Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Monitor PostgreSQL with the Elastic Stack

Philipp Krenn
July 05, 2017
Programming
1
4.2k

Monitor PostgreSQL with the Elastic Stack

How to use the Elastic Stack (previously called ELK Stack) to monitor logs is widely known. But it can also give you a complete picture of your PostgreSQL installation:
* System metrics: Keep track of network traffic and system load.
* Logs: Collect and parse PostgreSQL logs.
* PostgreSQL metrics: Gather the most relevant attributes with the dedicated Metricbeat module.
* Queries: Monitor your queries on the wire without instrumenting PostgreSQL with Packetbeat.

And we will do all of that live since it is so easy and much more interactive that way.

Philipp Krenn

July 05, 2017
Tweet

More Decks by Philipp Krenn

See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2k
360° Monitoring of Your Microservices
xeraa
7
3.3k
Scale Your Metrics with Elasticsearch
xeraa
4
130
YAML Considered Harmful
xeraa
0
2k
Scale Your Elasticsearch Cluster
xeraa
1
280
Hands-On ModSecurity and Logging
xeraa
2
140
Centralized Logging Patterns
xeraa
1
970
Dashboards for Your Management with Kibana Canvas
xeraa
1
450
Make Your Data FABulous
xeraa
3
810

Other Decks in Programming

See All in Programming
Remix on Hono on Cloudflare Workers
yusukebe
1
300
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
120
OnlineTestConf: Test Automation Friend or Foe
maaretp
0
110
役立つログに取り組もう
irof
28
9.6k
flutterkaigi_2024.pdf
kyoheig3
0
150
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
520
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
300
AI時代におけるSRE、
あるいはエンジニアの生存戦略
pyama86
6
1.2k
Pinia Colada が実現するスマートな非同期処理
naokihaba
4
230
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
930
CSC509 Lecture 11
javiergs
PRO
0
180

Featured

See All Featured
Practical Orchestrator
shlominoach
186
10k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Agile that works and the tools we love
rasmusluckow
327
21k
Adopting Sorbet at Scale
ufuk
73
9.1k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
How to Ace a Technical Interview
jacobian
276
23k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Building Adaptive Systems
keathley
38
2.3k
Visualization
eitanlees
145
15k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Building Your Own Lightsaber
phodgson
103
6.1k

Transcript

  1. Monitor PostgreSQL with the Stack Philipp Krenn@xeraa 1

  2. Infrastructure | Developer Advocate 2

  3. Disclaimer This is not a training https://www.elastic.co/training 3

  4. Who Is Using Elasticsearch Logstash and Kibana Beats 4

  5. 5

  6. You Know, for Search 6

  7. 7

  8. 8

  9. ELK Stack 9

  10. 10

  11. 11

  12. 12

  13. 13

  14. Elastic Stack 14

  15. 15

  16. 16

  17. 17

  18. Starting Point https://github.com/xeraa/postgresql-monitoring 18

  19. USB Sticks 19

  20. Box Vagrant Ansible Provisioner 20

  21. Credentials vagrant & vagrant 21

  22. SSH $ ssh [email protected] -p 2222 -o PreferredAuthentications=password Windows: http://www.putty.org

    22

  23. Ansible $ cd /elastic-stack/ $ ls 23

  24. 24

  25. REST $ curl -XGET -u "elastic:changeme" http://localhost:9200/ 25

  26. 26

  27. Login http://localhost:5601 elastic & changeme 27

  28. 28

  29. Filebeat 29

  30. Filebeat Modules 30

  31. System Dashboards 31

  32. 32

  33. PostgreSQL Logs /var/log/postgresql/*.log 33

  34. /etc/filebeat/filebeat.yml filebeat.prospectors: - input_type: log paths: - /var/log/postgresql/*.log document_type: postgresql

    34

  35. Kibana Discover Limit Kibana view to the postgresql _type 35

  36. 36

  37. 37

  38. /etc/logstash/conf.d/00-beats-input.conf input { beats { port => 5044 } }

    38

  39. /etc/logstash/conf.d/10-postgresql- filter.conf filter { } 39

  40. /etc/logstash/conf.d/20-elasticsearch- output.conf output { elasticsearch { hosts => ["localhost:9200"] manage_template

    => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" document_type => "%{[@metadata][type]}" user => "elastic" password => "changeme" } } 40

  41. Grok Patterns https://github.com/logstash-plugins/logstash-patterns- core/blob/master/patterns/grok-patterns 41

  42. Building Patterns https://grokdebug.herokuapp.com Part of Kibana 5.5+ 42

  43. 43

  44. /etc/logstash/conf.d/10-postgresql- filter.conf filter { if [type] == "postgresql" { grok

    { match => { "message" => "%{DATESTAMP:timestamp} %{TZ} (\[%{DATA:group_id}\]) (\[?%{DATA:user}\]?@\[?%{DATA:database}\]? )?%{DATA:level}: %{GREEDYDATA:msg}" } } } } 44

  45. Logstash Restart $ sudo service logstash restart 45

  46. /etc/filebeat/filebeat.yml #filebeat.modules: #- module: system 46

  47. Filebeat System Module in Logstash https://www.elastic.co/guide/en/logstash/current/ filebeat-modules.html 47

  48. /etc/filebeat/filebeat.yml output.logstash: hosts: ["localhost:5044"] username: "elastic" password: "changeme" 48

  49. /etc/filebeat/filebeat.yml #output.elasticsearch: # hosts: ["localhost:9200"] # username: "elastic" # password:

    "changeme" 49

  50. Filebeat Restart $ sudo service filebeat restart 50

  51. Debug Logstash $ less /var/log/logstash/logstash-plain.log 51

  52. Test $ /opt/sqlsmith/sqlsmith --verbose --target="host=localhost port=5432 dbname=test user=test password=test" 52

  53. Multiline Logs 53

  54. /etc/filebeat/filebeat.yml filebeat.prospectors: - input_type: log paths: - /var/log/postgresql/*.log document_type: postgresql

    multiline.pattern: '^[[:space:]]' multiline.negate: false multiline.match: after 54

  55. Filebeat Restart $ sudo service filebeat restart 55

  56. Test $ /opt/sqlsmith/sqlsmith --verbose --target="host=localhost port=5432 dbname=test user=test password=test" 56

  57. Visualize level of log events Refresh the index template 57

  58. 58

  59. Metricbeat 59

  60. Metricbeat System 60

  61. Metricbeat Service 61

  62. /etc/metricbeat/metricbeat.yml - module: postgresql metricsets: - database - bgwriter -

    activity enabled: true period: 10s hosts: ["postgres://localhost:5432?sslmode=disable"] username: elastic password: changeme 62

  63. Metricbeat Restart $ sudo service metricbeat restart 63

  64. Test $ /opt/sqlsmith/sqlsmith --verbose --target="host=localhost port=5432 dbname=test user=test password=test" 64

  65. 65

  66. Visual Builder postgresql.database.rows.* 66

  67. 67

  68. Packetbeat 68

  69. Protocols 69

  70. Flows Application layer: Unsupported / encrypted (TLS) protocols IP /

    TCP / UDP Number of packets & bytes Retransmissions Temporal flow 70

  71. /etc/packetbeat/packetbeat.yml packetbeat.protocols.pgsql: ports: [5432] 71

  72. Packetbeat Restart $ sudo service packetbeat restart 72

  73. Test $ /opt/sqlsmith/sqlsmith --verbose --target="host=localhost port=5432 dbname=test user=test password=test" 73

  74. 74

  75. Heartbeat 75

  76. Heartbeat ICMP, TCP, HTTP, HTTPS 76

  77. /etc/heartbeat/heartbeat.yml heartbeat.monitors: - type: tcp hosts: ["127.0.0.1:5432"] schedule: '@every 10s'

    77

  78. Heartbeat Restart $ sudo service heartbeat restart 78

  79. Test $ sudo service postgresql stop $ sudo service postgresql

    start 79

  80. Visualize Up or down 80

  81. 81

  82. Winlogbeat 82

  83. libbeat https://github.com/elastic/beats/tree/master/generate/beat 83

  84. 84

  85. X-Pack Monitoring Graph Reporting Alerting Machine Learning 85

  86. X-Pack Basic 86

  87. Conclusion 87

  88. 88

  89. 89

  90. 90

  91. Thanks! Questions? Philipp Krenn@xeraa 91