Elastic Stackの紹介

‹#› 2016/11/15 Evangelist at Elastic Jun Ohtani @johtani Elastic Stackͷ঺հ

‹#›

ΞδΣϯμ • Elastic stackͷ঺հ • ֓ཁ • Ϣʔεέʔε • Elastic
stackͷଓ͚ํ 3

about • Me, Jun Ohtani / Technical Advocate ‒ lucene-gosenίϛολʔ
‒ ElasticSearch Server೔ຊޠ൛ͷ຋༁ ‒ http://blog.johtani.info  • Elasticsearch, founded in 2012 ‒ Products: Elasticsearch, Logstash, Kibana, Beats   X-Pack(Marvel, Shield, Watcher, Graph)  Professional services: Support & development subscriptions ‒ Trainings 4

࣭໰ͦͷ1 • ElasticsearchΛ஌͍ͬͯΔ͔Ͳ͏͔ • ฉ͍ͨ͜ͱ͢Βͳ͍ • ฉ͍ͨ͜ͱ͸͋Δ͕ɺ৮ͬͨ͜ͱ͸ͳ͍ • ฉ͍ͨ͜ͱ͸͋Δ͠ɺগ͚ͩ͠ࢼͨ͠ •
ຊ൪؀ڥͰӡ༻த • ฉ͍ͨ͜ͱʁͦΕͲ͜Ζ͔ɺύονʢϓϧϦΫʣॻ͖·ͬͯ͘Δ 5

࣭໰ͦͷ2 • ElasticsearchҎ֎ͷElastic StackΛ࢖ͬͨ͜ͱ͕͋Δ • ࢖ͬͨ͜ͱͳ͍ • Logstash • BeatsγϦʔζ
• Kibana • X-Pack 6

࣭໰ͦͷ3 • ElasticsearchҎ֎ͷElastic Stackʹ·ͭΘΔԿ͔Λ։ൃͨ͜͠ͱ͕͋Δ • Logstash • BeatsγϦʔζ • Kibana
• Elasticsearch • X-Pack 7

8 Elastic Stack

5.0 is here. All new versions. All aligned.

10 Kibana Elasticsearch Beats Logstash Security Alerting Monitoring Reporting X-Pack
Graph

11 Kibana Elasticsearch Beats Logstash X-Pack Elastic Cloud Security Alerting
Monitoring Reporting Graph

‹#› Ϣʔεέʔε1 ɹݕࡧͱͯ͠ͷElasticsearch

ϑϦʔϫʔυݕࡧ 13

ߜΓࠐΈ 14

ϋΠϥΠτ 15

ιʔτ 16

ϖʔδϯά 17

ूܭ 18

αδΣετ 19

elasticsearch ͞·͟·ͳܗࣜͷσʔλͰ GeoݕࡧՄೳ    Ң౓ܦ౓ɺGeoHashɺ GeoShape… GEO

21 Elasticsearch is the backbone across all of Wikimedia’s sites,
powering billions of real-time user prefix and full-text searches every day. “ ” Chad Horohoe Software Engineering

‹#› ؆୯ͳCRUD

σʔλొ࿥ 23 curl -XPUT localhost:9200/books/book/1 -d ' { "title" :
"Elasticsearch - The definitive guide", "authors" : "Clinton Gormley", "started" : "2013-02-04", "pages" : 230 }'

σʔλߋ৽ 24 curl -XPUT localhost:9200/books/book/1 -d ' { "title" :
"Elasticsearch - The definitive guide", "authors" : [ "Clinton Gormley", "Zachary Tong" ], "started" : "2013-02-04", "pages" : 230 }'

σʔλ࡟আ 25 curl -X DELETE localhost:9200/books/book/1 σʔλͷऔಘ curl —X GET
localhost:9200/books/book/1 curl —X GET localhost:9200/books/book/1/_source

ݕࡧ 26 curl -XGET localhost:9200/books/_search?q=elasticsearch { "took" : 2, "timed_out"
: false, "_shards" : { "total" : 5, "successful" : 5, "failed" : 0 }, "hits" : { "total" : 1, "max_score" : 0.076713204, "hits" : [ { "_index" : “books", "_type" : “book", "_id" : "1", "_score" : 0.076713204, "_source" : { "title" : "Elasticsearch - The definitive guide", "authors" : [ "Clinton Gormley", "Zachary Tong" ], "started" : “2013-02-04", "pages" : 230 } } ]

