stackoom
  简体   繁体   中英

ELK stack (Elasticsearch, Logstash, Kibana) - is logstash a necessary component?

 原文  2019-04-17 22:31:42       amazon-web-services/ elasticsearch/ amazon-s3/ logstash/ kibana

Question

We're currently processing daily mobile app log data with AWS lambda and posting it into redshift. The lambda structures the data but it is essentially raw. The next step is to do some actual processing of the log data into sessions etc, for reporting purposes. The final step is to have something do feature engineering, and then use the data for model training.

The steps are

  1. Structure the raw data for storage
  2. Sessionize the data for reporting
  3. Feature engineering for modeling

For step 2, I am looking at using Quicksight and/or Kibana to create reporting dashboard. But the typical stack as I understand it is to do the log processing with logstash, then have it go to elasticsreach and finally to Kibana/Quicksight. Since we're already handling the initial log processing through lambda, is it possible to skip this step and pass it directly into elasticsearch? If so where does this happen - in the lambda function or from redshift after it has been stored in a table? Or can elasticsearch just read it from the same s3 where I'm posting the data for ingestion into a redshift table?

1 answers

solution1
 2 ACCPTED  2019-04-18 10:17:18

Elasticsearch uses JSON to perform all operations. For example, to add a document to an index, you use a PUT operation (copied from docs ): 

PUT twitter/_doc/1
{
    "user" : "kimchy",
    "post_date" : "2009-11-15T14:12:12",
    "message" : "trying out Elasticsearch"
}

Logstash exists to collect log messages, transform them into JSON, and make these PUT requests. However, anything that produces correctly-formatted JSON and can perform an HTTP PUT will work. If you already invoke Lambdas to transform your S3 content, then you should be able to adapt them to write JSON to Elasticsearch. I'd use separate Lambdas for Redshift and Elasticsearch, simply to improve manageability.

Performance tip: you're probably processing lots of records at a time, in which case the bulk API will be more efficient than individual PUTs. However, there is a limit on the size of a request, so you'll need to batch your input.

Also: you don't say whether you're using an AWS Elasticsearch cluster or self-managed. If the former you'll also have to deal with authenticated requests, or use an IP-based access policy on the cluster. You don't say what language your Lambdas are written in, but if it's Python you can use the aws-requests-auth library to make authenticated requests.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question logstash + kibana + elasticsearch web issue Logstash & Elasticsearch issues Configure output as elasticsearch in logstash logstash and elasticsearch missing data Logstash, EC2 and elasticsearch ELK Stack: view Kibana in remote machine Logstash & Elasticsearch mass log process Logstash elasticsearch https output filter Upgrading AWS elasticsearch & logstash with terraform Stream data to amazon elasticsearch using logstash?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM