monitor your containers with the elastic stack
play

Monitor your containers with the Elastic Stack Monica Sarbu Monica - PowerPoint PPT Presentation

Sep 17, 2022 •539 likes •1.01k views

Monitor your containers with the Elastic Stack Monica Sarbu Monica Sarbu Team lead, Beats team monica@elastic.co @monicasarbu 3 Monitor your containers with the Elastic Stack Elastic Stack @monicasarbu 5 Beats are lightweight shippers

  2. Monitor your containers with the Elastic Stack Monica Sarbu

  3. Monica Sarbu Team lead, Beats team monica@elastic.co @monicasarbu 3

  4. Monitor your containers with the Elastic Stack

  5. Elastic Stack @monicasarbu 5

  6. Beats are lightweight shippers that collect and ship all kinds of operational data to Elasticsearch

  7. Multiple data types, one place m e t r i c s e r l o g s • D o c k e r • D o c k a c t i o n s • M y S Q L t r a n s • A p a c h e l o g s o g s • R e d i s l • f l o w s m e t r i c s • D o c k e r O • d i s k I c s • R e d i s m e t r i • C P U % •memory % s a c t i o n s • H T T P t r a n •flows g s • M y S Q L l o •Redis transactions •filesystem @monicasarbu 7

  8. Central point for your distributed infrastructure @monicasarbu 8

  9. The Beats 30+ other community Beats shipping @monicasarbu 9

  10. Filebeat 10

  11. Filebeat • Tails log files, without parsing them • “At least once” guarantees, handles backpressure • Extra powers: • Multiline • JSON logs • Filtering 11

  12. Parse log lines with Ingest Node I N G E S T @monicasarbu 12

  13. Parse log lines with Logstash I N G E S T @monicasarbu 13

  14. Filebeat Back pressure handling 14

  15. Why back-pressure is key? @monicasarbu 15

  16. Synchronous sending registry file acked read read stream of log lines batch of messages ack @monicasarbu 16

  17. This means.. • Filebeat adapts its speed automatically to as much as the next stage can process • But: be aware when benchmarking 17

  18. When the next stage is down.. • Filebeat patiently waits • Log lines are not lost • It doesn’t allocate memory, it doesn’t buffer things on disk 18

  19. Filebeat Collect container logs 19

  20. Docker logging drivers https://docs.docker.com/engine/admin/logging/overview/ @monicasarbu 20

  21. Centralize Docker logs: option 1/522 • Use the Docker gelf driver and the Logstash-gelf-input • Pros: • No shipper to install, send directly to Logstash • Cons: • UDP based, no delivery guarantees, no congestion control @monicasarbu 21

  22. Centralize Docker logs: option 2/522 • Use the Docker JSON driver , use Filebeat with the JSON support • Pros: • Simple (default driver) • Easy to add container metadata (name, labels, etc.) • `docker logs` works • Cons: • JSON driver can slow down Docker @monicasarbu 22

  23. Centralize Docker logs: option 3/522 • Use the Docker syslog driver, and a local syslog server , then Filebeat for shipping • Pros: • Good control over the path where the files are written, rotation strategies, etc. • Cons: • you need to manage the syslog server • metadata is serialized as string, needs to be de- serialized again (opportunity for mistakes) • multiline is difficult because data from containers can be mixed @monicasarbu 23

  24. Centralize Docker logs: option 4/522 • Use the Docker journald driver then Filebeat for shipping • Pros: • journald is often already available • convenient support for metadata • `docker logs` works • Cons: • Filebeat doesn’t yet support journald (a Journalbeat exists, however) @monicasarbu 24

  25. Centralize Docker logs: option 5/522 • Mount a volume and have your app write logs into the volume • Pros: • If your app can rotate it’s own logs, it’s very easy to setup • Scales well • Cons: • Difficult to pass metadata @monicasarbu 25

  26. Centralize Docker logs: conclusion • json driver, syslog driver, and shared volume are pretty good options today • journald driver might be better options in the future @monicasarbu 26

  27. Metricbeat new in 5.0 27

  28. One Metricbeat module for each service + Add your own @monicasarbu 28

  29. Metricbeat system module CPU diskIO Mem filesystem network cores load processes @monicasarbu 29

  30. Metricbeat Collect container metrics 30

  31. in progress Querying the Docker API • Dedicated Docker module • Has access to container names and labels • Easy to setup • Offers: • CPU and memory • Docker container information • network (in/out bytes, dropped) • diskIO (reads/writes) • status of containers (# of stopped, running, etc) @monicasarbu 31

