Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The ELK Stack: For Real-Time Enlightenment

Elasticsearch Inc
April 17, 2014
Technology
4
3.2k

The ELK Stack: For Real-Time Enlightenment

Presented by Kevin Kluge at the DevNation 2014 Conference.

In this session, you’ll learn how the combined forces of the Elasticsearch, Logstash and Kibana (the ELK Stack) can enable you to mine business intelligence information from disparate data streams—in real-time. We’ll examine these concepts through the lens of real-world implementations of the ELK stack by users like GitHub, Mozilla, and Wikipedia. And we’ll cover forthcoming developments in the Elasticsearch product family, including the latest features in the milestone 1.0 release and beyond.

You’ll leave this session with a better understanding of how the ELK can make harvesting, searching, and visualizing your data simple, while also discovering the key metrics that will make your projects more successful.

Elasticsearch Inc

April 17, 2014
Tweet

More Decks by Elasticsearch Inc

See All by Elasticsearch Inc
OSCON: Scaling a distributed engineering team from 50-250
elasticsearch
13
1.3k
Stuff a Search Engine Can Do
elasticsearch
17
1.6k
Using Elastic to monitor anything
elasticsearch
3
1.5k
Log all the things!
elasticsearch
4
1.1k
Why Elastic? @ 50th Vinitaly 2016
elasticsearch
5
1.9k
What's New In Elasticland?
elasticsearch
3
810
Kibana, Timelion, Graph Meetup
elasticsearch
3
760
Elastic for Time Series Data and Predictive Analytics
elasticsearch
4
3k
Elastic 2.0
elasticsearch
1
730

Other Decks in Technology

See All in Technology
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
1
240
競技としてのKaggle、役に立つKaggle
yu4u
3
1.7k
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
1
280
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
170
リテール金融(キャッシュレス・ネット銀行・ネット証券)の競争環境と経済圏
8maki
0
1.2k
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
350
APIファーストなプロダクトマネジメントの実践 〜SaaSus Platformでの例〜 / "Practicing API-First Product Management - An Example with SaaSus Platform
oztick139
0
110
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
260
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
760
Python と Snowflake はズッ友だょ!~ Snowflake の Python 関連機能をふりかえる ~
__allllllllez__
1
120
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
Reducing Cross-Zone Egress at Spotify with Custom gRPC Load Balancing Recap
koh_naga
0
210

Featured

See All Featured
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
Done Done
chrislema
178
15k
Navigating Team Friction
lara
178
13k
Git: the NoSQL Database
bkeepers
PRO
422
63k
The Cult of Friendly URLs
andyhume
74
5.7k
Debugging Ruby Performance
tmm1
70
11k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
14
1.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
Gamification - CAS2011
davidbonilla
76
4.6k
Thoughts on Productivity
jonyablonski
58
3.8k
A designer walks into a library…
pauljervisheath
200
23k
The Language of Interfaces
destraynor
151
23k

Transcript

  1. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kevin Kluge @kevinkluge [email protected] The ELK Stack for Real Time Enlightenment

  2. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Elasticsearch in 10 seconds • Schema-free, REST & JSON based document store • Distributed and horizontally scalable • Open Source: Apache License 2.0 • Zero configuration • Written in Java, extensible

  3. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited Unstructured search

  4. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited Aggregation to find languages

  5. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited Structured search

  6. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited Enrichment

  7. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited Sorting

  8. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited Pagination

  9. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited Suggestions

  10. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Installation & first steps

  11. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited 2 minutes to live $ wget https://download.elasticsearch.org/... $ tar -xf elasticsearch-1.0.1.tar.gz $ ./elasticsearch-1.1.1/bin/elasticsearch ... [2014-04-16 14:53:11,508][INFO ][node] [Scanner] started ... Also puppet modules and RPM/DEB

  12. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Is it alive? » curl localhost:9200 { "status" : 200, "name" : "Scanner", "version" : { "number" : “1.1.1", "build_hash" : "e018cda7e7a32643d59e0ac3cdb412ccc239af04", "build_timestamp" : "2014-04-14T15:11:47Z", "build_snapshot" : true, "lucene_version" : “4.7.2" }, "tagline" : "You Know, for Search" }

  13. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited » curl -XPUT localhost:9200/books/book/1 -d ' { "title" : "Elasticsearch - The definitive guide", "authors" : "Clinton Gormley", "started" : "2013-02-04", "pages" : 230 }' Create…

