Recently helped Lei elder brother transplant a set of open source log management software, replace Splunk. Splunk is a powerful log management tool that not only adds logs in a variety of ways, produces graphical reports, but, most of all, its search capabilities-known as "Google for it." Splunk has a free and premium version, the main difference is the size of the index per day (index is the basis of the search function), the free version of the maximum daily 500M. When using the free version, if within 30 days, there are 7 days of index data of more than 500M, then you can no longer search.
I know a few days logstash, and then use Elasticsearch to search, and finally use Kibana as a beautiful three-party interface, overall good. Indeed, the power of open source. The whole building process is more complex, there are more things, there are Java, there are Ruby, there are some Python columns. Introduce the next three open source project Logstash
is very useful and versatile. It ' s made of JRuby (Java+ruby). You can specify inputs and outputs as a. filters. It supports various input types. One of them is "Linux Syslog". Which means, you don't have to install logging agent on every server increasing the overall load of the server. Your default Rsyslog client would do just fine. Then comes the filtering part, after taking input, you can filter out logs within the Logstash. It ' s awesome but it didn ' t serve any purpose for me as I wanted to index every log. Next is the output part, Logstash can output logs on standard output (why would anyone want.). But as with input, it supports multiple output types too. One of them is elasticsearch.
Elasticsearch
is a Java based log indexer. Can search through Elasticsearch indices using Lucene Search syntax for more complicated query. But, simple wildcard search works too.
Kibana
It provides the web frontend for Elasticsearch, written on Java scripts and PHP, requires only one of the to is edited for th is to work out the box.
The following is Logstash run out of the effect, the specific structure or later have time to introduce. Kibana View port default is 5601
Query via Elasticsearch
Logstash View Port is 9292