In this post, we will learn how to use Elasticsearch, Logstash and Kibana for running analytics on application events and logs. Firstly, I will install all these applications on my local machine. Installations You can read my previous posts on how to install Elasticsearch , Logstash , Kibana and Filebeat on your local machine. Basic configuration I hope by now you are have installed Elasticsearch, Logstash, Kibana and Filebeat on your system. Now, Let's do few basic configurations required to be able to run analytics on application events and logs. Elasticsearch Open elasticsearch.yml file in [ELASTICSEARCH_INSTLLATION_DIR]/config folder and add properties to it. cluster.name: gauravbytes-event-analyzer node.name: node-1 Cluster name is used by Elasticsearch node to form a cluster. Node name within cluster need to be unique. We are running only single instance of Elasticsearch on our local machine. But, in production grade setup there will be master nodes, data nodes a

Java 8 introduced default and static methods in interfaces. These features allow us to add new functionality in the interfaces without breaking the existing contract for implementing classes. How do we define default and static methods? Default method has default and static method has static keyword in the method signature. public interface InterfaceA { double someMethodA(); default double someDefaultMethodB() { // some default implementation } static void someStaticMethodC() { //helper method implementation } Few important points for default method You can inherit the default method. You can redeclare the default method essentially making it abstract . You can redefine the default method (equivalent to overriding). Why do we need default and static methods? Consider an existing Expression interface with existing implementation like ConstantExpression , BinaryExpression , DivisionExpression and so on. Now, you want to add new functionalit

Filebeat Filebeat is a light-weight log shipper. It is installed as a agent and listen to your predefined set of log files and locations and forward them to your choice of sink (Logstash, Elasticsearch, database etc.) Installation deb curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.2-amd64.deb sudo dpkg -i filebeat-6.3.2-amd64.deb rpm curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.2-x86_64.rpm sudo rpm -vi filebeat-6.3.2-x86_64.rpm mac curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.2-darwin-x86_64.tar.gz tar xzvf filebeat-6.3.2-darwin-x86_64.tar.gz docker docker pull docker.elastic.co/beats/filebeat:6.3.2 Windows Download the filebeat from official website and do the following configurations. 1) Extract the zip file to your choice of location. e.g. C:\Program Files. 2) Rename the filebeat- -windows directory to Filebeat . 3) Open a PowerShell prompt as an Administrator (right

Kibana Kibana is a visualization dashboard for Elasticsearch and you can choose many available charts like graphs, pie, bar, histogram etc. or real time textual data and can gain meaningful analytics. Installation Installating Kibana directly from tar files For Linux installation wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-linux-x86_64.tar.gz shasum -a 512 kibana-6.2.3-linux-x86_64.tar.gz tar -xzf kibana-6.2.3-linux-x86_64.tar.gz cd kibana-6.2.3-linux-x86_64/ For Windows installation //Dowload Kibana https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-windows-x86_64.zip //running kibana /bin/kibana.bat Installation from packages Debian package installation // Import elatic PGP key wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - //install https transport module sudo apt-get install apt-transport-https //save repository definition echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" |

Logstash Logstash is data processing pipeline which ingests the data simultaneously from multiple data sources, transform it and send it to different `stash` i.e. Elasticsearch, Redis, database, rest endpoint etc. For example; Ingesting logs files; cleaning and transforming it to machine and human readable formats. There are three components in Logstash i.e. Inputs, Filters and Outputs Inputs It ingests data of any kind, shape and size. For examples: Logs, AWS metrics, Instance health metrics etc. Filters Logstash filters parse each event, build a structure, enrich the data in event and also transform it to desired form. For example: Enriching geo-location from IP using GEO-IP filter, Anonymize PII information from events, transforming unstructured data to structural data using GROK filters etc. Outputs This is the sink layer. There are many output plugins i.e. Elasticsearch, Email, Slack, Datadog, Database persistence etc. Installing Logstash As of writing Logstash(6.2.3) r