SlideShare a Scribd company logo

Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With Elastic Stack | On Premises vs SaaS Elastic Stack Comparisons.

Tyler Nguyen, profile picture
Tyler Nguyen

The document presents a comprehensive overview of establishing a powerful log analysis system using the Elastic Stack, comparing on-premises and SaaS options, and addressing logistical challenges in handling high data volumes. It introduces key components like Elasticsearch, Logstash, Kibana, and Beats, emphasizing their roles in data ingestion and visualization. The document also highlights the pros and cons of different service models and concludes by stressing the need to choose suitable architecture and budget for optimized performance.

Technology
1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
DEEP DIVE INTO ELASTICSEARCH Establish A Powerful Log Analysis System With Elastic Stack. On Premises vs SaaS Elastic Stack Comparisons. Tyler DevOps Engineer NFQ Asia Company
Agenda • Intro. • Overview: Elastic Stack. • Establish a powerful log analysis system with Elastic Stack. • Elastic stack options from cloud providers. • Which one would be fit for us? • Cost Reflections. • In conclusion.
About Me • In tech for 7+ years. • Technical Project Coordinator @ AVASO Technology Solutions. • Infrastructure Technical Lead @ Betfair Group PLC. • DevOps Engineer @ NFQ Asia. • Member of Vietnam Elasticsearch Community. • Bash/PowerShell languages. • A dog parent :D
About NFQ Asia • Member of NFQ Company. • 15+ years’ experience in e-business strategy and software development • 300+ professionals. • 4 countries: offices in Lithuania, Germany, Vietnam, Singapore. • Founded in Vietnam since 2015. • Having organized 5 community events/hackathons in Vietnam.
DATA Cost Operations Features Platforms Plugins Capability Mapping Processors Aggregations APIs Monitoring Security Encryption Supports Backup Database Searching Analytics ComplexityArchitecture APIsFlexibility Availability Compatibility Centralization
Elasticsearch is everywhere
What is Elastic Stack? • Formerly known as ELK Stack. • ELK - The acronym for three open source projects: elasticsearch, logstash, and kibana. • Distributed, scalable, and highly available (both on premises or SaaS). • The Elastic Stack is the next evolution of ELK. • Supports the lightweight Beats data shippers from ES v2.1.1.
Elasticsearch • “You know, for Search” • Free, Open Source. • Search engine based on Lucene. • Near real-time searching, analytics and visualization capabilities. • Sophisticated Restful API.
Logstash • Open source data collection engine that unifies data from disparate sources, normalizes it and distributes it. • The ingestion workhorse for elasticsearch and more. • Real-time capabilities and pluggable pipeline architecture. • Community-extensible and developer-friendly plugin ecosystem.
Kibana • Open source analytics and visualization platform designed to work with elasticsearch. • Specialized for large volumes of streaming and real-time data. • No code, no additional infrastructure required. • Easily and quickly understandable through graphic representation.
Beats Platform • “Data shippers” that are installed on servers as agents. • Either elasticsearch directly or through logstash. • Library written based on Golang. • Supports create your own beat for specific use cases.
ESTABLISH A POWERFUL LOG ANALYSIS SYSTEM WITH ELASTIC STACK
Rationale • What is log? • How do we solve the production issue as usual? • How much time do you spend investigating the production issue? • Where are the archived log? • Visualization and dashboards?
The Challenge How do you satisfy the search needs of the application system’s over 2,000 docs per second while simultaneously providing tactical operational insights that help both Development Team and Operation Team iteratively improve the customer experience?
The Simple Log Analysis Diagram
Demonstration
Scalability Rationale • High availability. • Petabyte-scale data is written and/or read frequently. • High scalability. • Sufficient data allocation. • Costs.
The Elasticsearch Hot-Warm Architecture
The Elasticsearch Hot-Warm Architecture (cont.)
ON PREMISES VS SaaS ELASTIC STACK COMPARISONS
WHAT IS AWS ELASTICSEARCH SERVICE? • Managed service in AWS Cloud. • Introduced in Oct 2015. • Fully managed; Zero admin. • Highly available and reliable. • Built-in Kibana support. • Integrated with other services in AWS ecosystem.
The AWS Integration
What is Elastic Cloud? • Launched in Oct 2015. • Provided by Elastic. • High provisioning and scaling. • Hosted in the Cloud Providers. • Service-oriented architecture. • Containerization using Docker. • Fully supports custom plugins and API.
Elastic Cloud Architecture
HOW DO I KNOW WHICH ONE IS FIT WITH ME?
Specifications comparison sheet Self-managed Elastic Stack AWS Elasticsearch Service Elastic Cloud Enterprise Pros More options and features. Complete control settings and capacity. Access to other APIs Comprehensive ES monitoring solutions. Lowest costs. SaaS. Simplify the operations via APIs. Security by IAM. Automated snapshots*. Encryption at rest. Monitoring included*. Technical supported. SaaS. Fully control through APIs. Technical Supported. Uptime SLA. Feature-rich and complete monitoring product. Available on Marketplace. Cons Self maintenance. Infrastructure matters. No technical supported. X-Pack limit features. Limited control. Less capacity and scalability. Backup once time per day. No plugins, no logs. Medium expensive. Only support I2 series EC2 instances. Most expensive. Imperfect for AWS-hosted solutions.
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With Elastic Stack | On Premises vs SaaS Elastic Stack Comparisons.
Costs Comparison Chart 8,400.38 10,678.56 11,512.51 75,303.17 81,375.17 11,316.98 14,500.26 25,201.1525,201.15 32,035.68 34,537.54 203,318.55 219,712.95 28,319.95 38,295.63 50,402.30 0 50,000 100,000 150,000 200,000 250,000 Elastic Stack (AWS) Elastic Stack (GCP) AWS Elasticsearch Services Elastic Cloud (GCP) Elastic Cloud (AWS) Cost($) Service Models One Year One Year (All Upfront) Three Years Three Years (All Upfront) *Costs calculated based on 3TB-data cluster in multi-AZ in Frankfurt region
In Conclusion • Elasticsearch leverage the power of analysis ability for both Dev/Ops teams. • Easily operate/maintain the huge cluster of servers and microservices. • Choose the proper architecture depend on application/system. • Estimate the budget to meet the requirements. • Optimize the aggregation to adopt the resources. • High availability oriented system.
We are hiring… • Java Senior/Lead Developer • PHP Senior Developer • PHP Technical Lead • Front-end Senior Developer • Front-end Technical Lead • Technical Project Manager Simply send us an email with your enclosed updated CV to: career@nfq.asia
Contact Me LinkedIn: linkedin.com/in/tylernguyen91 Email: tai.nguyen@nfq.asia Telegram: @tylern91

