Book Image

Learning ELK Stack

By : Saurabh Chhajed
Book Image

Learning ELK Stack

By: Saurabh Chhajed

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning ELK Stack
Saurabh Chhajed
Nov, 2015 | 206 pages
No titles found
Table of Contents (17 chapters)
Learning ELK Stack
Learning ELK Stack
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to ELK Stack
Introduction to ELK Stack
The need for log analysis
Challenges in log analysis
The ELK Stack
ELK data pipeline
ELK Stack installation
Summary
2
Building Your First Data Pipeline with ELK
Building Your First Data Pipeline with ELK
Input dataset
Configuring Logstash input
Filtering and processing input
Putting data to Elasticsearch
Visualizing with Kibana
Summary
3
Collect, Parse and Transform Data with Logstash
Collect, Parse and Transform Data with Logstash
Configuring Logstash
Logstash plugins
Summary
4
Creating Custom Logstash Plugins
Creating Custom Logstash Plugins
Logstash plugin management
Plugin lifecycle management
Structure of a Logstash plugin
Summary
5
Why Do We Need Elasticsearch in ELK?
Why Do We Need Elasticsearch in ELK?
Why Elasticsearch?
Elasticsearch basic concepts
Exploring the Elasticsearch API
Elasticsearch Query DSL
Elasticsearch plugins
Summary
6
Finding Insights with Kibana
Finding Insights with Kibana
Kibana 4 features
Kibana interface
Summary
7
Kibana – Visualization and Dashboard
Kibana – Visualization and Dashboard
Visualize page
Dashboard page
Summary
8
Putting It All Together
Putting It All Together
Input dataset
Configuring Logstash input
Visualizing with Kibana
Summary
9
ELK Stack in Production
ELK Stack in Production
Prevention of data loss
Data protection
System scalability
Data retention
ELK Stack implementations
ELK at SCA
ELK at Cliffhanger Solutions
Kibana demo – Packetbeat dashboard
Summary
10
Expanding Horizons with ELK
Expanding Horizons with ELK
Elasticsearch plugins and utilities
ELK roadmap
Summary
Index
Index

Filtering and processing input

Once we configure the input file, we need to filter the input based on our needs so that we can identify which fields we need, and process them as per the required analysis.

A filter plugin will perform the intermediary processing on the input event. We can apply the filter conditionally based on certain fields.

Since our input file is a CSV file, we will use the csv filter for the same. The csv filter takes an event field that contains CSV formatted data, parses it, and stores it as individual fields. It can also parse data with any separator other than commas. A typical csv filter is as follows:

filter {  
    csv {
        columns => #Array of column names.
        separator => #String ; default -","
    }
}

The attribute columns take the name of fields in our CSV file, which is optional. By default, the columns will be named as column 1, column 2, and so on.

The attribute separator defines what character is used to separate the different columns in the...

Previous Section
End of Section 4
Next Section