{"id":2677,"date":"2016-05-11T12:02:15","date_gmt":"2016-05-11T10:02:15","guid":{"rendered":"https:\/\/sii.pl\/blog\/?p=2677"},"modified":"2023-02-01T13:54:43","modified_gmt":"2023-02-01T12:54:43","slug":"zapanuj-nad-logami-czyli-przyklad-uzycia-narzedzi-elasticsearch-logstash-kibana-2","status":"publish","type":"post","link":"https:\/\/sii.pl\/blog\/zapanuj-nad-logami-czyli-przyklad-uzycia-narzedzi-elasticsearch-logstash-kibana-2\/","title":{"rendered":"Zapanuj nad logami, czyli przyk\u0142ad u\u017cycia narz\u0119dzi: Elasticsearch, Logstash, Kibana"},"content":{"rendered":"\n<p>Wpis po\u015bwi\u0119cony jest magicznej tr\u00f3jce: elastic-search, logstash, kibana co w sieci mo\u017cna znale\u017a\u0107 pod skr\u00f3tem ELK.&nbsp;Opisuje w prosty spos\u00f3b jak uruchomi\u0107 i skonfigurowa\u0107 narz\u0119dzie wspomagaj\u0105ce prac\u0119 z plikami log\u00f3w. Ide\u0105 tego rozwi\u0105zania jest wykorzystanie istniej\u0105cych narz\u0119dzi jako centrum indeksuj\u0105cego i prezentuj\u0105cego logi. Narz\u0119dzie to jest bardzo przydatne w przypadku, gdy monitorujemy kilka \u015brodowisk, czy te\u017c jedno \u015brodowisko, kt\u00f3re jest rozproszone. Opisywane zastosowanie&nbsp;dotyczy monitorowania log\u00f3w w ramach jednej maszyny.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Wymagania<\/h2>\n\n\n\n<p>Przechodz\u0105c do sedna. Wiemy co chcemy zrobi\u0107, pojawia si\u0119 pytanie jak? Ot\u00f3\u017c w pierwszej kolejno\u015bci nale\u017cy pobra\u0107 trzy modu\u0142y ze strony dostawcy&nbsp;<a href=\"https:\/\/www.elastic.co\/\" rel=\"nofollow\" >https:\/\/www.elastic.co\/<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.elastic.co\/products\/elasticsearch\" rel=\"nofollow\" >https:\/\/www.elastic.co\/products\/elasticsearch<\/a><\/li><li><a href=\"https:\/\/www.elastic.co\/products\/kibana\" rel=\"nofollow\" >https:\/\/www.elastic.co\/products\/kibana<\/a><\/li><li><a href=\"https:\/\/www.elastic.co\/products\/logstash\" rel=\"nofollow\" >https:\/\/www.elastic.co\/products\/logstash<\/a><\/li><\/ul>\n\n\n\n<p>Do ich uruchomienia niezb\u0119dna b\u0119dzie java w wersji co najmniej 7, aczkolwiek jako \u017ce jest narz\u0119dziem ci\u0105gle rozwijanym, sugeruj\u0119 u\u017cy\u0107 najnowszej stabilnej wersji.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Instalacja<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>instalacja javy<\/li><li>rozpakowanie archiw\u00f3w z powy\u017cszymi paczkami<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Konfiguracja<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"http:\/\/sii.pl\/offer-page\/rozwoj-i-utrzymanie-aplikacji\/\">Elasticsearch<\/a>&nbsp;\u2013 konfiguracja znajduje si\u0119 w pliku:<ul><li>&lt;ELASTIC_SEARCH_HOME&gt; \/config\/elasticsearch.yml \u2013 istnieje mozliwo\u015b\u0107 zmiany podstawowych parametr\u00f3w, domy\u015blnymi s\u0105: 9200 oraz 9300, a zmiana ich nie jest konieczna.