When using logstash to retrieve airflow logs from a folder you have access to, would I still need to make any changes in the airflow.cfg file?
For instance, I have airflow and ELK deployed on same ec2 instance. The logstash .conf file has access to the airflow logs path since they are on the same instance. Do I need to turn on remote logging in airflow config?
In fact you have two options to push airflow logs to Elastic Search:
Using a log collector (logstash, fluentd, ...) to collect Airflow log then send it to Elastic Search server, in this case you don't need to change any Airflow config, you can just read the logs from the files or stdout and send it to ES.
Using Airflow remote logging feature, in this case Airflow will log directly to your remote logging server (ES in your case), and will store a local version of this log to show it when the remote server is unavailable.
So the answer to your question is no, if you have a logstash, you don't need Airflow remote logging config
Related
We have elasticsearch, filebeat, kibana at our stateful deployment inside kubernetes cluster. We have nfs server outside of kuberentes cluster as VM from where we've using static provisioning of NFS mounted inside Elasticsearch pods to preserve log.
Is there's any ways by which we can export logs from elasticsearch/ kibana in raw format?
I have logstash installed in a server which will process logs and publish to elastic search. But, is it possible for logstash to pull logs from remote servers (linux) without installing filebeats in those servers.
Or if filebeats can be installed in the same server as logstash and can it fetch the logs? Please help me if there is any other option as well.
Thanks in advance
Neither Logstash nor Filebeat can pull/fetch log files from remote servers, you need to have some tool installed in the remote servers that will ship the logs elsewhere.
Logstash can consume logs from message queue systems like kafka, redis or rabbitmq, for example, but you need that your remote servers send the logs to those systems anyway, so you would need a log shipper on your remote servers.
Is it possible to setup influxdb to fetch data from other influxdb?
or have some local log proxy for influx data.
e.g. I have 10 backend server. I wish every backend servers middleware code to log events locally in influxdb or some local log proxy.
I wish to setup another server with influxdb that will fetch logs from every backend server and accumulate it.
I can't find if such configuration is possible. May be I miss some "search term" to google for it.
Take a look at Telegraf from InfluxData - it is an agent for Collecting & Reporting Metrics & Data.
You can install a Telegraf instance on each of your 10 middleware servers and report data to local Telegraf instead of InfluxDB.
In Telegraf you can either configure output to your InfluxDB or even point it to some persistent stream like Kafka and configure another Telegraf which will read data from Kafka and persist it to InfluxDB
I want to feed a log file to logstash. But the file is on a remote host. Is there a way to make logstash consume this file? Then, I will forward the events to an elasticsearch instance running on the same machine as logstash.
Conversely, is it possible to run logstash on one machine but send output to elasticsearch running on another machine?
Can packetbeat is used to monitor the tomcat server logs and windows logs?? or it will only monitor the database i.e., network monitoring?
Packetbeat only does network monitoring. But you can use it together with Logstash or Logstash-Forwarder to get visibility also into your logs.
It will do only network monitoring. you can use ELK for tomcat server logs.
#tsg is correct but now with the Beats 1.x release they are deprecating Logstash Forwarder in lieu of another Beat called Filebeat. Also they added Topbeat, which allows you to monitor server load and processes in your cluster.
See:
* https://www.elastic.co/blog/beats-1-0-0
You will likely want to install the package repo for your OS, then install each with:
{package manager cmd} install packetbeat
{package manager cmd} install topbeat
{package manager cmd} install filebeat
They each are installed in common directories. For example with Ubuntu (Linux) the config files are in /etc/<beat name>/<beat name>.yml where beat name is one of the 3 above. Each file are similar and you can disable the direct ES export and instead export to Logstash (comment ES and uncomment Logstash) and then add a beats import in your Logstash config. From thereon, Logstash listens for any beats over that port and can redistribute (or queue) using the [#metadata][beat] param to tell where it came from.
Libbeat also provides a framework to build your own so you can send any data you want to Logstash and it can queue and/or index. ;-)
Packetbeat is used mainly for network analysis . It currently supports following protocols :
ICMP (v4 and v6)
DNS
HTTP
Mysql
PostgreSQL
Redis
Thrift-RPC
MongoDB
Memcache
However , for visualizing tomcat logs you can configure them to use log4j and then configure logstash to take input from log4j and then using elasticsearch and kibana to visualise the logs.
To monitor windows logs you can use another beats platform Winlogbeat.