Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What's new in Elastic Stack 6.3

Jun Ohtani
July 25, 2018
Technology
2
1.8k

What's new in Elastic Stack 6.3

第23回Elasticsarch勉強会で発表した6.3の新機能の紹介スライドです。

Webinarの録画ビデオではデモもありますので、参考にしていただければと。
https://www.elastic.co/jp/webinars/elastic-stack-6-3

Jun Ohtani

July 25, 2018
Tweet

More Decks by Jun Ohtani

See All by Jun Ohtani
Elastic Stackでマイクロサービス運用を
楽にするには? / Monitoring Microservices with Elastic Stack
johtani
5
2.4k
様々なメトリクスやログを集めてシステム解析 - Elastic Stackの入門と活用 - / Getting started Elastic Stack for logging/metrics
johtani
4
810
え?SQLで入門?する
 ElasticsearchとElastic Stack / Getting started Elastic Stack with SQL
johtani
4
790
Elastic Stack 入門 2018.09 / Getting started Elastic Stack 2018.09
johtani
3
2.4k
Elastic Stackで始めるJavaアプリのパフォーマンス監視 / Intro Elastic Stack and Elastic APM Java
johtani
5
2.1k
様々なメトリクスやログを集めてシステム解析 
- Elastic Stackの入門と活用 - / Intro Elastic Stack
johtani
0
100
Intro Elastic Stack at Telemetry WG
johtani
0
180
What's new in Elastic Stack 6.1?
johtani
0
500
システムメトリクス・ログのリアルタイム解析入門 - Elastic Stackを活用して -
johtani
5
1.2k

Other Decks in Technology

See All in Technology
物理シミュレーションと数理最適化の知見を導入した機械学習手法
yellowshippo
1
850
承認コネクタについて
miyakemito
1
120
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
0
310
Microsoft Azure Well-Architected Framework でセキュアに
masakamayama
1
160
UIコンポーネントライブラリをうまく使うためにできること / components-with-designer
mottox2
2
710
Aurora MySQL version 3でTempTable溢れの振り返り
mixi_engineers
PRO
6
1.6k
全世界1,800万人が利用する「家族アルバム みてね」におけるNew Relic活用法 / FutureStack Tokyo 2023
isaoshimizu
1
180
Boot verification in Android
prashantspol
0
200
Better PHP - Keep your code up to date
wernerkrauss
1
120
Amazon Route 53をやさしくおさらい
minorun365
19
4.2k
モジュラモノリスにおけるトランザクション設計の考え方 / transaction design on modular monolith
nazonohito51
14
5k
Airplay
elcuervo
0
130

Featured

See All Featured
Done Done
chrislema
178
15k
Ruby is Unlike a Banana
tanoku
93
9.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
WebSockets: Embracing the real-time Web
robhawkes
58
6.5k
[RailsConf 2023] Rails as a piece of cake
palkan
14
2.7k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.9k
The Invisible Customer
myddelton
113
12k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
870
Build your cross-platform service in a week with App Engine
jlugia
223
17k
Design by the Numbers
sachag
272
18k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
Visualization
eitanlees
131
13k

Transcript

  1. Jun Ohtani, Community Engineer

    Kosho Owa, Principal Solution Architect
    Elastic Stack 6.3 ঺հ

    View Slide

  2. !2
    ηογϣϯʹೖΔ

    ͦͷલʹɻ

    QRίʔυϦʔμʔͷ͝༻ҙΛʂ

    View Slide

  3. !3
    bit.ly/EnqEsMeetup

    View Slide

  4. !4

    View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. !8

    View Slide

  9. !9

    View Slide

  10. !10
    Elasticsearch SQL (6.3 - Experimental)
    ࢖͍׳ΕͨγϯλοΫεͰElasticsearchʹ໰͍߹Θͤ

    View Slide

  11. !11
    Elasticsearch SQL (6.3)
    ࢖͍׳ΕͨγϯλοΫεͰElasticsearchʹ໰͍߹Θͤ
    ● REST API & CLI Client (Basic License)
    ○ SQLγϯλοΫεͰElasticsearchͱ΍ΓͱΓ
    ○ දܗࣜͰ݁ՌΛදࣔ
    ● Translate API (Basic License)
    ○ SQLίϚϯυΛElasticsearchͷQuery DSLʹม׵
    ○ ElasticsearchͷQuery DSLγϯλοΫεʹ׳ΕΔͨΊͷศརͳํ๏
    ● JDBC Client (Platinum License)

    View Slide

  12. !12
    Data Rollups
    ● API for creating an Elasticsearch process
    to periodically store aggregate statistics
    ● Primary benefit is space savings
    ○ Faster queries
    ○ Potentially less nodes to manage
    ○ Smaller snapshots
    ○ Longer retention times
    ○ etc.
    ● Query rolled up data and “live” data
    together in a single query.
    Rollups API (6.3 - Experimental)
    ● ఆظతʹ౷ܭσʔλΛू໿ͯ͠อଘ͢ΔElasticsearchͷJobΛొ࿥
    ● ओͳར఺͸༰ྔͷ࡟ݮ
    ● σʔλ͕গͳ͘ͳΔͨΊ
    ○ Query͕ΑΓߴ଎ʹ
    ○ গͳ͍ϊʔυͰσʔλΛ؅ཧ
    ○ Snapshot͕ΑΓখ͘͞
    ○ σʔλͷอ࣋ظ͕ؒΑΓ௕͘
    ● 1ͭͷΫΤϦͰϩʔϧΞοϓͨ͠σʔλͱͯ͠ͳ͍σʔλΛ໰͍߹Θͤ
    ༰ྔ͕ɻɻɻ
    X-Pack feature (Basic, free)

    View Slide

  13. !13
    Raw Minute Hour Day
    Docs: 9,041,000 1,448,285 49,554 8,447
    Size: 2.23gb 1.25gb 48.40mb 9.10mb
    Docs % : -83.98% -99.45% -99.91%
    Size %: -43.68% -97.84% -99.59%
    (avg ~200 docs per minute, 32 days of data, single host)
    (20 grouping fields, 62 numerics @ min/max/avg == 186 metrics)
    Rolling up Metricbeat data
    ༰ྔ࡟ݮͷҰྫ
    MetricbeatͷϩʔϧΞοϓ
    (ฏۉ ~200 docs/෼ɺ32೔ؒɺ1αʔόʔ)
    (20ݸͷάϧʔϓϑΟʔϧυɺ62ݸͷ਺஋ @ min/max/avg == 186 metrics)
    X-Pack feature (Basic, free)

    View Slide

  14. !14
    ͦͷଞʹ΋ …
    • Java 10 (6.3) for Elasticsearch
    • Painless execute API
    • ML jobs Ͱ Cross Cluster Search ͕Մೳʹ(X-Pack Platinum)
    • ML job ͷࣄલνΣοΫ (X-Pack Platinum)

    View Slide

  15. !15

    View Slide

  16. !16
    Kibana Query LanguageͰࣗಈิ׬

    View Slide

  17. !17
    Recently Viewed ΍ Recent Time Range
    ௚લʹԿΛ͔ͯͨ͠ͳ?...
    Recently viewed objects Recently used time range

    View Slide

  18. !18
    Kibana Lab Visualizations
    Input controls (supports chaining) Vega Plugin

    View Slide

  19. !19
    Index Management UI
    UIͰIndex؅ཧ
    X-Pack feature (Basic, free)

    View Slide

  20. !20
    License Management UI
    TrialΛ࢝ΊͨΓɺBasic΁໭ͨ͠ΓɺϥΠηϯεͷߋ৽͕UI͔Β

    View Slide

  21. !21
    ͦͷଞʹ΋…
    • DashboardͷύωϧͷαΠζมߋ͕ΑΓॊೈʹ
    • MonitoringͷػೳΛKibanaͷը໘͔Β༗ޮʹ(σϑΥϧτ͸ແޮ)
    • APMͱWatcherͷ࿈ܞ͕༰қʹ