<\/li><\/ul><\/li><li><a href=\"https:\/\/sii.pl\/blog\/2016\/04\/27\/numer-1-z-2-milionow-projektow-java-fenomen-elasticsearch-2\/\">Kibana<\/a>&nbsp;\u2013 konfiguracja znajduje sie w pliku:<ul><li>&lt;KIBANA_HOME&gt;\/config\/kibana.yml \u2013 nale\u017cy zdefiniowa\u0107 \u017ar\u00f3d\u0142o danych, w tym przypadku zmienna:&nbsp;<em>elasticsearch.url: \u201e<\/em><a href=\"http:\/\/localhost:9200\/\" rel=\"nofollow\" ><em>http:\/\/localhost:9200<\/em><\/a><em>\u201e<\/em><\/li><li>Logstash \u2013 plik konfiguracyjny podaje si\u0119 w parametrach startowych. Zawarto\u015b\u0107 tego pliku mo\u017ce wygl\u0105da\u0107 nast\u0119puj\u0105co:<\/li><\/ul><\/li><\/ul>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ninput {\n  file {\n    type =&gt; &quot;nazwa \u015brodowiska|w\u0119z\u0142a&quot;\n    path =&gt; &quot;\/*&quot;\n    codec =&gt; multiline { \u2192sekcja odpowiedzialna za z\u0142o\u017cenie stacktrace\u2019a w jeden wpis\n      pattern =&gt; &quot;^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*&quot;\n      negate =&gt; &quot;true&quot;\n      what =&gt; &quot;previous&quot;\n    }\n  }\n}\noutput {\n  elasticsearch { hosts =&gt; &#x5B;&quot;:9200&quot;] }\n  stdout { codec =&gt; rubydebug } \u2192 linnia opcjonalna, wypisuje na wyj\u015bciu standardowym publikowane wpisy, przydatne podczas debugowania\n}\n<\/pre><\/div>\n\n\n<h2 class=\"wp-block-heading\">Uruchamianie<\/h2>\n\n\n\n<p>Aby wszystko dzia\u0142a\u0142o, nale\u017cy w pierwszej kolejno\u015bci uruchomi\u0107 elasticsearch skryptem:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n\/bin\/elasticsearch\n<\/pre><\/div>\n\n\n<p>nast\u0119pnie w dowolnej kolejno\u015bci nale\u017cy uruchomi\u0107:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n\/bin\/kibana\n\/bin\/logstash -f logstash.conf\n<\/pre><\/div>\n\n\n<p>Dla przyk\u0142adu filtrowanie log\u00f3w za pomoc\u0105 komendy\u00a0<em>grep Exception<\/em>:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/1-1.png\"><img decoding=\"async\" width=\"1003\" height=\"258\" src=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/1-1.png\" alt=\"\" class=\"wp-image-19141\" srcset=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/1-1.png 1003w, https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/1-1-300x77.png 300w, https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/1-1-768x198.png 768w\" sizes=\"(max-width: 1003px) 100vw, 1003px\" \/><\/a><\/figure><\/div>\n\n\n\n<p>A tu ten sam log wyszukany komend\u0105\u00a0<em>kibana *Exception*<\/em>\u00a0(stack trace uci\u0119ty przez rozmiar okna przegl\u0105darki):<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/2-1.png\"><img decoding=\"async\" width=\"1024\" height=\"573\" src=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/2-1-1024x573.png\" alt=\"\" class=\"wp-image-19143\" srcset=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/2-1-1024x573.png 1024w, https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/2-1-300x168.png 300w, https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/2-1-768x430.png 768w, https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/2-1-555x312.png 555w, https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/2-1.png 1475w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure><\/div>\n\n\n\n<p>Oczywi\u015bcie da si\u0119 to zrobi\u0107 pro\u015bciej np. poprzez uruchomienie gotowego obrazu docker\u2019a. Warto pami\u0119ta\u0107, \u017ce\u00a0\u015bcie\u017cka ta nie zawsze jest dost\u0119pna ze wzgl\u0119du na r\u00f3\u017cnego rodzaju polityki bezpiecze\u0144stwa. Narz\u0119dziem, kt\u00f3re warto dopisa\u0107 to tego zestawu, jest pakiet filebeat dost\u0119pny w stajni elastic, b\u0119d\u0105cy\u00a0sugerowanym narz\u0119dziem do przesy\u0142ania log\u00f3w wewn\u0105trz sieci.