Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kibana4でいろんなデータを見てみよう

Avatar for Jun Ohtani Jun Ohtani
April 13, 2015
Technology
4.6k
0

 Kibana4でいろんなデータを見てみよう

JJUG CCC 2015 Springでの発表資料です。

Kibana4についてはデモを行ったため説明は少ないです。

Avatar for Jun Ohtani

Jun Ohtani

April 13, 2015

More Decks by Jun Ohtani

See All by Jun Ohtani
Elastic Stackでマイクロサービス運用を
楽にするには? / Monitoring Microservices with Elastic Stack
Avatar for Jun Ohtani johtani
5
3.1k
様々なメトリクスやログを集めてシステム解析 - Elastic Stackの入門と活用 - / Getting started Elastic Stack for logging/metrics
Avatar for Jun Ohtani johtani
4
1.1k
え?SQLで入門?する
 ElasticsearchとElastic Stack / Getting started Elastic Stack with SQL
Avatar for Jun Ohtani johtani
4
1.2k
Elastic Stack 入門 2018.09 / Getting started Elastic Stack 2018.09
Avatar for Jun Ohtani johtani
3
3k
What's new in Elastic Stack 6.3
Avatar for Jun Ohtani johtani
2
2.4k
Elastic Stackで始めるJavaアプリのパフォーマンス監視 / Intro Elastic Stack and Elastic APM Java
Avatar for Jun Ohtani johtani
5
2.6k
様々なメトリクスやログを集めてシステム解析 
- Elastic Stackの入門と活用 - / Intro Elastic Stack
Avatar for Jun Ohtani johtani
0
190
Intro Elastic Stack at Telemetry WG
Avatar for Jun Ohtani johtani
0
300
What's new in Elastic Stack 6.1?
Avatar for Jun Ohtani johtani
0
770

Other Decks in Technology

See All in Technology
FinOps × AIエージェントで実現する コストインシデントの自動調査
Avatar for T.REX oasis1994liveforever
0
140
Kiroで書いた 設計書 が AI レビューの 採点基準 になる
Avatar for shinji ezaki ezaki
0
110
MUSUBI 田中裕一『AIと共に行う「しごとのリデザイン」- スモールバックオフィス編』AI Ops Lab #4
Avatar for MUSUBI musubi
0
170
エンジニアリング戦略の作り方 / Crafting Engineering Strategy
Avatar for iwashi iwashi86
21
6.9k
2026TECHFRESH畢業分享會 - Lightning Talk - E起 See See : 電商推薦讀心術? 數據說了算
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
990
Bedrock AgentCore RuntimeでAuth0 Changelog調査AIをアップグレードした話
Avatar for t.t t5u8a5a
1
130
気づかぬうちにセキュリティ負債を生むAPIキー運用
Avatar for Michitaka Sugawara sgwrmctk
0
120
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
Avatar for MasahiroKawahara masahirokawahara
1
290
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
2k
2026TECHFRESH畢業分享會 - Lightning Talk - 打造精準高效的 MCP 設計模式與測試實務
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
990
エラーバジェットのアラートのタイミングを考える.pdf
Avatar for KairiM kairim0
0
150
LayerX コーポレートエンジニアリング室におけるサプライチェーンセキュリティへの取り組み / Supply Chain Security at LayerX Corporate Engineering
Avatar for Yuya Takeyama yuyatakeyama
0
150

Featured

See All Featured
The browser strikes back
Avatar for Jono Alderson jonoalderson
0
1.2k
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
780
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
850
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
Avatar for Ryan Jones ryanjones
0
160
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
6k
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
1
3.6M
Mind Mapping
Avatar for Hélio Medeiros helmedeiros
PRO
1
250
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
76
5.2k
Amusing Abliteration
Avatar for ianozsvald ianozsvald
1
200
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
720
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
Avatar for UX Y'all uxyall
0
320
Navigating Weather and Climate Data
Avatar for Ryan Abernathey rabernat
0
220

Transcript

  1. ͍ΖΜͳσʔλΛKibana4ͰݟͯΈΑ͏ Jun Ohtani @johtani 2015/04/11

  2. None

  3. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 3 about • Me, Jun Ohtani / Technical Adovocate – lucene-gosenίϛολʔ – ElasticSearch Server೔ຊޠ൛ͷ຋༁ – elasticsearch-extended-analysisͷ։ൃ – http://blog.johtani.info • Elasticsearch, founded in 2012 – Products: Elasticsearch, Logstash, Kibana, Marvel
 Professional services: Support & development subscriptions – Trainings

  4. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 4 ΞδΣϯμ • ELK stack঺հ • Logstash • Elasticsearch • Kibana • ϢʔεέʔεʴσϞ • ΞΫηεϩά • Twitter Stream • …

  5. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 5 ELK stack ELK stack

  6. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 6 ELK stack Data Import/Parse/ Export Store/Search Visualize

