Book Image

Learning ELK Stack

By : Saurabh Chhajed
Book Image

Learning ELK Stack

By: Saurabh Chhajed

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning ELK Stack
Saurabh Chhajed
Nov, 2015 | 206 pages
No titles found
Table of Contents (17 chapters)
Learning ELK Stack
Learning ELK Stack
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to ELK Stack
Introduction to ELK Stack
The need for log analysis
Challenges in log analysis
The ELK Stack
ELK data pipeline
ELK Stack installation
Summary
2
Building Your First Data Pipeline with ELK
Building Your First Data Pipeline with ELK
Input dataset
Configuring Logstash input
Filtering and processing input
Putting data to Elasticsearch
Visualizing with Kibana
Summary
3
Collect, Parse and Transform Data with Logstash
Collect, Parse and Transform Data with Logstash
Configuring Logstash
Logstash plugins
Summary
4
Creating Custom Logstash Plugins
Creating Custom Logstash Plugins
Logstash plugin management
Plugin lifecycle management
Structure of a Logstash plugin
Summary
5
Why Do We Need Elasticsearch in ELK?
Why Do We Need Elasticsearch in ELK?
Why Elasticsearch?
Elasticsearch basic concepts
Exploring the Elasticsearch API
Elasticsearch Query DSL
Elasticsearch plugins
Summary
6
Finding Insights with Kibana
Finding Insights with Kibana
Kibana 4 features
Kibana interface
Summary
7
Kibana – Visualization and Dashboard
Kibana – Visualization and Dashboard
Visualize page
Dashboard page
Summary
8
Putting It All Together
Putting It All Together
Input dataset
Configuring Logstash input
Visualizing with Kibana
Summary
9
ELK Stack in Production
ELK Stack in Production
Prevention of data loss
Data protection
System scalability
Data retention
ELK Stack implementations
ELK at SCA
ELK at Cliffhanger Solutions
Kibana demo – Packetbeat dashboard
Summary
10
Expanding Horizons with ELK
Expanding Horizons with ELK
Elasticsearch plugins and utilities
ELK roadmap
Summary
Index
Index

Prevention of data loss

Data loss prevention is critical for a production system, as monitoring and debugging is largely dependent on each and every log event to be present in the system; otherwise, whole analytics or the debugging system will fail, and we end up losing some of the important events in our system.

Data loss can be prevented using a message broker in front of the Logstash indexers. Message brokers, such as Redis, prove to be useful when dealing with a large stream of data, as Logstash may slow down while indexing data to Elasticsearch. Redis can help in these situations where it can buffer the data while Logstash is busy indexing to Elasticsearch. It also adds a layer of resiliency where if indexing fails, events are held in a queue instead of getting lost. ZeroMQ, RabbitMQ, AMQP can also be used as a broker in place of Redis.

For example, the following architecture can be useful:

ELK Architecture with message broker

Previous Section
End of Section 2
Next Section