Shulou(Shulou.com)05/31 Report--

This article shows you how to carry out the principle and work of ELK, the content is concise and easy to understand, absolutely can make your eyes bright, through the detailed introduction of this article, I hope you can get something.

EKL

Core composition

1.Elastic Search open source distributed search engine, it is characterized by distributed, zero configuration, automatic discovery, index automatic slicing, index copy mechanism, restful interface, multiple data sources, automatic search load.

Install Elastic Search with high availability, easy scalability, support for clustering (cluster), sharding and replication (sharding and replicas)

Verify startup: curl-X GET http://localhost:9200

2.Logstash is a completely open source tool that can be used to collect, analyze, and store logs for future use.

Install the data collection engine for Logstash real-time channel capabilities. It consists of three parts.

1. Shipper-send log data

2. Broker-data collection, default built-in redis

3. Indexer-data write

Launch verification:. / logstash-e 'input {stdin {}} output {stdout {codec= > rubydebug}}'

3.Kibala provides a friendly interface for log analysis for ES and Logstash, summarizing, analyzing and searching important logs. You can find, interact data, and generate table diagrams of various dimensions in the index of Elasticsearch

Vi kibana.yml adds the following configuration

Elasticsearch_url: "http://192.168.1.104:9200"

Browsers access kinaba http://39.106.48.25:5601/

Find records in kibana that execute more than 400ms

"READ_COMMITTED" AND message:/ [4-9] {1} [0-9] [0-9] ms/

Four major components

1.Logstatsh: the logstash server side is used to collect logs.

2.Elastic Search: stores all kinds of logs.

3.Kibala: web query and visualization interface.

4.Logstash forwarder: the logstash client side is used to send logs to logstash server through the lumberjack network protocol.

ELK workflow

Deploy logstash on the server that needs to collect logs as logstash agent (shipper) to monitor and filter the collected logs, send the filtered content to Broker (default Redis), and then logstash indexer will collect the logs together and give them to the full-text search engine Elastic Search. You can use Elastic Search for custom search through Kibana combined with custom search for page display.

The above content is how to carry out the principle of ELK and how it works. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.