Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kibana4でいろんなデータを見てみよう

Avatar for Jun Ohtani Jun Ohtani
April 13, 2015
Technology
0
4.4k

 Kibana4でいろんなデータを見てみよう

JJUG CCC 2015 Springでの発表資料です。

Kibana4についてはデモを行ったため説明は少ないです。

Avatar for Jun Ohtani

Jun Ohtani

April 13, 2015
Tweet

More Decks by Jun Ohtani

See All by Jun Ohtani
Elastic Stackでマイクロサービス運用を
楽にするには? / Monitoring Microservices with Elastic Stack
Avatar for Jun Ohtani johtani
5
2.9k
様々なメトリクスやログを集めてシステム解析 - Elastic Stackの入門と活用 - / Getting started Elastic Stack for logging/metrics
Avatar for Jun Ohtani johtani
4
1.1k
え?SQLで入門?する
 ElasticsearchとElastic Stack / Getting started Elastic Stack with SQL
Avatar for Jun Ohtani johtani
4
1.1k
Elastic Stack 入門 2018.09 / Getting started Elastic Stack 2018.09
Avatar for Jun Ohtani johtani
3
2.8k
What's new in Elastic Stack 6.3
Avatar for Jun Ohtani johtani
2
2.2k
Elastic Stackで始めるJavaアプリのパフォーマンス監視 / Intro Elastic Stack and Elastic APM Java
Avatar for Jun Ohtani johtani
5
2.5k
様々なメトリクスやログを集めてシステム解析 
- Elastic Stackの入門と活用 - / Intro Elastic Stack
Avatar for Jun Ohtani johtani
0
130
Intro Elastic Stack at Telemetry WG
Avatar for Jun Ohtani johtani
0
250
What's new in Elastic Stack 6.1?
Avatar for Jun Ohtani johtani
0
650

Other Decks in Technology

See All in Technology
Yahoo!広告ビジネス基盤におけるバックエンド開発
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
270
会社にデータエンジニアがいることでできるようになること
Avatar for 10xinc 10xinc
9
1.5k
モダンな現場と従来型の組織——そこに生じる "不整合" を解消してこそチームがパフォーマンスを発揮できる / Team-oriented Organization Design 20250825
Avatar for mtx2s mtx2s
5
510
Postman MCP 関連機能アップデート / Postman MCP feature updates
Avatar for Yoichi Kawasaki yokawasa
0
140
制約理論(ToC)入門
Avatar for Recruit recruitengineers
PRO
2
190
事業価値と Engineering
Avatar for Recruit recruitengineers
PRO
1
150
[CV勉強会@関東 CVPR2025 読み会] MegaSaM: Accurate, Fast, and Robust Structure and Motion from Casual Dynamic Videos (Li+, CVPR2025)
Avatar for abemii_ abemii
0
180
つくって納得、つかって実感! 大規模言語モデルことはじめ
Avatar for Recruit recruitengineers
PRO
18
4k
マイクロモビリティシェアサービスを支える プラットフォームアーキテクチャ
Avatar for gr1m0h grimoh
1
190
人と組織に偏重したEMへのアンチテーゼ──なぜ、EMに設計力が必要なのか/An antithesis to the overemphasis of people and organizations in EM
Avatar for Daisuke Sato dskst
5
580
.NET開発者のためのAzureの概要
Avatar for tomokusaba tomokusaba
0
230
Goでマークダウンの独自記法を実装する
Avatar for lag129 lag129
0
210

Featured

See All Featured
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
695
190k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
55
13k
Fireside Chat
Avatar for paigeccino paigeccino
39
3.6k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.8k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
302
21k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
83
9.1k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
7
820
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
2
580
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
44
2.4k
How GitHub (no longer) Works
Avatar for Zach Holman holman
315
140k

