Elastic Stack: from Search to Analytics

Elastic Stack: from Search to Analytics Thiago Souza Sr. Support
Engineer [email protected]

2 Um pouco sobre mim... • +15 anos de experiência
com TI • Trabalho com Elasticsearch desde 2010 (em produção desde 2013) • Sr. Support Engineer @ Elastic

3 100,000+ Community Members 250M+ Product Downloads 5,000+ Subscription Customers
Statistics since 2012, founding of Elastic

Tech Finance Telco Consumer 4 Enterprise Customers in Every Industry

5 Elasticsearch is an Open Source (Apache 2), Distributed, RESTful,
Search Engine built on top of Lucene. http://www.elasticsearch.org - 2011

6 Apache LuceneTM is a high-performance, full-featured text search engine
library written entirely in Java. https://lucene.apache.org/core

7 • Full-featured text search engine • Library written entirely
in Java. ‒ Uma biblioteca Java off-line, acessada localmente. Elastic: from Search to Analytics Apache Lucene Id Texto Ids Termo 1 Amanhã vai chover no Rio de Janeiro 1 amanha 2 Rio de Janeiro tem muita praia! 1 chov 2 praia 1,2 rio ... Inverted Index

8 Elastic: from Search to Analytics Apache Lucene Amanhã vai
chover no Rio de Janeiro Analyzer Term (Token) amanha vai chov rio janeiro

9 Elastic: from Search to Analytics Apache Lucene Amanhã vai
chover no Rio de Janeiro Analyzer Term (Token) amanha vai chov rio janeiro Char Filter Tokenizer Token Filter 0 ... n 1 0 ... n Lucene Analyzer Pipeline

10 Lucene Index Elastic: from Search to Analytics Apache Lucene
Documentos query: Amanhã chove no Rio A N A L Y Z E R id term 1,2,5,9,... term1 2,5,8,9,... term2 term amanha chov rio Documentos + Similarity Function score(query, doc) >= 0 TF-IDF BM25 etc ...

11 Elasticsearch is an Open Source (Apache 2), Distributed, RESTful,
Search Engine built on top of Lucene. http://www.elasticsearch.org - 2011

12 Elastic: from Search to Analytics Elasticsearch $ curl -XPOST
'localhost:9200/twitter/tweet/' -d '{ "user" : "kimchy", "post_date" : "2009-11-15T14:12:12", "message" : "trying out Elasticsearch" }' HTTP + JSON

13 Elastic: from Search to Analytics Elasticsearch • Index Sharding
‒ Divide os dados em N partições. ‒ Escalabilidade de Escrita. Index configurado com 3 shards e 1 réplica primário réplica Total 6 shards • Shard Replication ‒ Copia os dados em N partições. ‒ Escalabilidade de Leitura.

14 Elastic: from Search to Analytics Elasticsearch node 1

15 node 2 node 1 Elastic: from Search to Analytics
Elasticsearch

Elasticsearch node 3

Elasticsearch node 3 node 4

18 Elastic: from Search to Analytics Processamento Distribuído Coordinating Node
Data Node Data Node Data Node query query partial results full (merged) results parallel execution Client

19 Elastic: from Search to Analytics Elasticsearch: v0.90.0 (2013) •
Highly Available Distributed Search • RESTful API • Full Text Search • Multifaceted Search • Schemaless? (Schema-easy/lazy!)

20 "That's the end goal of Elasticsearch: we want to
make data exploration, the ability to ahead and ask questions on your data and get results in milliseconds, available to end users." Shay Banon dotScale 2013

21 Elastic: from Search to Analytics Elasticsearch Aggregations • Generalização
do Facets para framework de agregações • Facets => Terms Aggregations • Outras Agregações: Mínimo, Máximo, Histograma, Média, Desvio Padrão, etc... • Assim como as buscas, as agregações são executadas de forma distribuída (i.e. Map-Reduce like) • Lucene é também um storage orientado à coluna (i.e. Column Store)