ݕࡧ - Query DSL 27 curl -XGET ‘localhost:9200/books/book/_search' -d '{
"query": { "filtered" : { "query" : { "match": { "text" : { "query" : “To Be Or Not To Be", "cutoff_frequency" : 0.01 } } }, "filter" : { "range": { "price": { "gte": 20.0 "lte": 50.0

‹#› ෼ࢄߏ੒ εέʔϧ

Basic terms • ΠϯσοΫε ‒ σʔλͷ࿦ཧతͳू߹ɻ  RDBͷσʔλϕʔεͷΑ͏ͳ΋ͷLogical • ϨϓϦέʔγϣϯ •
ಡΈࠐΈͷεέʔϥϏϦςΟ޲্ • SPOFͷղফ • γϟʔσΟϯά • ෳ਺Ϛγϯ΁σʔλΛ෼ׂ  ॻ͖ࠐΈͷεέʔϥϏϦςΟ޲্  σʔλϑϩʔ੍ޚ 29

γϟʔυͱϨϓϦΧ 30 node 1 orders products 1 4 1 2
2 3 curl -X PUT localhost:9200/orders -d '{ "settings.index.number_of_shards" : 4 "settings.index.number_of_replicas" : 1 }' curl -X PUT localhost:9200/products -d '{ "settings.index.number_of_shards" : 2 "settings.index.number_of_replicas" : 0 }'

γϟʔυͱϨϓϦΧ 31 node 1 orders products 1 4 1 node
2 orders products 2 2 3 4 1 2 3

ࣗಈతͳ෼ࢄ 32 node 1 orders products 2 1 4 1
node 2 orders products 2 2 node 3 orders products 3 4 1 3

‹#› ΫϥΠΞϯτϥΠϒϥϦ

ެࣜΫϥΠΞϯτϥΠϒϥϦ • Java • Ruby • PHP • Perl •
Python • .NET • JavaScript • Groovy 34

ΫϥΠΞϯτϥΠϒϥϦʢίϛϡχςΟʣ • Clojure • Cold Fusion • Erlang • Go
• Groovy • Haskell • Java • JavaScript • kotlin 35 • .NET • OCaml • Perl • PHP • Python • R • Ruby • Scala • Smalltalk • Vert.x

Elasticsearch - The Definitive guide    http://www.elastic.co/guide/en/ elasticsearch/guide/current/index.html 36 ৄ͘͠஌Γ͍ͨํ͸

‹#› Ϣʔεέʔε2 ɹղੳͱͯ͠ͷElasticsearch

Elastic stackʹΑΔσʔλ෼ੳ 38 σʔλ Import/Parse  /Export Store/Search Visualize

39 収集、リッチ化、転送ログおよび数値指標データセンサーおよびデバイスデータ Webおよびソーシャルデータデータストアおよびストリーム分析 Elasticsearch + 任意のデータストア
アラート Watcher+任意の通知ツール監視 Marvel+任意の監視ツールアーカイブ Hadoop+任意のクラウドストレージプラットフォーム

Logstash in 10 seconds • ϩάɾσʔλͷऩूɾ؅ཧ • ऩूɺύʔεɾՃ޻ɺૹग़ • ΦʔϓϯιʔεɿApache
License 2.0 • Ruby app (JRuby) 40

Logstash architecture 41 Input Output Filter ? ? collect and
split alter and enrich store and visualize

ઃఆ 42 input { … } filter { … }
output { … }

ઃఆɿinput 43 input { file { path => “/Users/johtani/sample/*_log" start_position
=> "beginning" } }

1ߦ1σʔλ 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1"
404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" 44

ઃఆɿfilter 45 filter { grok { match => { "message"
=> "%{COMBINEDAPACHELOG}" } break_on_match => false } date { match => ["timestamp", "dd/MMM/YYYY:HH:mm:ss Z"] locale => en } geoip { source => ["clientip"] } useragent { source => "agent" target => "useragent" } }

