====== ELK Stack======
[[linux:linux|{{ :dokuwiki:tux.png?120|}}]]

===== context=====
dit document beschrijft algemene werking van ELK Stack

===== Log analysis=====
  - keep logs in central place and analyse from there.
  - collection of raw (unstructured) data
  - convert into structured form
  - usefull for:
    - issue debugging: detect problems
    - predictive analysis: use log to foresee problems
    - security analysis: analyse access logs
    - performance analysis: how well is your app performing
  - problems with Log analysis:
    - non-consistent log format: most apps have their own log format
    - non-consistent time format: CET, US time format 
    - decentralised logs: logs are not on 1 server and are spread over your environment
    - expert knowledge required: not everyone has access/knowledge to analyse the logs

===== ELK Stack =====
  * combination of 3 opensource tools:
    * elasticsearch: store logs and make them searcheable, NoSQL database, Apache Lucene, FAST (based on indexing)!
    * logstash: collect, parse and filter logs (unstructured data), plugins connect to various sources
    * kibana: web interface to display data in graphs and dashboards  {{ :linux:elkcomponent.png?600 |}}

===== How does it work? =====
  - logstash collects individual logs from servers
  - elasticserach works on collected data (indexing)
  - kebana presents data visually {{ :linux:elkworking.png?600 |}}

===== meer info =====
uitleg gebaseerd op [[https://www.youtube.com/watch?v=MRMgd6E9AXE|YouTube video]]
{{tag>Linux}}