Applications and Centralized Log Monitoring

• Applications running generate logs.
• Applications run on servers which also generated logs
• Applications store the data in database which also will have logs
• Logs are everywhere, But the problem is logs are not standardized
• Event viewer example

EVENT VIEWER LOGS in Windows
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="ESENT" /> 
  <EventID Qualifiers="0">455</EventID> 
  <Level>2</Level> 
  <Task>3</Task> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2020-07-16T01:55:19.800855900Z" /> 
  <EventRecordID>31349</EventRecordID> 
  <Channel>Application</Channel> 
  <Computer>DESKTOP-HGH07L2</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>svchost</Data> 
  <Data>13036,R,98</Data> 
  <Data>TILEREPOSITORYS-1-5-18:</Data> 
  <Data>C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log</Data> 
  <Data>-1023 (0xfffffc01)</Data> 
  </EventData>
  </Event>

• Application Log example

Started at Wed May 06 09:29:26 IST 2020
Finished at Wed May 06 09:29:26 IST 2020. 4ms

• DB Logs will be different format

• Searching logs will be a tedious job

• Consider the sample architecture below with different servers and applications

• When any thing goes to get down to root cause, we might need to search logs and this is difficult job as logs are in different formats

• So we need a centralized log monitoring which can

  • search various formats of logs
  • Help us building dashboards
  • Help in APM (Application Performance Monitoring)
  • Help in Audits

• Some of the tools which can help over here

  • System Center
  • Splunk
  • AppDynamics (APM)
  • Elastic Stack

Elastic Stack

• The Elastic Stack is eco-system of components serving full search & analytics stack.

• Main components are

  • Elastic Search: Provides storage, search and analytical capabilities
  • LogStash: Helps in getting data into Elastic search
  • Kibana: UI for elastic stack, Visualization capabilities
  • Beats: Helps in getting data into Elastic search (agent)
  • X-pack: Provides features for monitoring, alerting, security

• Lets have 5000 feet overview of elastic stack in sample architecture

Elastic Search

• Elastic search is a real-time distributed search and analytics engine that is horizontally scalable and capable of solving wide variety of use cases.
• Elastic search is core of Elastic Stack.
• Elastic search plays the central role of search engine and analytics engine
• Apache has built a tool for text searching and indexing which is called as Apache Lucene
• Elastic search is built on top of Apache Lucene
• Elastic search’s key benefits
  • Schemaless, document-oriented
  • Searching
  • Analytics
  • Rich Client Library support and REST API
  • Near real-time
  • Lightning-fast
  • Fault-tolerant

Schemaless and document Oriented

• Elastic Search stores the data in JSON Documents, A example document looks as shown below

{
    "name": "Khaja Ibrahim",
    "courses": ["AWS", "Azure", "DevOps", "Python"],
    "Organization": "QualityThought"
}
{
    "name": "Ramana",
    "courses": ["Agile", "Manaul Testing"],
    "Organization": "QualityThought",
    "Email": "qtramana@gmail.com"
}

• These kind of documents represent faculty records
• Use Cases of Elastic Stack
  • Log analysis
  • Product search
  • Metric analytics
  • Web Searches and website search

Our Setup for Elastic Search

• Ubuntu VM with 4 VCPUs and 16 GB of RAM
• Install Elastic Search and Kibana on the same server
• Installation Steps for Elastic Search Refer Here
• Installation Steps for Kibana Refer Here