  14. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited » curl -XPUT localhost:9200/books/book/1 -d ' { "title" : "Elasticsearch - The definitive guide", "authors" : [ "Clinton Gormley", "Zachary Tong" ], "started" : "2013-02-04", "pages" : 230 }' Update…

  15. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Delete… » curl -X DELETE localhost:9200/books/book/1 Realtime GET… » curl —X GET localhost:9200/books/book/1 » curl —X GET localhost:9200/books/book/1/_source

  16. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Search » curl -XGET localhost:9200/books/_search?q=elasticsearch { "took" : 2, "timed_out" : false, "_shards" : { "total" : 5, "successful" : 5, "failed" : 0 }, "hits" : { "total" : 1, "max_score" : 0.076713204, "hits" : [ { "_index" : “books", "_type" : “book", "_id" : "1", "_score" : 0.076713204, "_source" : { "title" : "Elasticsearch - The definitive guide", "authors" : [ "Clinton Gormley", "Zachary Tong" ], "started" : “2013-02-04", "pages" : 230 } } ] } }

  17. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited » curl -XGET ‘localhost:9200/books/book/_search' -d '{ "query": { "filtered" : { "query" : { "match": { "text" : { "query" : “To Be Or Not To Be", "cutoff_frequency" : 0.01 } } }, "filter" : { "range": { "price": { "gte": 20.0 "lte": 50.0 ... } }' Search - Query DSL

  18. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Distributed and scalable

  19. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Basic terms • Index Logical collection of data; might be time based Analogous to a database • Sharding Split logical data over several machines Write scalability Control data flows • Replication Read scalability Removing SPOF

  20. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Shards and replicas node 1 orders products 1 4 1 2 2 2 curl  -­‐X  PUT  localhost:9200/orders  -­‐d  '{      "settings.index.number_of_shards"  :  4      "settings.index.number_of_replicas"  :  1   }' curl  -­‐X  PUT  localhost:9200/products  -­‐d  '{      "settings.index.number_of_shards"  :  2      "settings.index.number_of_replicas"  :  0   }'

  21. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Shards and replicas node 1 orders products 1 4 1 node 2 orders products 2 2 3 4 1 2 3

  22. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Automatic leveling node 1 orders products 2 1 4 1 node 2 orders products 2 2 node 3 orders products 3 4 1 3

  23. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Cluster management • Single master at any point in time Responsible for cluster state (node entry, mappings) • Multicast based discovery (optionally unicast) • Configuration is required here Tell each node the name of the cluster to join Set minimum master nodes • Tip: reserve 3 nodes for master role and do not put data on them

  24. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Sizing a cluster or node • Data and operation dependent How big are your documents? How many fields in them? What is your query rate? Do you do facets/aggregations, sorting, custom scoring? What is your write rate? Do you delete documents? Update them? Is the data time-based? • Test on one node, no replicas Look at shard size, JVM heap usage and GC frequency, number of shards/node, docs per shard, CPU util, disk util, index pattern • Tip: 30 GB heap

  25. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Deployment architecture • Above shows local disk; SAN OK • Tip: clusters spanning high latency WANs are not recommended. Cross-zone in EC2 is OK. ! Your app ES Data 1 ES Data N ... ES Master; no data ! Your app ... ES Master; no data ES Master; no data High Speed Network ES Node Client ES Node Client

  26. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Elasticsearch use-cases

  27. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited What is data? • Whatever provides value for your business ! • Domain data Internal: Orders, products External: Social media streams, email • Application data Log files Metrics

  28. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Use-case: Product Catalog Analytics

  29. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Analytics • Aggregation of information • Facets are one dimensional Categories/brands/material of all results of this query • Questions are multidimensional Average revenue per product category per day • Elasticsearch 1.0 has aggregations Nested facets Basic stats (mean, min/max, std dev, term counts) Significant terms, Percentiles, Cardinality estimations

  30. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Create knowledge from data • Orders How many orders were created every day in the last month? How many orders were created per state per day in the last month? • Revenue What is the average revenue per shopping cart? What is the average shopping cart size per order per hour? • Tip: bring together multiple sources of data, especially time-series data, then compare

  31. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Ecosystem • Plugins Many third party plugins available • Clients for many languages Ruby, python, php, perl, javascript, (.NET coming) Scala, clojure, go • Kibana • Logstash • Hadoop integration

  32. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2013. Copying, publishing and/or distributing without written permission is strictly prohibited

