines directly to Elasticsearch • Use Ingest Node processors (grok, geoip…) to parse the log lines • Easier to setup Filebeat 5.0

21. Forwards Windows Event logs to Elasticsearch 21 Winlogbeat

22. Beats Platform 22 Explore & Visualize Search & Analyze Enrich

    & Transport Optional libbeat {Community} Beats Elastic Beats Collect, Parse & Ship

23. Architecture Overview - libbeat 23 {Community}Beat libbeat Outputs * Logstash

    Elasticsearch Config Management Debugging Logging * Syslog File Cmd Line Handling Filtering Testing Testing Environment System Test Framework

24. Produces RPMs, DEBs, … 24 Beats Packer https://github.com/elastic/beats-packer

25. 25

26. 26

27. ‹#› https://github.com/dadoonet/soundbeat metricbeat, packetbeat and soundbeat

28. ‹#› https://github.com/dadoonet/soundbeat thanks!