Kibana4でいろんなデータを見てみよう

Transcript

1. ͍ΖΜͳσʔλΛKibana4ͰݟͯΈΑ͏ Jun Ohtani @johtani 2015/04/11

2. None

3. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

   permission is strictly prohibited 3 about • Me, Jun Ohtani / Technical Adovocate – lucene-gosenίϛολʔ – ElasticSearch Server೔ຊޠ൛ͷ຋༁ – elasticsearch-extended-analysisͷ։ൃ – http://blog.johtani.info • Elasticsearch, founded in 2012 – Products: Elasticsearch, Logstash, Kibana, Marvel
 Professional services: Support & development subscriptions – Trainings

4. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

   permission is strictly prohibited 4 ΞδΣϯμ • ELK stack঺հ • Logstash • Elasticsearch • Kibana • ϢʔεέʔεʴσϞ • ΞΫηεϩά • Twitter Stream • …

5. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

   permission is strictly prohibited 5 ELK stack ELK stack

6. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

   permission is strictly prohibited 6 ELK stack Data Import/Parse/ Export Store/Search Visualize

7. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

   permission is strictly prohibited 7 ELK stack Import/Parse/ Export Store/Search Visualize Data

8. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

   permission is strictly prohibited 8 Logstash Logstash

9. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

   permission is strictly prohibited 9 Logstash in 10 seconds • ϩάɾσʔλͷऩूɾ؅ཧ • ऩूɺύʔεɾՃ޻ɺૹग़ • ΦʔϓϯιʔεɿApache License 2.0 • Ruby app (JRuby) • ࠷৽൛ɿ1.4.2 or 1.5.0 RC2

10. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 10 Logstash architecture Logstash Input Output Filter ? ? collect  and  split alter  and  enrich store  and  visualize

11. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 11 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

12. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 12 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

13. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 13 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

14. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 14 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

15. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 15 μ΢ϯϩʔυͱىಈ $ wget https://download.elastic.co/... $ tar -xf logstash-1.5.0-rc2.tar.gz $ ./bin/logstash -e 'input { stdin{}} output {stdout{}}' ... Logstash startup completed ... Also puppet modules and RPM/DEB

16. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 16 ELK stack Import/Parse/ Export Store/Search Visualize Data

17. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 17 Elasticsearch Elasticsearch

18. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 18 ϑϦʔϫʔυݕࡧ

19. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 19 ߜΓࠐΈ

20. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 20 ϋΠϥΠτ

21. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 21 ιʔτ

22. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 22 ϖʔδϯά

23. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 23 ूܭ

24. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 24 αδΣετ

25. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 25 Elasticsearch in 10 seconds • εΩʔϚϑϦʔɺ෼ࢄυΩϡϝϯτετΞɺREST & JSON • Φʔϓϯιʔε: Apache License 2.0 • ઃఆͳ͠Ͱ؆୯ʹࢼ͢͜ͱ͕Մೳ • JavaͰ࣮૷ɻ֦ு΋༰қ

26. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 26 μ΢ϯϩʔυͱىಈ $ wget https://download.elastic.co/... $ tar -xf elasticsearch-1.5.1.tar.gz $ ./elasticsearch-1.5.1/bin/elasticsearch ... [2015-04-10 10:02:17,278][INFO ][node] [Joseph] started ... Also puppet modules and RPM/DEB

27. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 27 ELK stack Data Import/Parse/ Export Store/Search Visualize

28. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 28 Kibana Kibana

29. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 29 ࢖ͬͯ·͔͢ʁ Kibana3࢖ͬͯ·͔͢ʁ

30. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 30 Kibana3

31. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 31 Kibana3ʁ ·ͩKibana3࢖ͬͯΔΜͰ͔͢ʁ

32. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 32 Kibana4 Kibana4

33. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 33 ίϯηϓτ • σʔλΛ୳ࡧ • ୳ࡧͨ͠σʔλ͔ΒάϥϑΛ࡞੒ • άϥϑΛ૊Έ߹ΘͤͯμογϡϘʔυ࡞੒

34. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 34 μ΢ϯϩʔυˍىಈ $ wget https://download.elastic.co/kibana… $ tar -xf kibana-4.0.2-darwin-x64.tar.gz $ ./kibana-4.0.2-darwin-x64/bin/kibana ... {"@timestamp":"2015-04-10T13:26:53.673Z","level":"info", "message":"Found kibana index","node_env":"production"} {"@timestamp":"2015-04-10T13:26:53.785Z","level":"info", "message":"Listening on 0.0.0.0:5601","node_env":"production"} ...

35. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 35 ॳظը໘ http://localhost:5601/ ʹΞΫηε

36. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 36 Discover • σʔλͷ୳ࡧΛߦ͏ը໘ • ͲΜͳϑΟʔϧυ͕͋Δ͔ • ݕࡧର৅ͷϑΟʔϧυɺσʔλͷछผ͕Θ͔Δ • ݕࡧͨ݁͠Ռ͸ͲΜͳσʔλ͔ • ݕࡧ৚݅ͷอଘ • ݕࡧ݁ՌͷΤΫεϙʔτ

37. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 37 Visualize • ݕࡧ݁ՌΛݩʹάϥϑΛ࡞੒ • άϥϑͷλΠϓΛબ୒ • Y࣠ɺX࣠ͷબ୒ • Sub Aggregationͷબ୒ • άϥϑͷอଘ

38. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 38 Dashboard • อଘͨ͠άϥϑΛ഑ஔɺϦαΠζ • μογϡϘʔυͷอଘɺڞ༗ • άϥϑͷ֤छ৘ใͷදࣔ – Table – Request – Response – Statistics

39. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 39 Kibana3ͱͷҧ͍ • ෳ਺ͷΠϯσοΫεͷάϥϑΛ1ͭͷμογϡϘʔυʹ • ҟͳΔϑΟʔϧυͷ஋ΛҰͭͷάϥϑʹ • σʔλͷΤΫεϙʔτ • ݕࡧ৚݅ͷอଘ • Aggregation͕ར༻Մೳ

40. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 40 ΞΫηεϩά ϢʔεέʔεɿΞΫηεϩά

41. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 41 Dashboard

42. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 42 ELK stack Data Import/Parse/ Export Store/Search Visualize

43. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 43 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

44. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 44 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

45. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 45 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

46. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 46 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

47. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 47 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

48. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 48 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

49. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 49 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

50. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 50 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

51. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 51 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

52. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 52 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

53. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 53 ΞΫηεϩάɿLogstash Import/Parse/ Export Store/Search Visualize Data

54. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 54 ઃఆɿinput input  {      file  {          path  =>  “/Users/johtani/sample/*_log"          start_position  =>  "beginning"      }   }

55. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 55 1ߦ1σʔλ 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

56. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 56 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

57. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 57 ύʔε 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" {… "@timestamp": "2015-04-10T09:07:49.325Z", "clientip": "189.120.xx.xx", "ident": "-", "auth": "-", "timestamp": "02/Dec/2014:12:18:29 +0900", "verb": "GET", "request": "/manager/html", … "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" }

58. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 58 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

59. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 59 ೔෇ͷύʔε {… "@timestamp": "2015-04-10T09:07:49.325Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", … } {… "@timestamp": "2014-12-02T03:18:29.000Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", … }

60. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 60 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

61. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 61 IP͔ΒҢ౓ܦ౓ͳͲ෇༩ {… "clientip": "189.120.xx.xx", …} {… "clientip": "189.120.xx.xx", … "geoip": {        "ip":  “189.120.xxx.xxx”,   …          "country_name":  "Brazil",          "continent_code":  "SA",          "region_name":  "27",          "city_name":  "São  Paulo",          "latitude":  -­‐23.473299999999995,          "longitude":  -­‐46.66579999999999,   …

62. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 62 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

63. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 63 ϢʔβΤʔδΣϯτͷύʔε {… "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" …} {… "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" … "useragent": { "name": "Firefox", "os": "Windows XP", "os_name": "Windows XP", "device": "Other", "major": "5", "minor": "0" } …

64. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 64 ઃఆɿoutput output  {    elasticsearch  {          host  =>  "localhost"          index  =>  “demo_access_log-­‐%{+YYYY.MM.dd}”    }   }  

65. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 65 ΞΫηεϩάɿelasticsearch Import/Parse/ Export Store/Search Visualize Data

66. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 66 Index template {… "order": 0, "template": "demo_access_log-*", "settings": { "index.number_of_replicas": "0", "index.number_of_shards": "2" }, "mappings": { … }, "aliases": {} }, …

67. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 67 Index template {… "mappings": { "_default_": { "dynamic_templates": [ { "string_template": { "mapping": { "index": "not_analyzed", "type": "string" }, "match_mapping_type": "string", "match": "*" } } ], …

68. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 68 σϞ for Kibana4 Access Log demo for Kibana4

69. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 69 πΠʔτ ϢʔεέʔεɿπΠʔτ

70. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 70 ઃఆɿinput input{      twitter{      consumer_key  =>  “…….”      consumer_secret  =>  “……………………."      oauth_token  =>  “……..-­‐…………………….”      oauth_token_secret  =>  “……………………"      keywords  =>  ["ࡩ",  "։Ֆ",  "Ֆݟ"]   }  

71. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 71 ઃఆɿoutput output  {    elasticsearch  {          host  =>  "localhost"          index  =>  “twitter-­‐%{+YYYY.MM.dd}”    }   }  

72. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 72 σϞ for Kibana4 Twitter Stream demo for Kibana4

73. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 73 Git log ϢʔεέʔεɿGit log

74. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 74 git-log2es • GitHubͰެ։͞ΕͯͨͷͰɺར༻ͯ͠Έͨ • https://github.com/Etsukata/git-log2es

75. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 75 ؾ৅ிͷؾ৅σʔλ ϢʔεέʔεɿؾԹσʔλ

76. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 76 Elasticsearchͷϩά ϢʔεέʔεɿElasticsearchͷϩά

77. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 77 Elasticsearchษڧձ

78. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 78 ࢀߟจݙ • Elasticsearch - The Definitive guide – http://www.elasticsearch.com/guide/en/elasticsearch/ guide/current/index.html • ॻ੶ – ElasticSearchServer೔ຊޠ൛
 αʔό/ΠϯϑϥΤϯδχΞ
 ɹཆ੒ಡຊɹϩάऩू

79. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 79 Q&A • Elasticsearch Document – http://www.elastic.co/guide/en/elasticsearch/ reference/current/index.html • Logstash Document – http://www.elastic.co/guide/en/logstash/current/ index.html • Kibana – http://www.elastic.co/guide/en/kibana/current/ index.html