    View Slide

  22. !22

    View Slide

  23. !23
    LogstashͷઃఆΛΑΓ؆ུԽ
    ྫ͑͹...
    Pipelineؒ௨৴ (Beta)
    ઃఆΛΑΓγϯϓϧʹ

    View Slide

  24. !24
    LogstashͷઃఆΛΑΓ؆ུԽ

    • Distributor

    Pipelineؒ௨৴ (Beta)
    ઃఆΛΑΓγϯϓϧʹ

    View Slide

  25. !25
    LogstashͷઃఆΛΑΓ؆ུԽ

    • Output Isolator

    Pipelineؒ௨৴ (Beta)
    ઃఆΛΑΓγϯϓϧʹ

    View Slide

  26. !26
    LogstashͷઃఆΛΑΓ؆ུԽ

    • Forked Path

    Pipelineؒ௨৴ (Beta)
    ઃఆΛΑΓγϯϓϧʹ

    View Slide

  27. !27
    LogstashͷઃఆΛΑΓ؆ུԽ

    • Collector
    Pipelineؒ௨৴ (Beta)
    ઃఆΛΑΓγϯϓϧʹ

    View Slide

  28. !28
    SNMP Poller (Beta)
    Centralized polling of SNMP agents with a Logstash input plugin
    ϕʔλ൛ͷػೳ
    • TCP΋͘͠͸UDPͰSNMP v1 ͱ v2c ΛϙʔϦϯά
    • SNMP GETs ͱ WALKs Λαϙʔτ
    • ఆظతʹϙʔϦϯά
    • MIB ϑΝΠϧΠϯϙʔτ
    • ޓ׵ੑ: Logstash 2.4 Ҏ্ʹରԠ
    Blog: https://www.elastic.co/blog/logstash-lines-support-for-tcp-and-snmpv1-in-snmp-input-plugin
    Routers
    Switches
    Servers
    SNMP Agents
    v0.1.0.beta1

    View Slide

  29. !29
    ͦͷଞʹ΋...
    • Persistent Queue Breaking changes
    • S3ͷinput/outputͰcustom endpointͱregionͷࢦఆ͕Մೳʹ
    • PQͷσΟεΫͷ࢖༻ྔ΋MonitoringͰऔಘ (Basic)

    View Slide

  30. !30

    View Slide

  31. !31
    • at-least-once deliveryΛఏڙ

    • Metricbeat΍AuditbeatͷΑ͏ͳ

    λΠϓͰॏཁ
    • Ϧελʔτ΍ωοτϫʔΫো֐Ͱ΋
    σʔλ్͕੾Εͳ͍
    Disk΁Spool (Beta)
    ΤοδͰӬଓԽ
    # ____beat.yml
    queue:
    spool:
    file:
    path: "${path.data}/
    spool.dat"
    permissions: 0600 # One-
    time
    size: 100MiB # One-
    time
    #prealloc: true # One-
    time
    write:
    buffer_size: 1MiB
    flush.timeout: 1s
    flush.events: 16384

    View Slide

  32. !32
    ௥Ճ͞ΕͨModule
    Filebeat Metricbeat

    View Slide

  33. !33
    Filebeatͷೖྗ͕ଟ༷ʹ
    • TCP Input
    ‒ SSL/TLSΛαϙʔτ
    • UDP Input
    • Syslog Input
    ‒ BSD RFC3164Λαϙʔτ
    ‒ ϓϩτίϧ͸TCPͱUDP
    filebeat.inputs:

    - type: tcp

    max_message_size: 10MiB

    host: "localhost:9000"
    filebeat.inputs:

    - type: udp

    max_message_size: 10KiB

    host: "localhost:8080"
    filebeat.inputs:

    - type: syslog

    protocol.tcp:

    host: "localhost:9000"
    filebeat.yml

    View Slide

  34. !34
    ͦͷଞʹ΋...
    • Kubernetes/DockerͷAudodiscoverػೳͷվળ
    • add_host_metadataͷ௥Ճ

    View Slide

  35. !35
    6.3.1͕ϦϦʔε

    ͞Ε͍ͯ·͢ʂ

    View Slide

  36. !36
    Demo

    View Slide