Book Image

Learning ELK Stack

By : Saurabh Chhajed
Book Image

Learning ELK Stack

By: Saurabh Chhajed

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning ELK Stack
Saurabh Chhajed
Nov, 2015 | 206 pages
No titles found
Table of Contents (17 chapters)
Learning ELK Stack
Learning ELK Stack
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to ELK Stack
Introduction to ELK Stack
The need for log analysis
Challenges in log analysis
The ELK Stack
ELK data pipeline
ELK Stack installation
Summary
2
Building Your First Data Pipeline with ELK
Building Your First Data Pipeline with ELK
Input dataset
Configuring Logstash input
Filtering and processing input
Putting data to Elasticsearch
Visualizing with Kibana
Summary
3
Collect, Parse and Transform Data with Logstash
Collect, Parse and Transform Data with Logstash
Configuring Logstash
Logstash plugins
Summary
4
Creating Custom Logstash Plugins
Creating Custom Logstash Plugins
Logstash plugin management
Plugin lifecycle management
Structure of a Logstash plugin
Summary
5
Why Do We Need Elasticsearch in ELK?
Why Do We Need Elasticsearch in ELK?
Why Elasticsearch?
Elasticsearch basic concepts
Exploring the Elasticsearch API
Elasticsearch Query DSL
Elasticsearch plugins
Summary
6
Finding Insights with Kibana
Finding Insights with Kibana
Kibana 4 features
Kibana interface
Summary
7
Kibana – Visualization and Dashboard
Kibana – Visualization and Dashboard
Visualize page
Dashboard page
Summary
8
Putting It All Together
Putting It All Together
Input dataset
Configuring Logstash input
Visualizing with Kibana
Summary
9
ELK Stack in Production
ELK Stack in Production
Prevention of data loss
Data protection
System scalability
Data retention
ELK Stack implementations
ELK at SCA
ELK at Cliffhanger Solutions
Kibana demo – Packetbeat dashboard
Summary
10
Expanding Horizons with ELK
Expanding Horizons with ELK
Elasticsearch plugins and utilities
ELK roadmap
Summary
Index
Index

Elasticsearch Query DSL

The queries that we saw until now were basic commands that were used to retrieve data, but the actual power of Elasticsearch's querying lies in a robust Query Domain Specific Language based on JSON also called Query DSL. Kibana makes extensive use of Query DSL in order to get results in a desired format for you. You almost never really have to worry about writing the query JSON, as Kibana will automatically create and put the results in a nice format.

For example, in order to get only three results out of all the matching ones, we can specify it like this:

curl -XPOST 'localhost:9200/logstash-*/_search' -d '
{
  "query": { "match_all": {} },
  "size": 3
}'

The response is as follows, which contains three documents matching the search:

{
  "took" : 390,
  "timed_out" : false,
  "_shards" : {
    "total" : 640,
    "successful" : 640,
    "failed" : 0
  },
  "hits" : {
    "total" : 128,
    "max_score" : 1.0,
    "hits" : [{
        "_index" : "logstash-2014.07.01",...
Previous Section
End of Section 5
Next Section