  7. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 7 ELK stack Import/Parse/ Export Store/Search Visualize Data

  8. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 8 Logstash Logstash

  9. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 9 Logstash in 10 seconds • ϩάɾσʔλͷऩूɾ؅ཧ • ऩूɺύʔεɾՃ޻ɺૹग़ • ΦʔϓϯιʔεɿApache License 2.0 • Ruby app (JRuby) • ࠷৽൛ɿ1.4.2 or 1.5.0 RC2

  10. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 10 Logstash architecture Logstash Input Output Filter ? ? collect  and  split alter  and  enrich store  and  visualize

  11. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 11 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  12. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 12 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  13. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 13 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  14. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 14 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  15. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 15 μ΢ϯϩʔυͱىಈ $ wget https://download.elastic.co/... $ tar -xf logstash-1.5.0-rc2.tar.gz $ ./bin/logstash -e 'input { stdin{}} output {stdout{}}' ... Logstash startup completed ... Also puppet modules and RPM/DEB

  16. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 16 ELK stack Import/Parse/ Export Store/Search Visualize Data

  17. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 17 Elasticsearch Elasticsearch

  18. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 18 ϑϦʔϫʔυݕࡧ

  19. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 19 ߜΓࠐΈ

  20. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 20 ϋΠϥΠτ

  21. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 21 ιʔτ

  22. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 22 ϖʔδϯά

  23. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 23 ूܭ

  24. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 24 αδΣετ

  25. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 25 Elasticsearch in 10 seconds • εΩʔϚϑϦʔɺ෼ࢄυΩϡϝϯτετΞɺREST & JSON • Φʔϓϯιʔε: Apache License 2.0 • ઃఆͳ͠Ͱ؆୯ʹࢼ͢͜ͱ͕Մೳ • JavaͰ࣮૷ɻ֦ு΋༰қ

  26. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 26 μ΢ϯϩʔυͱىಈ $ wget https://download.elastic.co/... $ tar -xf elasticsearch-1.5.1.tar.gz $ ./elasticsearch-1.5.1/bin/elasticsearch ... [2015-04-10 10:02:17,278][INFO ][node] [Joseph] started ... Also puppet modules and RPM/DEB

  27. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 27 ELK stack Data Import/Parse/ Export Store/Search Visualize

  28. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 28 Kibana Kibana

  29. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 29 ࢖ͬͯ·͔͢ʁ Kibana3࢖ͬͯ·͔͢ʁ

  30. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 30 Kibana3

  31. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 31 Kibana3ʁ ·ͩKibana3࢖ͬͯΔΜͰ͔͢ʁ

  32. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 32 Kibana4 Kibana4

  33. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 33 ίϯηϓτ • σʔλΛ୳ࡧ • ୳ࡧͨ͠σʔλ͔ΒάϥϑΛ࡞੒ • άϥϑΛ૊Έ߹ΘͤͯμογϡϘʔυ࡞੒

  34. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 34 μ΢ϯϩʔυˍىಈ $ wget https://download.elastic.co/kibana… $ tar -xf kibana-4.0.2-darwin-x64.tar.gz $ ./kibana-4.0.2-darwin-x64/bin/kibana ... {"@timestamp":"2015-04-10T13:26:53.673Z","level":"info", "message":"Found kibana index","node_env":"production"} {"@timestamp":"2015-04-10T13:26:53.785Z","level":"info", "message":"Listening on 0.0.0.0:5601","node_env":"production"} ...

  35. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 35 ॳظը໘ http://localhost:5601/ ʹΞΫηε

  36. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 36 Discover • σʔλͷ୳ࡧΛߦ͏ը໘ • ͲΜͳϑΟʔϧυ͕͋Δ͔ • ݕࡧର৅ͷϑΟʔϧυɺσʔλͷछผ͕Θ͔Δ • ݕࡧͨ݁͠Ռ͸ͲΜͳσʔλ͔ • ݕࡧ৚݅ͷอଘ • ݕࡧ݁ՌͷΤΫεϙʔτ

  37. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 37 Visualize • ݕࡧ݁ՌΛݩʹάϥϑΛ࡞੒ • άϥϑͷλΠϓΛબ୒ • Y࣠ɺX࣠ͷબ୒ • Sub Aggregationͷબ୒ • άϥϑͷอଘ

  38. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 38 Dashboard • อଘͨ͠άϥϑΛ഑ஔɺϦαΠζ • μογϡϘʔυͷอଘɺڞ༗ • άϥϑͷ֤छ৘ใͷදࣔ – Table – Request – Response – Statistics

  39. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 39 Kibana3ͱͷҧ͍ • ෳ਺ͷΠϯσοΫεͷάϥϑΛ1ͭͷμογϡϘʔυʹ • ҟͳΔϑΟʔϧυͷ஋ΛҰͭͷάϥϑʹ • σʔλͷΤΫεϙʔτ • ݕࡧ৚݅ͷอଘ • Aggregation͕ར༻Մೳ

