Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to the ELK stack

098332e9d988080a9057816f84d668f7?s=47 Elasticsearch Inc
October 09, 2014
Technology
9
4.8k

Introduction to the ELK stack

Presented by Alexander Reelsen at the Code.Talk 2014 Conference, Hamburg

In this presentation, Alexander provides an overview of the Elasticsearch ELK stack - that's Elasticsearch + Logstash + Kibana - and why Elasticsearch Inc. created this stack.

098332e9d988080a9057816f84d668f7?s=128

Elasticsearch Inc

October 09, 2014
Tweet

More Decks by Elasticsearch Inc

See All by Elasticsearch Inc
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
13
1.2k
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
15
1.5k
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
3
1.5k
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
4
1k
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
5
1.8k
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
3
740
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
3
730
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
4
2.6k
098332e9d988080a9057816f84d668f7?s=48 elasticsearch
1
680

Other Decks in Technology

See All in Technology
0ff628872d7bd890507a43c7c20b1804?s=48 yshr1200
0
170
Ff7f1f76468f46a1c5c84b9238a4b162?s=48 miyake
1
410
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
1
170
9cdd446fb259ec93e52d4388f60197f8?s=48 karamem0
1
720
6ac7c50770603b53964d44db373e8e48?s=48 willnet
12
4.1k
40c17fd99791bbfbed1730cd1ae5a2c0?s=48 mii3king
0
420
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
140
0deae06ab5d86b39feeec2e23a30b88a?s=48 yoku0825
PRO
3
120
Ddac93a4fdff089ff3c641b7c1d02255?s=48 imdigitallab
0
130
3a95702770e66754d87b824c1400054f?s=48 oliva
7
1.1k
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
120
E2b74c9e19b501ba31419fc6a1f8548f?s=48 hito58
1
730

Featured

See All Featured
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
224
8.5k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
84
7.9k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
167
7.2k
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
252
19k
39488f9d172ab92fd352f2cd7b73258d?s=48 mza
80
4.1k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
10
500
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
52
4.2k
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
294
28k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
54
1.9k
E13c31390e0369fcd5972292ce0e7b92?s=48 jnunemaker
PRO
40
4.6k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
308
17k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1021
380k

Transcript

  1. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Alexander Reelsen alexander.reelsen@elasticsearch.com @spinscale Introduction into the ELK stack

  2. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Agenda • Introduction • The ELK stack • Samples, samples, samples • Summary

  3. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited About Elasticsearch • Founded 2012 in Amsterdam • Funded by Benchmark, Index Ventures and NEA Ventures • Distributed company Offices in Los Altos, Amsterdam, London, Berlin, Phoenix • Offering support subscriptions & trainings • We’re hiring

  4. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited About me • Joined early 2013 • Interested in all things scale, search & concurrency • Elasticsearch developer, doing trainings, support, blog posts, conferences, presentations

  5. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited About me • Joined early 2013 • Interested in all things scale, search & concurrency • Elasticsearch developer, doing trainings, support, blog posts, conferences, presentations

  6. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Introduction

  7. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited • What is the core asset of your company? Ideas, patents, employees, customers, warehouse, software, ... • Where to invest/develop next? • Data driven decisions How do you decide?

  8. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited • What is the core asset of your company? Ideas, patents, employees, customers, warehouse, software, ... • Where to invest/develop next? • Data driven decisions logfiles for scaling up/down warehouse withdrawal triggers orders history for fraud detection assembly line, throughput improvement ! ... data explosion How do you decide?

  9. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited More data is Big Data • More and more data Recommendations, page views, IoT, social media • Better decisions == more data? ! but ...

  10. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited The Big Data promise

  11. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited The Big Data promise problem

  12. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited The Big Data promise problem reaction time Time between storing and analysing an event

  13. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited The Big Data promise problem Increase event value by enriching enrichment reaction time

  14. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited The Big Data promise problem optimize for query, not for storage enrichment reaction time insights

  15. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited No problem, lets make up a new job title • We failed so hard in this industry, that we created a new job to clean up this mess

  16. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited No problem, lets make up a new job title • We failed so hard in this industry, that we created a new job to clean up this mess Source: http://drewconway.com/zia/2013/3/26/the-data-science-venn-diagram

  17. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Data scientist problem • Result of a flawed infrastructure • Result of a flawed process/company politics • Often doing someone else job Enriching data, getting data, creating reports ! ! • Data scientists are important, lets help them to do their real job, which is not ETL but providing information!

