Working with Logstash and Kibana
Logstash is a utility for aggregating and normalizing log files from disparate sources and storing them in an Elasticsearch cluster. Once logs are stored in Elasticsearch, we will use Kibana, the same tool Marvel's user interface is built on, to view and explore our aggregated logs.
ELK
The Elasticsearch community refers to the Elasticsearch, Logstash, and Kibana tool combination as the ELK stack. This section shows how to load NGINX server logs into ELK, but there are many other potential use cases for these technologies.
ELK can help us explore NGINX server logs by:
Visualizing server traffic over time
Plotting server visits by location on a map
Searching logs by resource extension (HTML, JS, CSS, and so on), IP address, byte count, or user-agent strings
Discovering web requests that result in internal server errors
Finding attackers in a distributed denial of service attack
Other uses for ELK include:
Logging all Elasticsearch queries in a web application for future...
