logstash+ElasticSearch+Kibana VS Splunk
2012-09-25 20:33
381 查看
最近帮磊哥移植一套开源的日志管理软件,替代Splunk. Splunk是一个功能强大的日志管理工具,它不仅可以用多种方式来添加日志,生产图形化报表,最厉害的是它的搜索功能 - 被称为“Google for IT”。Splunk有免费和收费版,最主要的差别在于每天的索引容量大小(索引是搜索功能的基础),免费版每天最大为500M。在使用免费版时,如果在30天之内,有7天的索引数据量超过500M,那么就不可以再搜索了.
我熟悉了几天logstash,然后用ElasticSearch进行搜索,最后用Kibana来作为漂亮的三方界面,总体上不错!果然是开源的力量.整个搭建的过程比较复杂,东西比较多,有java,有ruby,有python一些列的.先介绍下三个开源项目
of JRuby (Java+Ruby). You can specify inputs and outputs as well as filters. It supports various input types. One of them is "Linux Syslog". Which means, you do not have to install logging agent on every server increasing the overall load of the server. Your
default rsyslog client will do just fine. Then comes the filtering part, after taking input, you can filter out logs within Logstash itself. It's awesome but it didn't serve any purpose for me as I wanted to index every log. Next is the output part, Logstash
can output logs on standard output (why would anyone want that). But as with input, it supports multiple output types too. One of them is Elasticsearch.
through Elasticsearch indices using Lucene search syntax for more complicated query. But, simple wildcard search works too.
written on Java Script and PHP, requires only one line to be edited for this to work out off the box.
下面是logstash跑出来的效果,具体的搭建还是以后有时间介绍了.Kibana查看端口默认是5601
通过ElasticSearch进行查询
logstash查看端口是9292
我熟悉了几天logstash,然后用ElasticSearch进行搜索,最后用Kibana来作为漂亮的三方界面,总体上不错!果然是开源的力量.整个搭建的过程比较复杂,东西比较多,有java,有ruby,有python一些列的.先介绍下三个开源项目
Logstash
is very useful and versatile. It's madeof JRuby (Java+Ruby). You can specify inputs and outputs as well as filters. It supports various input types. One of them is "Linux Syslog". Which means, you do not have to install logging agent on every server increasing the overall load of the server. Your
default rsyslog client will do just fine. Then comes the filtering part, after taking input, you can filter out logs within Logstash itself. It's awesome but it didn't serve any purpose for me as I wanted to index every log. Next is the output part, Logstash
can output logs on standard output (why would anyone want that). But as with input, it supports multiple output types too. One of them is Elasticsearch.
Elasticsearch
is a Java based log indexer. You can searchthrough Elasticsearch indices using Lucene search syntax for more complicated query. But, simple wildcard search works too.
Kibana
It provides the web frontend for Elasticsearch,written on Java Script and PHP, requires only one line to be edited for this to work out off the box.
下面是logstash跑出来的效果,具体的搭建还是以后有时间介绍了.Kibana查看端口默认是5601
通过ElasticSearch进行查询
logstash查看端口是9292
相关文章推荐
- logstash+ElasticSearch+Kibana VS Splunk
- logstash+ElasticSearch+Kibana VS Splunk
- Centos7下使用ELK(Elasticsearch + Logstash + Kibana)搭建日志集中分析平台
- ELK(Logstash+Elasticsearch+Kibana)的原理和详细搭建
- ELK(elasticsearch+logstash+kibana)开源日志分析平台搭建
- 搭建elasticsearch+logstash+kibana
- 搭建ELK(ElasticSearch+Logstash+Kibana)日志分析系统(十四) logstash grok 正则解析日志
- Logstash+Redis+Elasticsearch+Kibana+Nginx搭建日志分析系统
- elasticsearch+logstash+kibana+marvel
- Logstash+Redis+Elasticsearch+Kibana 快速搭建Nginx日志查询系统
- 使用ElasticSearch+LogStash+Kibana+Redis搭建日志管理服务
- logstash+elasticsearch+redis+kibana3 日志收集系统搭建
- elasticsearch+logstash+kibana+redis
- Kibana+Logstash+Elasticsearch+Redis安装部署
- 详解logstash+elasticsearch+kibana快速搭建日志平台
- logstash elasticsearch kibana日志集中解决方案
- ELK(ElasticSearch+Logstash+Kibana)+redis日志收集分析系统
- ElasticSearch+kibana+logstash监控和分析系统
- Logstash+ElasticSearch+Kibana日志分析系统
- 搭建ELK(ElasticSearch+Logstash+Kibana)日志分析系统(十五) logstash将配置写在多个文件