  33. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited REST-based management • Interact with server via REST for management • Elasticsearch is full of monitoring APIs Everything is returned as JSON

  34. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Monitor your cluster with Marvel • Point in time views are a start • Marvel shows historical trends • Visualize cluster behavior, act before problems ! • Free for development, $500/year for up to 5 nodes

  35. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Overview

  36. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Node statistics

  37. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Index statistics

  38. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Sense

  39. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Log analysis with Logstash and Kibana

  40. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Logstash in 10 seconds • Managing events and logs • Collect, parse, enrich, store data • Modular: many, many inputs and outputs • Apache License 2.0 • Ruby app (JRuby) • Part of Elasticsearch family

  41. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited What is a log? • Time-based data • This data is everywhere! Server logs Twitter stream Financial transactions Metric / monitoring data ... • Log all things

  42. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Why collect & centralize logs? • Access log files without system access • Shell scripting: Too limited or slow • Using unique ids for errors, aggregate it across your stack • Reporting (everyone can create his/her own report) • Tip: Unify your data to make it easily searchable

  43. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Logstash architecture Logstash Input Output Filter ? ? collect and split alter and enrich store and visualize

  44. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Inputs • Monitoring: collectd, graphite, ganglia, snmptrap, zenoss • Datastores: elasticsearch, redis, sqlite, s3 • Queues: rabbitmq, zeromq • Logging: eventlog, lumberjack, gelf, log4j, relp, syslog, varnish log • Platforms: drupal_dblog, gemfire, heroku, sqs, s3, twitter • Local: exec, generator, file, stdin, pipe, unix • Protocol: imap, irc, stomp, tcp, udp, websocket, wmi, xmpp

  45. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Filters • alter, anonymize, checksum, csv, drop, multiline • dns, date, extractnumbers, geoip, i18n, kv, noop, ruby, range • json, urldecode, useragent • metrics, sleep • … many, many more …

  46. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Outputs • Store: elasticsearch, gemfire, mongodb, redis, riak, rabbitmq • Monitoring: ganglia, graphite, graphtastic, nagios, opentsdb, statsd, zabbix • Notification: email, hipchat, irc, pagerduty, sns • Protocol: gelf, http, lumberjack, metriccatcher, stomp, tcp, udp, websocket, xmpp • External Monitoring: boundary, circonus, cloudwatch, datadog, librato • External service: google big query, google cloud storage, jira, loggly, riemann, s3, sqs, syslog, zeromq • Local: csv, exec, file, pipe, stdout, null

  47. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Simple example • Download, install, create config and run input {! stdin {}! }! ! output {! stdout { debug => true }! } echo foo | java -jar logstash-1.4.0-flatjar.jar agent -f simple.conf! {! "message" => "foo",! "@version" => "1",! "@timestamp" => "2014-04-15T13:30:59.648Z",! "host" => "kryptic.fritz.box"! } simple.conf

  48. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Simple filter with grok input {! stdin {}! }! ! filter {! grok {! match => [ "message", "%{WORD:firstname} %{WORD:lastname} %{NUMBER:age}" ]! }! }! ! output {! stdout { debug => true }! }

  49. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Simple filter with grok echo "Alexander Reelsen 30" | java -jar logstash-1.3.3-flatjar.jar agent -f sample-2.conf! {! "message" => "Alexander Reelsen 30",! "@version" => "1",! "@timestamp" => "2014-01-21T16:56:02.502Z",! "host" => "kryptic",! "firstname" => "Alexander",! "lastname" => "Reelsen",! "age" => "30"! }

  50. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Syslog example with grok input { stdin {} }! ! filter {! grok {! match => { "message" => "% {SYSLOGTIMESTAMP:syslog_timestamp} % {SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[% {POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }! }! date {! match => [ "syslog_timestamp", ! "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]! }! }! ! output { stdout { debug => true } }

  51. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Syslog example with grok cat sample-syslog.txt| java -jar logstash-1.3.3- flatjar.jar agent -f sample-syslog.conf! {! "message" => "Jun 10 04:04:01 lvps109-104-93-171 postfix/smtpd[11105]: connect from mail-we0-f196.google.com[74.125.82.196]",! "@version" => "1",! "@timestamp" => "2014-06-10T04:04:01.000+02:00",! "host" => "kryptic.local",! "syslog_timestamp" => "Jun 10 04:04:01",! "syslog_hostname" => "lvps109-104-93-171",! "syslog_program" => "postfix/smtpd",! "syslog_pid" => "11105",! "syslog_message" => "connect from mail-we0- f196.google.com[74.125.82.196]"! } Jun 10 04:04:01 lvps109-104-93-171 postfix/smtpd[11105]: connect from mail-we0-f196.google.com[74.125.82.196]