  32. Reading cgroup data from /proc/ • Doesn’t require access to the Docker API (can be a security issue) • Works for any container runtime (Docker, rkt, runC, LXD, etc.) • Part of the system module • Automatically enhances process data with cgroup information • Cannot get the container name and labels @monicasarbu 32

  33. Run as a container App1 App2 App3 Host @monicasarbu 33

  34. Elasticsearch as time series DB 34

  35. Elasticsearch BKD trees • Added for Geo-points • faster to index #velo • faster to query • more disk-efficient • more memory efficient @monicasarbu 35

  36. Float values On Disk Usage in kb 80000 • half floats 70000 60000 • scaled floats (using a scaling factor) - great for 50000 things like percentage 40000 points 30000 20000 10000 0 float half float scaled float scaled float (factor = 4000) (factor = 100) Points disk usage (kb) docs_values disk usage (kb) @monicasarbu 36

  37. Why Elasticsearch for time series • Horizontal scalability. Mature and battle tested cluster support. • Flexible aggregations (incl moving averages & Holt Winters) #velo • One system for both logs and metrics • Timelion UI, Grafana • Great ecosystem: e.g. alerting tools @monicasarbu 37

  38. Packetbeat 38

  39. Supported traffic decoders http:// Thrift DNS + ICMP AMQP Add your own @monicasarbu 39

  40. Unknown traffic, use flows •Look into data for which we don’t understand the application layer protocol •TLS •Protocols we don’t yet support •Get data about IP / TCP / UDP layers •number of packets & bytes •retransmissions •inter-arrival time @monicasarbu 40

  41. Packetbeat Monitor traffic exchanged between your containers 41

  42. Monitor outside containers App1 App2 App3 Packetbeat Host traffic exchanged between your containers @monicasarbu 42

  43. Demo: Metricbeat, Filebeat, Packetbeat Multiple data types, one view in Kibana 43

  44. Thank you • github.com/elastic/beats • discuss.elastic.co • @elastic #elasticbeats • #beats on freenode 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Monitor with the Stack Philipp Krenn @xeraa 1 Infrastructure | Developer

Monitor with the Stack Philipp Krenn @xeraa 1 Infrastructure | Developer

Monitor with the Stack Philipp Krenn @xeraa 1 Infrastructure | Developer Advocate 2 Disclaimer This is not a training https://www.elastic.co/training 3 Who Is Using Elasticsearch Logstash and Kibana Beats 4 5 6 7

1.08k views • 84 slides
Elastic Efficient Execution of Varied Containers Sharma Podila Nov 7th 2016, QCon San Francisco

Elastic Efficient Execution of Varied Containers Sharma Podila Nov 7th 2016, QCon San Francisco

Elastic Efficient Execution of Varied Containers Sharma Podila Nov 7th 2016, QCon San Francisco In other words... How do we efficiently run heterogeneous workloads on an elastic pool of heterogeneous resources, with capacity guarantees?

1.29k views • 72 slides
Using Kieker with Elastic APM: An Experience Report Valentin Seifermann Duan Okanovi SSP

Using Kieker with Elastic APM: An Experience Report Valentin Seifermann Duan Okanovi SSP

Institute of Software Technology Reliable Software Systems Using Kieker with Elastic APM: An Experience Report Valentin Seifermann Duan Okanovi SSP 2018 @ Hildesheim, Germany Elastic Stack https://www.elastic.co/* Elastic APM

512 views • 13 slides
Toward Full Specialization of the HPC System Software Stack: Reconciling Application Containers

Toward Full Specialization of the HPC System Software Stack: Reconciling Application Containers

Toward Full Specialization of the HPC System Software Stack: Reconciling Application Containers and Lightweight Multi-kernels Balazs Gerofi , Yutaka Ishikawa , Rolf Riesen , Robert W. Wisniewski bgerofi@riken.jp RIKEN Advanced

485 views • 29 slides
Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping etc. Implementations of stacks using array linked list The Stack ADT A stack is a list with the restriction that insertions and

566 views • 44 slides
Dual-Monitor Mount Op/ons 12/21/15 1 Why Do We Need Monitor Arms? Removes the monitor from the

Dual-Monitor Mount Op/ons 12/21/15 1 Why Do We Need Monitor Arms? Removes the monitor from the

