Difference between revisions of "ELK principle"

(Created page with "Category:Linux To monitor ''applications'' results you can rely on logs files. '''ELK''' (Elastic search, Logstash, Kibana) is a wonderful stack to monitor that. You c...")
 
(No difference)

Latest revision as of 15:50, 5 February 2015


To monitor applications results you can rely on logs files. ELK (Elastic search, Logstash, Kibana) is a wonderful stack to monitor that.

You can consult the official website: http://www.elasticsearch.org/


Principle

To extract information from your logs, you need to:

  • Declare which log file(s) to monitor and what to look for (= extract useful information)
  • Agregate all the logs into a central database for computing
  • Display some information


Architecture

In reality this is achieve through the following installation:

ELK overview

  • Each server has a local Logstash agent to retrieve and send data
  • All the logs events are send to a common server ElasticSearch
  • Data is displayed in Kibana


Detailed process

If we zoom a little, this is the exact process:

ElasticSearch process







Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=ELK_principle&oldid=2072"