Transcript

  1. ͍ΖΜͳσʔλΛKibana4ͰݟͯΈΑ͏ Jun Ohtani @johtani 2015/04/11

  2. None

  3. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 3 about • Me, Jun Ohtani / Technical Adovocate – lucene-gosenίϛολʔ – ElasticSearch Server೔ຊޠ൛ͷ຋༁ – elasticsearch-extended-analysisͷ։ൃ – http://blog.johtani.info • Elasticsearch, founded in 2012 – Products: Elasticsearch, Logstash, Kibana, Marvel
 Professional services: Support & development subscriptions – Trainings

  4. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 4 ΞδΣϯμ • ELK stack঺հ • Logstash • Elasticsearch • Kibana • ϢʔεέʔεʴσϞ • ΞΫηεϩά • Twitter Stream • …

  5. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 5 ELK stack ELK stack

  6. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 6 ELK stack Data Import/Parse/ Export Store/Search Visualize

  7. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 7 ELK stack Import/Parse/ Export Store/Search Visualize Data

  8. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 8 Logstash Logstash

  9. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 9 Logstash in 10 seconds • ϩάɾσʔλͷऩूɾ؅ཧ • ऩूɺύʔεɾՃ޻ɺૹग़ • ΦʔϓϯιʔεɿApache License 2.0 • Ruby app (JRuby) • ࠷৽൛ɿ1.4.2 or 1.5.0 RC2

  10. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 10 Logstash architecture Logstash Input Output Filter ? ? collect  and  split alter  and  enrich store  and  visualize

  11. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 11 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  12. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 12 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  13. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 13 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  14. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 14 ઃఆαϯϓϧ input  {          file  {                  path  =>  "/Users/johtani/demo_access_log/*/*.log"          }   }   filter  {          grok  {                  match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          }   }   output  {          elasticsearch  {  host  =>  "localhost"  }   }

  15. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 15 μ΢ϯϩʔυͱىಈ $ wget https://download.elastic.co/... $ tar -xf logstash-1.5.0-rc2.tar.gz $ ./bin/logstash -e 'input { stdin{}} output {stdout{}}' ... Logstash startup completed ... Also puppet modules and RPM/DEB

  16. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 16 ELK stack Import/Parse/ Export Store/Search Visualize Data

  17. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 17 Elasticsearch Elasticsearch

  18. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 18 ϑϦʔϫʔυݕࡧ

  19. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 19 ߜΓࠐΈ

  20. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 20 ϋΠϥΠτ

  21. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 21 ιʔτ

  22. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 22 ϖʔδϯά

  23. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 23 ूܭ

  24. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 24 αδΣετ

  25. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 25 Elasticsearch in 10 seconds • εΩʔϚϑϦʔɺ෼ࢄυΩϡϝϯτετΞɺREST & JSON • Φʔϓϯιʔε: Apache License 2.0 • ઃఆͳ͠Ͱ؆୯ʹࢼ͢͜ͱ͕Մೳ • JavaͰ࣮૷ɻ֦ு΋༰қ

  26. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 26 μ΢ϯϩʔυͱىಈ $ wget https://download.elastic.co/... $ tar -xf elasticsearch-1.5.1.tar.gz $ ./elasticsearch-1.5.1/bin/elasticsearch ... [2015-04-10 10:02:17,278][INFO ][node] [Joseph] started ... Also puppet modules and RPM/DEB

  27. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 27 ELK stack Data Import/Parse/ Export Store/Search Visualize

  28. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 28 Kibana Kibana

  29. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 29 ࢖ͬͯ·͔͢ʁ Kibana3࢖ͬͯ·͔͢ʁ

  30. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 30 Kibana3

  31. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 31 Kibana3ʁ ·ͩKibana3࢖ͬͯΔΜͰ͔͢ʁ

  32. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 32 Kibana4 Kibana4

  33. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 33 ίϯηϓτ • σʔλΛ୳ࡧ • ୳ࡧͨ͠σʔλ͔ΒάϥϑΛ࡞੒ • άϥϑΛ૊Έ߹ΘͤͯμογϡϘʔυ࡞੒

  34. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 34 μ΢ϯϩʔυˍىಈ $ wget https://download.elastic.co/kibana… $ tar -xf kibana-4.0.2-darwin-x64.tar.gz $ ./kibana-4.0.2-darwin-x64/bin/kibana ... {"@timestamp":"2015-04-10T13:26:53.673Z","level":"info", "message":"Found kibana index","node_env":"production"} {"@timestamp":"2015-04-10T13:26:53.785Z","level":"info", "message":"Listening on 0.0.0.0:5601","node_env":"production"} ...