22 Elastic: from Search to Analytics Column-Oriented Storage Row-Oriented Storage
Column-Oriented Storage id Nome Idade Peso id Nome Idade Peso 1 João 34 81 1 João 34 81 X 2 Maria 51 65 2 Maria 51 65 3 José 53 76 3 José 53 76 Agregações mais rápidas AVG(Idade) = 46 SUM(Peso) = 222 https://www.elastic.co/blog/elasticsearch-as-a-column-store

23 Elastic: from Search to Analytics Elasticsearch Aggregations • Buckets
Aggregations: Agrupa documentos em buckets, segundo algum critério. Exemplos: ‒ Histogram/Date Histogram ‒ Terms/Significant Terms ‒ Range ‒ GeoHash Grid ‒ etc... • Metrics Aggregations: Calcula métricas de documentos agrupados em buckets. Exemplos: ‒ Mínimo, Máximo, Média, etc… ‒ Percentis ‒ Geo Bounds/Geo Centroids ‒ Scripted ‒ etc... • Pipeline Aggregations: Agrega os valores de saída de outras agregações. Exemplos: ‒ Média Móvel ‒ Mínimo, Máximo, Média, etc... ‒ Percentis ‒ Soma Acumulativa ‒ etc...

24 Elastic: from Search to Analytics Elasticsearch Aggregations Log Acesso
Website COUNT(*) = 3526 AVG(size) = 432.47 TERMS(browser) FIREFOX CHROME SAFARI COUNT(*) = 1492 MAX(version) = 1881 COUNT(*) = 1232 MAX(version) = 310 COUNT(*) = 802 MAX(version) = 9 ACCESS_LOG timestamp: datetime size: integer browser: string version: integer DATE_HISTOGRAM(hour, timestamp) ... DATE_HISTOGRAM(hour, timestamp) ... DATE_HISTOGRAM(hour, timestamp) ...

25 Elastic: from Search to Analytics Pipeline Aggregations Log Acesso
Website COUNT(*) = 3526 AVG(size) = 432.47 TERMS(browser) FIREFOX CHROME SAFARI COUNT(*) = 1492 MAX(version) = 1881 COUNT(*) = 1232 MAX(version) = 310 COUNT(*) = 802 MAX(version) = 9 MAX(COUNT(*)) = 1492 ACCESS_LOG timestamp: datetime size: integer browser: string version: integer DATE_HISTOGRAM(hour, timestamp) ... DATE_HISTOGRAM(hour, timestamp) ... DATE_HISTOGRAM(hour, timestamp) ...

Elastic Stack Store, Search, & Analyze Elasticsearch Visualize & Manage
Kibana Beats Ingest Logstash Metrics Logging APM Site Search Application Search Business Analytics Enterprise Search Security Analytics Future Solutions SaaS Elastic Cloud Self Managed Elastic Cloud Enterprise Standalone Deployment

Beats: Lightweight Data Shipper

28 Filebeat Elastic: from Search to Analytics Beats: Lightweight Data
Shipper Libbeat Logstash Kafka Elasticsearch Redis Winlogbeat Heartbeat Metricbeat Packetbeat Auditbeat

Logstash: Data Processing Pipeline

30 INPUTS FILTERS OUTPUTS Elastic: from Search to Analytics Logstash:
Data Processing Pipeline Beats Redis Elasticsearch File Kafka Elasticsearch File Amazon S3 Kafka Redis Grok Geoip Heartbeat Csv Json +50 Input Plugins +40 Filter Plugins +50 Output Plugins

Kibana: Data Exploration & Visualization

32 Elastic: from Search to Analytics Kibana: Data Exploration &
Visualization

33 Muito Obrigado! DÚVIDAS? Thiago Souza [email protected] Elastic Engineer Training
- São Paulo - 05/11 a 08/11 https://training.elastic.co/location/SaoPaulo Elastic Certified Engineer https://www.elastic.co/training/certification Elastic Community https://discuss.elastic.co

Elastic Stack: from Search to Analytics

Elastic Stack: from Search to Analytics

Thiago Souza

More Decks by Thiago Souza

Other Decks in Technology

Featured

Transcript