Dual-Monitor Mount Op/ons 12/21/15 1 Why Do We Need Monitor Arms? Removes the monitor from the desk freeing up valuable desk space Facilitates instant height and depth adjustment of the screen/s for comfortable viewing and op/mal

393 views • 14 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer science. The stack is an abstract data type that has two main operations. These are push which adds an element to the top of the stack and pop which

754 views • 8 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
Stack ADT Tiziana Ligorio 1 Todays Plan Questons? Stack ADT 2 Abstract Data Types

Stack ADT Tiziana Ligorio 1 Todays Plan Questons? Stack ADT 2 Abstract Data Types

Stack ADT Tiziana Ligorio 1 Todays Plan Questons? Stack ADT 2 Abstract Data Types Bag List Stack 3 Stack 34 A data structure representing a stack of things Objects can be pushed onto the stack or popped from the stack

1.62k views • 116 slides
BUILDING HA ELK STACK FOR DRUPAL Marji Cermak DevOps track, Experience level: Intermediate HA

BUILDING HA ELK STACK FOR DRUPAL Marji Cermak DevOps track, Experience level: Intermediate HA

BUILDING HA ELK STACK FOR DRUPAL Marji Cermak DevOps track, Experience level: Intermediate HA ELK Marji Cermak @cermakm Marji Cermak Systems Engineer at @cermakm HA ELK Marji Cermak @cermakm Scope of this presentation technical talk

1.16k views • 102 slides
EU Codes Implementation Workshop Feedback and Future Event A really good bottom up A good

EU Codes Implementation Workshop Feedback and Future Event A really good bottom up A good

EU Codes Implementation Workshop Feedback and Future Event A really good bottom up A good range of Very useful to be able stakeholders, and not guide to how the to ask detailed changes will be just usual regulatory questions and

202 views • 3 slides
XRN4930 - Requirement to inform Shipper of Meter Link Code changes HLSO Supporting Slides

XRN4930 - Requirement to inform Shipper of Meter Link Code changes HLSO Supporting Slides

XRN4930 - Requirement to inform Shipper of Meter Link Code changes HLSO Supporting Slides Overview During DSG development and HLSO review, members asked a number of questions that would support any decision being made at ChMC Questions

407 views • 3 slides
i j = = i 1 j 1 Shipments from source i to destination j Shipments from x

i j = = i 1 j 1 Shipments from source i to destination j Shipments from x

Introduction to the transportation problem s Supply at source i : i d Contractual commitment to deliver to destination j : j For feasibility we require Total supply total demand m n s d i j = = i 1 j 1 Shipments

339 views • 4 slides
33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter

33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter

33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter R. Gillett Associate Professor Department of Accounting, Business Ethics and Information Systems Rutgers Business SchoolNewark and New

774 views • 42 slides
GAS INDUSTRY WORKSHOP TSO UPDATE 21 ST NOVEMBER 2016 PRESENTATION STRUCTURE CJV Update:

GAS INDUSTRY WORKSHOP TSO UPDATE 21 ST NOVEMBER 2016 PRESENTATION STRUCTURE CJV Update:

GAS INDUSTRY WORKSHOP TSO UPDATE 21 ST NOVEMBER 2016 PRESENTATION STRUCTURE CJV Update: CJV Overview CJV Activities Programme Single Code Extension of Transportation Agreement Capacity Statement

783 views • 74 slides
Communicatin Centered Programming for Embedded Systems Sakura Bhandari, Shoji Yuen (Nagoya

Communicatin Centered Programming for Embedded Systems Sakura Bhandari, Shoji Yuen (Nagoya

Communicatin Centered Programming for Embedded Systems Sakura Bhandari, Shoji Yuen (Nagoya University) Presented at SOA workshop in APSEC2007 (Dec. 2007, Nagoya) 1 Basics09 workshop( ), 10/12/2009 Motivation: Behavior descriptions

881 views • 48 slides
Supply Chain Vulnerabilities under Covid-19: Follow-Up Survey Christopher Cummings Breton

Supply Chain Vulnerabilities under Covid-19: Follow-Up Survey Christopher Cummings Breton

Supply Chain Vulnerabilities under Covid-19: Follow-Up Survey Christopher Cummings Breton Johnson Sunil Chopra Hani Mahmassani 1 What type of business best classifies your company? Respondent Business Types 0 2 4 6 8 10 Carrier

356 views • 11 slides

More recommend