  35. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 35 ॳظը໘ http://localhost:5601/ ʹΞΫηε

  36. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 36 Discover • σʔλͷ୳ࡧΛߦ͏ը໘ • ͲΜͳϑΟʔϧυ͕͋Δ͔ • ݕࡧର৅ͷϑΟʔϧυɺσʔλͷछผ͕Θ͔Δ • ݕࡧͨ݁͠Ռ͸ͲΜͳσʔλ͔ • ݕࡧ৚݅ͷอଘ • ݕࡧ݁ՌͷΤΫεϙʔτ

  37. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 37 Visualize • ݕࡧ݁ՌΛݩʹάϥϑΛ࡞੒ • άϥϑͷλΠϓΛબ୒ • Y࣠ɺX࣠ͷબ୒ • Sub Aggregationͷબ୒ • άϥϑͷอଘ

  38. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 38 Dashboard • อଘͨ͠άϥϑΛ഑ஔɺϦαΠζ • μογϡϘʔυͷอଘɺڞ༗ • άϥϑͷ֤छ৘ใͷදࣔ – Table – Request – Response – Statistics

  39. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 39 Kibana3ͱͷҧ͍ • ෳ਺ͷΠϯσοΫεͷάϥϑΛ1ͭͷμογϡϘʔυʹ • ҟͳΔϑΟʔϧυͷ஋ΛҰͭͷάϥϑʹ • σʔλͷΤΫεϙʔτ • ݕࡧ৚݅ͷอଘ • Aggregation͕ར༻Մೳ

  40. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 40 ΞΫηεϩά ϢʔεέʔεɿΞΫηεϩά

  41. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 41 Dashboard

  42. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 42 ELK stack Data Import/Parse/ Export Store/Search Visualize

  43. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 43 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  44. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 44 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  45. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 45 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  46. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 46 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  47. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 47 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  48. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 48 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  49. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 49 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  50. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 50 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  51. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 51 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  52. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 52 ΞΫηεϩάʁ 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /phpMyAdmin/scripts/ setup.php HTTP/1.1" 404 290 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 283 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:35 +0900] "GET /myadmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 75.126.xx.xx - - [02/Dec/2014:01:40:36 +0900] "GET /MyAdmin/scripts/ setup.php HTTP/1.1" 404 287 "-" "ZmEu" 62.210.xx.xx - - [02/Dec/2014:04:19:17 +0900] "GET /admin/config.php HTTP/1.1" 404 278 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  53. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 53 ΞΫηεϩάɿLogstash Import/Parse/ Export Store/Search Visualize Data

  54. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 54 ઃఆɿinput input  {      file  {          path  =>  “/Users/johtani/sample/*_log"          start_position  =>  "beginning"      }   }

  55. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 55 1ߦ1σʔλ 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

  56. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 56 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  57. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 57 ύʔε 189.120.xx.xx - - [02/Dec/2014:12:18:29 +0900] "GET /manager/html HTTP/ 1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" {… "@timestamp": "2015-04-10T09:07:49.325Z", "clientip": "189.120.xx.xx", "ident": "-", "auth": "-", "timestamp": "02/Dec/2014:12:18:29 +0900", "verb": "GET", "request": "/manager/html", … "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" }

  58. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 58 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  59. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 59 ೔෇ͷύʔε {… "@timestamp": "2015-04-10T09:07:49.325Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", … } {… "@timestamp": "2014-12-02T03:18:29.000Z", … "timestamp": "02/Dec/2014:12:18:29 +0900", … }