  18. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Requirements • Clean data to work on • Fast analysis chain near real-time • Easy to use user interface Everyone is able to create own reports ! ! Meet the ELK stack

  19. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited The ELK stack

  20. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited The ELK stack Logstash Store/Search Data Visualize

  21. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Logstash Logstash Store/Search Data Visualize

  22. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Logstash • Managing events and logs • Collect data • Parse data • Enrich data • Store data • Open Source: Apache License 2.0

  23. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Logstash architecture Input datastore stream log files files monitoring queues network Filter Output Logstash parse, enrich, tag, drop datastore files email pager monitoring chat API queues

  24. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Logstash architecture Input datastore stream log files files monitoring queues network Filter Output Logstash parse, enrich, tag, drop datastore files email pager monitoring chat API queues ip: 141.1.1.1 ip: 141.1.1.1 city: Zurich country: CH

  25. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Elasticsearch Logstash Store/Search Data Visualize

  26. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Elasticsearch • Schema-free, REST & JSON based distributed search engine • Open Source: Apache License 2.0 • Easy to understand, yet very powerful query language Full text search (phrase, fuzzy) Numeric search (support ranges, dates, ipv4 addresses) Highlighting Aggregations Suggestions

  27. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Wenn Suchboxen nicht funktionieren Wie am besten die Qualitaet der eigenen Suchapplikation sicherstellen? ! ! Isabel Drost-Fromm ! Freitag, 15:00 Uhr, Kinosaal 8

  28. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana • Execute queries on your data & visualize results • Add/remove widgets • Share/Save/Load dashboards • Open Source: Apache License 2.0

  29. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana

  30. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Samples, samples, samples

  31. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Samples • Guardian case study • Web server logs • meetup.com RSVP stream • Wikipedia update stream • sysdig output

  32. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Case Study: The Guardian • Ophan: In-house analytics software • Empower the organization Give the entire organization real-time insight into audience engagement Democratize analytics access for more than 500 users Encourage a culture of exploration and innovation for all employees • Leverage real-time analytics Easily query 360 million documents See traffic for all content as it happens

  33. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Case Study: The Guardian

  34. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Case Study: The Guardian

  35. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Case Study: The Guardian

  36. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Case Study: The Guardian

  37. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Example: Web server log files

  38. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Example: Web server log files input { stdin {} }! ! filter {! grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }! ! date { match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ] }! ! geoip { source => “clientip" }! ! useragent {! source => "agent"! target => "useragent"! }! }! ! output {! elasticsearch {! protocol => "http"! host => "localhost"! }! }

  39. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Example: Web server log files input { stdin {} }! ! filter {! grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }! ! date { match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ] }! ! geoip { source => “clientip" }! ! useragent {! source => "agent"! target => "useragent"! }! }! ! output {! elasticsearch {! protocol => "http"! host => "localhost"! }! } cat access.log | logstash agent -f logstash-logs.conf

  40. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Example: Web server log files {! "message" => "83.149.9.216 - - [28/May/2014:16:13:42 -0500] \"GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1\" 200 203023 \"http://semicomplete.com/presentations/logstash-monitorama-2013/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"",! "@version" => "1",! "@timestamp" => "2014-05-28T21:13:42.000Z",! "host" => "kryptic.local",! "clientip" => "83.149.9.216",! "ident" => "-",! "auth" => "-",! "timestamp" => "28/May/2014:16:13:42 -0500",! "verb" => "GET",! "request" => "/presentations/logstash-monitorama-2013/images/kibana-search.png",! "httpversion" => "1.1",! "response" => "200",! "bytes" => "203023",! "referrer" => "\"http://semicomplete.com/presentations/logstash-monitorama-2013/\"",! "agent" => "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36\"",! "geoip" => {! "ip" => "83.149.9.216",! "country_code2" => "RU",! "country_code3" => "RUS",! "country_name" => "Russian Federation",! "continent_code" => "EU",! "region_name" => "48",! "city_name" => "Moscow",! "latitude" => 55.75219999999999,! "longitude" => 37.6156,! "timezone" => "Europe/Moscow",! "real_region_name" => "Moscow City",! "location" => [! [0] 37.6156,! [1] 55.75219999999999! ]! },! "useragent" => {! "name" => "Chrome",! "os" => "Mac OS X 10.9.1",! "os_name" => "Mac OS X",! "os_major" => "10",! "os_minor" => "9",! "device" => "Other",! "major" => "32",! "minor" => "0",! "patch" => "1700"! }! }