  40. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 40 ΞΫηεϩά ϢʔεέʔεɿΞΫηεϩά

  41. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 41 Dashboard

  42. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 42 ELK stack Data Import/Parse/ Export Store/Search Visualize

  43. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 43 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  44. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 44 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  45. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 45 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  46. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 46 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  47. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 47 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  48. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 48 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  49. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 49 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  50. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 50 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  51. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 51 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  52. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 52 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  53. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 53 ΞΫηεϩάɿLogstash Import/Parse/ Export Store/Search Visualize Data

  54. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 54 ઃఆɿinput input  {      file  {          path  =>  “/Users/johtani/sample/*_log"          start_position  =>  "beginning"      }   }

  55. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 55 1ߦ1σʔλ 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  56. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 56 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  57. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 57 ύʔε 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" {… "@timestamp": "2015-04-10T09:07:49.325Z", "clientip": "189.120.xx.xx", "ident": "-", "auth": "-", "timestamp": "02/Dec/2014:12:18:29 +0900", "verb": "GET", "request": "/manager/html", … "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" }

  58. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 58 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  59. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 59 ೔෇ͷύʔε {… "@timestamp": "2015-04-10T09:07:49.325Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", … } {… "@timestamp": "2014-12-02T03:18:29.000Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", … }

  60. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 60 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  61. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 61 IP͔ΒҢ౓ܦ౓ͳͲ෇༩ {… "clientip": "189.120.xx.xx", …} {… "clientip": "189.120.xx.xx", … "geoip": {        "ip":  “189.120.xxx.xxx”,   …          "country_name":  "Brazil",          "continent_code":  "SA",          "region_name":  "27",          "city_name":  "São  Paulo",          "latitude":  -­‐23.473299999999995,          "longitude":  -­‐46.66579999999999,   …

  62. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 62 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  63. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 63 ϢʔβΤʔδΣϯτͷύʔε {… "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" …} {… "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" … "useragent": { "name": "Firefox", "os": "Windows XP", "os_name": "Windows XP", "device": "Other", "major": "5", "minor": "0" } …

  64. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 64 ઃఆɿoutput output  {    elasticsearch  {          host  =>  "localhost"          index  =>  “demo_access_log-­‐%{+YYYY.MM.dd}”    }   }  

  65. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 65 ΞΫηεϩάɿelasticsearch Import/Parse/ Export Store/Search Visualize Data

  66. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 66 Index template {… "order": 0, "template": "demo_access_log-*", "settings": { "index.number_of_replicas": "0", "index.number_of_shards": "2" }, "mappings": { … }, "aliases": {} }, …

  67. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 67 Index template {… "mappings": { "_default_": { "dynamic_templates": [ { "string_template": { "mapping": { "index": "not_analyzed", "type": "string" }, "match_mapping_type": "string", "match": "*" } } ], …

  68. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 68 σϞ for Kibana4 Access Log demo for Kibana4

  69. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 69 πΠʔτ ϢʔεέʔεɿπΠʔτ

  70. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 70 ઃఆɿinput input{      twitter{      consumer_key  =>  “…….”      consumer_secret  =>  “……………………."      oauth_token  =>  “……..-­‐…………………….”      oauth_token_secret  =>  “……………………"      keywords  =>  ["ࡩ",  "։Ֆ",  "Ֆݟ"]   }  

  71. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 71 ઃఆɿoutput output  {    elasticsearch  {          host  =>  "localhost"          index  =>  “twitter-­‐%{+YYYY.MM.dd}”    }   }  

  72. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 72 σϞ for Kibana4 Twitter Stream demo for Kibana4

  73. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 73 Git log ϢʔεέʔεɿGit log

  74. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 74 git-log2es • GitHubͰެ։͞ΕͯͨͷͰɺར༻ͯ͠Έͨ • https://github.com/Etsukata/git-log2es

  75. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 75 ؾ৅ிͷؾ৅σʔλ ϢʔεέʔεɿؾԹσʔλ

  76. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 76 Elasticsearchͷϩά ϢʔεέʔεɿElasticsearchͷϩά

  77. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 77 Elasticsearchษڧձ

  78. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 78 ࢀߟจݙ • Elasticsearch - The Definitive guide – http://www.elasticsearch.com/guide/en/elasticsearch/ guide/current/index.html • ॻ੶ – ElasticSearchServer೔ຊޠ൛
 αʔό/ΠϯϑϥΤϯδχΞ
 ɹཆ੒ಡຊɹϩάऩू

  79. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 79 Q&A • Elasticsearch Document – http://www.elastic.co/guide/en/elasticsearch/ reference/current/index.html • Logstash Document – http://www.elastic.co/guide/en/logstash/current/ index.html • Kibana – http://www.elastic.co/guide/en/kibana/current/ index.html