  60. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 60 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  61. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 61 IP͔ΒҢ౓ܦ౓ͳͲ෇༩ {… "clientip": "189.120.xx.xx", …} {… "clientip": "189.120.xx.xx", … "geoip": {        "ip":  “189.120.xxx.xxx”,   …          "country_name":  "Brazil",          "continent_code":  "SA",          "region_name":  "27",          "city_name":  "São  Paulo",          "latitude":  -­‐23.473299999999995,          "longitude":  -­‐46.66579999999999,   …

  62. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 62 ઃఆɿfilter filter  {      grok  {          match  =>  {  "message"  =>  "%{COMBINEDAPACHELOG}"  }          break_on_match  =>  false      }      date  {          match  =>  ["timestamp",  "dd/MMM/YYYY:HH:mm:ss  Z"]          locale  =>  en      }      geoip  {  source  =>  ["clientip"]    }      useragent  {          source  =>  "agent"          target  =>  "useragent"      }   }

  63. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 63 ϢʔβΤʔδΣϯτͷύʔε {… "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" …} {… "agent": "\"Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0\"" … "useragent": { "name": "Firefox", "os": "Windows XP", "os_name": "Windows XP", "device": "Other", "major": "5", "minor": "0" } …

  64. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 64 ઃఆɿoutput output  {    elasticsearch  {          host  =>  "localhost"          index  =>  “demo_access_log-­‐%{+YYYY.MM.dd}”    }   }  

  65. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 65 ΞΫηεϩάɿelasticsearch Import/Parse/ Export Store/Search Visualize Data

  66. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 66 Index template {… "order": 0, "template": "demo_access_log-*", "settings": { "index.number_of_replicas": "0", "index.number_of_shards": "2" }, "mappings": { … }, "aliases": {} }, …

  67. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 67 Index template {… "mappings": { "_default_": { "dynamic_templates": [ { "string_template": { "mapping": { "index": "not_analyzed", "type": "string" }, "match_mapping_type": "string", "match": "*" } } ], …

  68. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 68 σϞ for Kibana4 Access Log demo for Kibana4

  69. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 69 πΠʔτ ϢʔεέʔεɿπΠʔτ

  70. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 70 ઃఆɿinput input{      twitter{      consumer_key  =>  “…….”      consumer_secret  =>  “……………………."      oauth_token  =>  “……..-­‐…………………….”      oauth_token_secret  =>  “……………………"      keywords  =>  ["ࡩ",  "։Ֆ",  "Ֆݟ"]   }  

  71. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 71 ઃఆɿoutput output  {    elasticsearch  {          host  =>  "localhost"          index  =>  “twitter-­‐%{+YYYY.MM.dd}”    }   }  

  72. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 72 σϞ for Kibana4 Twitter Stream demo for Kibana4

  73. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 73 Git log ϢʔεέʔεɿGit log

  74. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 74 git-log2es • GitHubͰެ։͞ΕͯͨͷͰɺར༻ͯ͠Έͨ • https://github.com/Etsukata/git-log2es

  75. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 75 ؾ৅ிͷؾ৅σʔλ ϢʔεέʔεɿؾԹσʔλ

  76. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 76 Elasticsearchͷϩά ϢʔεέʔεɿElasticsearchͷϩά

  77. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 77 Elasticsearchษڧձ

  78. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 78 ࢀߟจݙ • Elasticsearch - The Definitive guide – http://www.elasticsearch.com/guide/en/elasticsearch/ guide/current/index.html • ॻ੶ – ElasticSearchServer೔ຊޠ൛
 αʔό/ΠϯϑϥΤϯδχΞ
 ɹཆ੒ಡຊɹϩάऩू

  79. www.elastic.co Copyright Elastic 2015 Copying, publishing and/or distributing without written

    permission is strictly prohibited 79 Q&A • Elasticsearch Document – http://www.elastic.co/guide/en/elasticsearch/ reference/current/index.html • Logstash Document – http://www.elastic.co/guide/en/logstash/current/ index.html • Kibana – http://www.elastic.co/guide/en/kibana/current/ index.html