  41. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Example: Web server log files "message" => "83.149.9.216 - - [28/May/2014:16:13:42 -0500] \"GET / presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1\" 200 203023 \"http://semicomplete.com/presentations/logstash- monitorama-2013/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/ 537.36\”",! ! "@version" => "1",! "@timestamp" => "2014-05-28T21:13:42.000Z",! "host" => "kryptic.local",! "clientip" => "83.149.9.216",! "ident" => "-",! "auth" => "-",! "timestamp" => "28/May/2014:16:13:42 -0500",! "verb" => "GET",! "request" => "/presentations/logstash-monitorama-2013/images/ kibana-search.png",! "httpversion" => "1.1",! "response" => "200",! "bytes" => "203023",! "referrer" => "\"http://semicomplete.com/presentations/logstash- monitorama-2013/\"",! "agent" => "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/ 537.36\"" grok

  42. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Example: Web server log files "message" => "83.149.9.216 - - [28/May/2014:16:13:42 -0500] \"GET / presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1\" 200 203023 \"http://semicomplete.com/presentations/logstash- monitorama-2013/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/ 537.36\”",! ! "@version" => "1",! "@timestamp" => "2014-05-28T21:13:42.000Z",! "host" => "kryptic.local",! "clientip" => "83.149.9.216",! "ident" => "-",! "auth" => "-",! "timestamp" => "28/May/2014:16:13:42 -0500",! "verb" => "GET",! "request" => "/presentations/logstash-monitorama-2013/images/ kibana-search.png",! "httpversion" => "1.1",! "response" => "200",! "bytes" => "203023",! "referrer" => "\"http://semicomplete.com/presentations/logstash- monitorama-2013/\"",! "agent" => "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/ 537.36\"" grok date

  43. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Example: Web server log files "geoip" => {! "ip" => "83.149.9.216",! "country_code2" => "RU",! "country_code3" => "RUS",! "country_name" => "Russian Federation",! "continent_code" => "EU",! "region_name" => "48",! "city_name" => "Moscow",! "latitude" => 55.75219999999999,! "longitude" => 37.6156,! "timezone" => "Europe/Moscow",! "real_region_name" => "Moscow City",! "location" => [! [0] 37.6156,! [1] 55.75219999999999! ]! },! "useragent" => {! "name" => "Chrome",! "os" => "Mac OS X 10.9.1",! "os_name" => "Mac OS X",! "os_major" => "10",! "os_minor" => "9",! "device" => "Other",! "major" => "32",! "minor" => "0",! "patch" => "1700"! } geoip useragent

  44. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited meetup.com RSVP stream • All RSVPs are written out to a HTTP stream • Each line is a JSON document ! • Available at http://stream.meetup.com/2/rsvps

  45. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited meetup.com RSVP stream

  46. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited meetup.com RSVP stream {! response: "yes",! member: { member_name: "Charlie “, member_id: 176530582 },! visibility: "public",! event: {! time: 1413270000000,! event_url: "http://www.meetup.com/2EuroBootCamp/events/212054422/",! event_id: “qsvrtkysnbsb", event_name: "Tuesday Morning Boot Camp"! },! guests: 0,! mtime: 1412774717000,! rsvp_id: 1477279032,! group: {! group_name: "2 Euro Boot Camp!!",! group_city: "Barcelona",! group_lat: 41.4, group_lon: 2.17,! group_urlname: "2EuroBootCamp",! group_id: 17456462,! group_country: "es",! group_topics: [ { urlkey: "fitness", topic_name: "Fitness" } ]! },! venue: {! lon: 1.58728,! venue_name: "Paque de la Espana Industrial",! venue_id: 22845382,! lat: 41.462646! }! }

  47. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited meetup.com RSVP stream # curl -s http://stream.meetup.com/2/rsvps | logstash agent -f logstash-meetup.conf! ! input {! stdin {! codec => json_lines! type => 'meetup'! }! }!