<\/p>\n\n\n<div class=\"kk-star-ratings kksr-auto kksr-align-left kksr-valign-bottom\"\n    data-payload='{&quot;align&quot;:&quot;left&quot;,&quot;id&quot;:&quot;2677&quot;,&quot;slug&quot;:&quot;default&quot;,&quot;valign&quot;:&quot;bottom&quot;,&quot;ignore&quot;:&quot;&quot;,&quot;reference&quot;:&quot;auto&quot;,&quot;class&quot;:&quot;&quot;,&quot;count&quot;:&quot;8&quot;,&quot;legendonly&quot;:&quot;&quot;,&quot;readonly&quot;:&quot;&quot;,&quot;score&quot;:&quot;1.5&quot;,&quot;starsonly&quot;:&quot;&quot;,&quot;best&quot;:&quot;5&quot;,&quot;gap&quot;:&quot;11&quot;,&quot;greet&quot;:&quot;&quot;,&quot;legend&quot;:&quot;1.5\\\/5 ( votes: 8)&quot;,&quot;size&quot;:&quot;18&quot;,&quot;title&quot;:&quot;Zapanuj nad logami, czyli przyk\u0142ad u\u017cycia narz\u0119dzi: Elasticsearch, Logstash, Kibana&quot;,&quot;width&quot;:&quot;38&quot;,&quot;_legend&quot;:&quot;{score}\\\/{best} ( {votes}: {count})&quot;,&quot;font_factor&quot;:&quot;1.25&quot;}'>\n            \n<div class=\"kksr-stars\">\n    \n<div class=\"kksr-stars-inactive\">\n            <div class=\"kksr-star\" data-star=\"1\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"2\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"3\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"4\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"5\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n    <\/div>\n    \n<div class=\"kksr-stars-active\" style=\"width: 38px;\">\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n                \n\n<div class=\"kksr-legend\" style=\"font-size: 14.4px;\">\n            1.5\/5 ( votes: 8)    <\/div>\n    <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Wpis po\u015bwi\u0119cony jest magicznej tr\u00f3jce: elastic-search, logstash, kibana co w sieci mo\u017cna znale\u017a\u0107 pod skr\u00f3tem ELK.&nbsp;Opisuje w prosty spos\u00f3b jak &hellip; <a class=\"continued-btn\" href=\"https:\/\/sii.pl\/blog\/zapanuj-nad-logami-czyli-przyklad-uzycia-narzedzi-elasticsearch-logstash-kibana-2\/\">Continued<\/a><\/p>\n","protected":false},"author":91,"featured_media":2698,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","inline_featured_image":false,"footnotes":""},"categories":[1314],"tags":[],"class_list":["post-2677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-development-na-twardo"],"acf":[],"aioseo_notices":[],"republish_history":[],"featured_media_url":"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2016\/05\/technology-logi-sii-blogersii.jpg","category_names":["Development na twardo"],"_links":{"self":[{"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/posts\/2677"}],"collection":[{"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/users\/91"}],"replies":[{"embeddable":true,"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/comments?post=2677"}],"version-history":[{"count":2,"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/posts\/2677\/revisions"}],"predecessor-version":[{"id":19145,"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/posts\/2677\/revisions\/19145"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/media\/2698"}],"wp:attachment":[{"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/media?parent=2677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/categories?post=2677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sii.pl\/blog\/wp-json\/wp\/v2\/tags?post=2677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}