ELK principle


To monitor applications results you can rely on logs files. ELK (Elastic search, Logstash, Kibana) is a wonderful stack to monitor that.

You can consult the official website: http://www.elasticsearch.org/


Principle

To extract information from your logs, you need to:

  • Declare which log file(s) to monitor and what to look for (= extract useful information)
  • Agregate all the logs into a central database for computing
  • Display some information


Architecture

In reality this is achieve through the following installation:

ELK overview

  • Each server has a local Logstash agent to retrieve and send data
  • All the logs events are send to a common server ElasticSearch
  • Data is displayed in Kibana


Detailed process

If we zoom a little, this is the exact process:

ElasticSearch process