Sematext engineer and Elasticsearch / Logstash expert Rafal Kuc gave a well-received talk at the recent DevOps Days Warsaw event. The talk was titled “From Zero to Hero – Centralized Logging with Logstash & Elasticsearch” and you can watch the video here:
And check out the slides here:
[slideshare id=39679077&doc=fromzerotohero-easylogcentralizationwithlogstashandelasticsearch-140926042811-phpapp02-140929195303-phpapp01]
Brief Summary
Rafal talked about the common problem of digging through logs to find one particular event — or group of them. And going even further into this pain point — what if you have lots of servers and you don’t have a single place to look for logs? Do you really want to ssh to one or more servers and grep log files? Of course not! It’s 2014 and there are tools and services that help you spend less time hunting around for problems and more time actually fixing them.
To help solve this problem Rafal guided the audience through the basics of using Logstash and Elasticsearch together as the perfect combination for handling logs from multiple applications. Attendees also learned how to set up Logstash, how to configure it to parse logs and, finally, how to send them to an Elasticsearch cluster.
Rafal also discussed tuning Elasticsearch for log management and centralized logging purposes, and showed how to easily switch between shipping logs to a self-hosted solution like Elasticsearch / Logstash / Kibana (aka ELK) and instead ship logs to Logsene Log Management and Analytics by changing a single line in Logstash configuration.
See also:
- Getting Starting with Logstash in 5-minutes: Parsing and Sending a Log File
- Recipe: Rsyslog Elasticsearch Kibana
Enjoy! And thanks to everyone who attended Rafal’s talk in person and stopped by the Sematext booth.