ύʔε 46 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/1.1"
404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" {… "@timestamp": "2015-04-10T09:07:49.325Z", "clientip": "189.120.xx.xx", "ident": "-", "auth": "-", "timestamp": "02/Dec/2014:12:18:29 +0900", "verb": "GET", "request": "/manager/html", … "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/

೔෇ͷύʔε 48 {… "@timestamp": "2015-04-10T09:07:49.325Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", …
} {… "@timestamp": "2014-12-02T03:18:29.000Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", … }

IP͔ΒҢ౓ܦ౓ͳͲ෇༩ 50 "clientip": "189.120.xx.xx", "clientip": "189.120.xx.xx", "geoip": { "ip": “189.120.xxx.xxx”,
… "country_name": "Brazil", "continent_code": "SA", "region_name": "27", "city_name": "São Paulo", "latitude":

ϢʔβΤʔδΣϯτͷύʔε 52 "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv: 5.0) Gecko/20100101
Firefox/5.0\"" "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv: 5.0) Gecko/20100101 Firefox/5.0\"" "useragent": { "name": "Firefox", "os": "Windows XP", "os_name": "Windows XP", "device": "Other", "major": "5", "minor": "0"

ઃఆɿoutput 53 output { elasticsearch { hosts => ["localhost"] index
=> “demo_access_log-%{+YYYY.MM.dd}” } }

KibanaͰՄࢹԽ 54

55 Elasticsearch, Logstash, and Kibana allow for real-time indexing, search,
and analytics for over 300 million events per day. This protects our network, services, and systems from security threats. “ ” Jeff Bryner, Security Engineer

Capture the Packet Packetbeat

Welcome to 1998 winlogbeat

Now winlogbeat

elasticsearch-hadoop 61 - •  D E H •  PD ecd
ER •  g D •  CH •  Ca M DMS D FERC

63 Elastic stackͷ ଓ͚ํ

‹#› ৘ใऩू

ެࣜͷࢀߟαΠτ • Ϣʔεέʔε • https://www.elastic.co/use-cases • DiscussʢWebϑΥʔϥϜʣ • https://discuss.elastic.co •
Elastic{ON}ͷϏσΦͱࢿྉ • https://www.elastic.co/elasticon/videos • αϙʔτϝχϡʔ • https://www.elastic.co/subscriptions 65

ࢀߟจݙ • Elasticsearch - The Definitive guide ‒ http://www.elastic.co/guide/en/elasticsearch/guide/current/index.html •
ॻ੶ʢ೔ຊޠʣ ‒ ElasticSearchServer೔ຊޠ൛  αʔό/ΠϯϑϥΤϯδχΞ  ɹཆ੒ಡຊɹϩάऩू 66

meetup.comʢษڧձʣ 67

͍ΖΜͳϒϩά • $shibayu36->blog; • http://blog.shibayu36.org/archive/category/elasticsearch • Wantedly Engineer Blog •
https://www.wantedly.com/companies/wantedly/post_articles/30216 • Hello Elasticsearch! • https://medium.com/hello-elasticsearch • ෆՄࢹ఺ • http://code46.hatenablog.com/entry/2014/01/21/115620 68

ΧϯϑΝϨϯε • ΦʔϓϯιʔεΧϯϑΝϨϯε  2017 Osaka • ೔࣌ɿ2017/01/27-28 • ৔ॴɿେࡕ࢈ۀ૑଄ؗ •
ηογϣϯͱϒʔε • http://www.ospn.jp/osc2017- osaka/ 69

‹#› ৘ใڞ༗

ίϛϡχςΟ׆ಈ • ษڧձʢͰൃදʣ • ษڧձʢͰ࠙਌ձʹ΋ࢀՃʣ • ϑΥʔϥϜʹࢀՃʢͯ͠ճ౴ʣ • Issue/Pull Requestͷ࡞੒
• υΩϡϝϯτͷमਖ਼ͱ͔΋͋Γ·͢Αʂ 71

Thanks for listening! Q & A 72 We’re hiring! https://www.elastic.co/about/careers/
We’re helping! https://www.elastic.co/subscriptions http://training.elastic.co

Elastic Stackの紹介

Elastic Stackの紹介

More Decks by Jun Ohtani

Other Decks in Technology

Featured

Transcript