  52. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited CLF log files {! "message" => "193.99.144.85 - - [23/Jan/2014:17:11:55 +0000] \"GET / HTTP/1.1\" 200 140 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.5 Safari/ 535.19\"",! "@version" => "1",! "@timestamp" => "2014-01-24T07:56:02.460Z",! "host" => "kryptic.local",! "clientip" => "193.99.144.85",! "ident" => "-",! "auth" => "-",! "timestamp" => "23/Jan/2014:17:11:55 +0000",! "verb" => "GET",! "request" => "/",! "httpversion" => "1.1",! "response" => "200",! "bytes" => "140",! "referrer" => "\"-\"",! "agent" => "\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.5 Safari/ 535.19\""! }

  53. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited CLF written to elasticsearch input { stdin {} }! ! filter {! grok {! match => [ message, "%{COMBINEDAPACHELOG}" ]! }! }! ! output {! elasticsearch_http {}! }

  54. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Deploying ELK for scale Shipper Logstash Store/Search Visualize

  55. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Add a broker Shipper Logstash Store/Search Visualize Broker Brokers help with scale and stability by buffering the input and protecting against output downtime. ! Tip: set limits on broker queue to push back on source as well.

  56. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Scale out the shipper Shipper Logstash Store/Search Visualize Broker Shipper Shipper

  57. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Scale out the broker Shipper Logstash Store/Search Visualize Broker Shipper Shipper Broker Broker

  58. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Scale out Logstash Shipper Logstash Store/Search Visualize Broker Shipper Shipper Broker Broker Logstash Logstash

  59. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Scale out Elasticsearch Shipper Logstash Store/Search Visualize Broker Shipper Shipper Broker Broker Logstash Logstash Store/Search

  60. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Logstash scaling • Events get passed via Ruby SizedQueue • input/worker/output threads, can be configured • Each input is one thread, unless explicitly configured • One worker thread by default, use -w to change • Output is a single thread (some outputs have their own queueing thread) ! http://logstash.net/docs/1.3.3/life-of-an-event

  61. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Visualize with Kibana

  62. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Kibana in 10 seconds • Visualize data in Elasticsearch • See real-time updates to the data • Build custom charts and dashboards • Apache License 2.0 • Runs in browser (Chrome, FF, IE, Safari) • Part of Elasticsearch family

  63. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Heartbleed • Following Twitter #Heartbleed in real time • Using the ELK stack • Thanks to Om • http://palakonda.org/author/web4by2/

  64. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Use the Twitter input From http://palakonda.org/2014/04/15/real-time-stats-for-heartbleed-on-twitter-with-logstash-elasticsearch-and-kibana/ INPUT {! TWITTER {! CONSUMER_KEY => ""! CONSUMER_SECRET => ""! KEYWORDS => ["#HEARTBLEED","HEARTBLEED","HEARTBLEED.COM"]! OAUTH_TOKEN => ""! OAUTH_TOKEN_SECRET => ""! TAGS => ["#HEARTBLEED"]! TYPE => "HEARTBLEED"! }! }!

  65. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Heartbleed - mentions From http://palakonda.org/2014/04/15/real-time-stats-for-heartbleed-on-twitter-with-logstash-elasticsearch-and-kibana/

  66. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Heartbleed - with OpenSSL From http://palakonda.org/2014/04/15/real-time-stats-for-heartbleed-on-twitter-with-logstash-elasticsearch-and-kibana/

  67. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Kibana

  68. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Kibana

  69. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission is strictly prohibited Kibana

  70. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited Useful helpers • Curator: index management http://www.elasticsearch.org/blog/curator-tending-your-time-series-indices/ • Puppet module https://github.com/elasticsearch/puppet-logstash • Logstash forwarder: low overhead collector https://github.com/elasticsearch/logstash-forwarder • Logstash cookbook http://cookbook.logstash.net/

  71. Copyright Elasticsearch 2014. Copying, publishing and/or distributing without written permission

    is strictly prohibited More info • Github: https://github.com/elasticsearch Code, issues there • Mailing lists Google groups, logstash-users and elasticsearch • IRC channels #logstash and #elasticsearch on freenode • We’re hiring! [email protected]