  48. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited meetup.com RSVP stream filter {! if [venue][lat] and [venue][lon] {! mutate {! add_field => [ "[venue][lonlat]", "%{[venue][lon]}",! "tmplat", "%{[venue][lat]}" ]! }! mutate { merge => [ "[venue][lonlat]", "tmplat" ] }! mutate {! convert => [ "[venue][lonlat]", "float" ]! remove => [ "tmplat" ]! }! }! ! metrics {! meter => "meetup.country.%{[group][group_country]}"! meter => "meetup.country.total"! add_tag => "metric"! flush_interval => 60! }! }

  49. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited meetup.com RSVP stream output {! if "metric" in [tags] {! stdout {! codec => rubydebug! }! elasticsearch {! host => 'localhost'! index => 'metrics'! protocol => 'http'! }! }! if [type] == "meetup" {! elasticsearch {! host => 'localhost'! index => 'meetups'! protocol => 'http'! }! }! }

  50. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited wikipedia edits • wikipedia has a changes stream • constantly posted in an IRC channel

  51. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited wikipedia edits input {! irc {! type => 'wikipedia'! host => 'irc.wikimedia.org'! nick => 'logstash-wikipedia'! channels => ['#de.wikipedia']! }! }

  52. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited wikipedia edits filter {! # remove some weird encoding stuff from IRC! mutate {! gsub => [! "message", "\u000302", "",! "message", "\u000303", "",! "message", "\u000307", "",! "message", "\u000310", "",! "message", "\u000314", "",! "message", "\u00034", "",! "message", "\u00035", "",! "message", "\u0003", ""! ]! }! # extract page and user! grok {! match => [ "message", "\[\[%{GREEDYDATA:page}\]\]%{GREEDYDATA} \* %{GREEDYDATA:user} \* %{GREEDYDATA}" ]! }! }

  53. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited wikipedia edits output {! stdout {! codec => line {! format => 'Page: %{page}'! }! }! elasticsearch {! host => 'localhost'! index => 'wikipedia-edits'! protocol => 'http'! }! }

  54. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited wikipedia edits » logstash agent -f logstash-wikipedia.conf! ! Page: Yamaha Aerox! Page: Neues Beginnen - Blätter internationaler Sozialisten! Page: Portal Diskussion:Fußball! Page: Saputo! Page: Portal:Phantastik/Mitarbeiten! Page: Gesetz über den Einsatz der Informations- und Kommunikationstechnik in der öffentlichen Verwaltung! Page: Spvg Plettenberg! Page: Pflanzen gegen Zombies: Garden Warfare! Page: Wasserstandsanzeiger Bremerhaven

  55. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited sysdig • sysdig is a system call tracer (tcpdump for syscalls) • powerful query language • very useful for system tracing (intrusions, performance tracing, weird behaviour) ! • See http://www.sysdig.org/

  56. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited sysdig • Easy to find things ! ! ! • Now do this for all machines... # sysdig -r dumpfile.scap "evt.type = open and evt.arg.name contains /usr/sbin"! ! 2122 13:54:01.755117599 0 bash (1633) < open fd=3(<f>/usr/sbin/ hacked) name=/usr/sbin/hacked flags=262(O_TRUNC|O_CREAT|O_WRONLY) mode=0

  57. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited sysdig input { stdin { } }! ! filter {! ! grok {! pattern => "^%{NUMBER:num:int} %{NUMBER:time:float} %{INT:cpu:int} % {NOTSPACE:procname} %{NOTSPACE:tid} (?<direction>[<>]) %{WORD:event} % {DATA:args}$"! }! ! date { match => [ "time", "UNIX" ] }! ! if [args] {! kv {! source => "args"! remove_field => "args"! }! }! }! output {! elasticsearch {! protocol => http! index => "sysdig-%{+YYYY.MM.dd}"! }! }

  58. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited sysdig

  59. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited sysdig

  60. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited sysdig

  61. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Summary

  62. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Summary • Do not create data silos. Free your data! • Make sure data is easy to query, not to store • Visualize ! • Find your use-case: Business, system administration, your app... it’s versatile!

  63. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Soon... • Kibana 4... is going to be huge • Elasticsearch 1.4.0.Beta1 has been released • Logstash going towards 1.5.0

  64. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana 4

  65. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana 4

  66. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana 4

  67. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana 4

  68. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana 4

  69. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Getting up & running is easy • Download Elasticsearch, logstash & Kibana archives # elasticsearch-1.4.0.Beta1/bin/elasticsearch! ! # kibana-4.0.0-BETA1/bin/kibana! ! # logstash-1.4.2/bin/logstash agent -f logstash.conf! ! # open localhost:5601

  70. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Thanks for listening! Q & A P.S. We’re hiring http://elasticsearch.com/about/jobs ! P.P.S. We’re helping http://elasticsearch.com/support http://elasticsearch.com/training Alexander Reelsen @spinscale alexander.reelsen@elasticsearch.com