More Related Content

PPTX
Monitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
CodeOps Technologies LLP
 
PPTX
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Lucas Jellema
 
PDF
WSO2Con USA 2017: Building an Effective API Architecture
WSO2
 
PPTX
50 Shades of Data - how, when and why Big,Relational,NoSQL,Elastic,Event,CQRS...
Lucas Jellema
 
PPTX
Cloudtrek Basics Overview
Dmitriy Zgoda
 
PDF
IoT and Serverless - AWS - Serverless Summit - Madhusudan Shekar
CodeOps Technologies LLP
 
PDF
The Workshop: Alcanzando una observabilidad unificada con Elastic APM
Elasticsearch
 
PDF
Effective AIOps with Open Source Software in a Week
Databricks
 
Monitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
CodeOps Technologies LLP
 
Live Application and Infrastructure Monitoring and Root Cause Log Analysis wi...
Lucas Jellema
 
WSO2Con USA 2017: Building an Effective API Architecture
WSO2
 
50 Shades of Data - how, when and why Big,Relational,NoSQL,Elastic,Event,CQRS...
Lucas Jellema
 
Cloudtrek Basics Overview
Dmitriy Zgoda
 
IoT and Serverless - AWS - Serverless Summit - Madhusudan Shekar
CodeOps Technologies LLP
 
The Workshop: Alcanzando una observabilidad unificada con Elastic APM
Elasticsearch
 
Effective AIOps with Open Source Software in a Week
Databricks
 

What's hot (20)

PDF
Project Sherpa: How RightScale Went All in on Docker
RightScale
 
PPTX
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
Michael Kehoe
 
PPTX
Opening the Outage Door: Integrating OMS into CIS
SSP Innovations
 
PPTX
[Webinar] AWS Monitoring with Site24x7
Site24x7
 
PDF
Azure Application insights - An Introduction
Matthias GĂĽntert
 
PPTX
SharePoint best practices
Dinusha Kumarasiri
 
PPTX
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Michael Kehoe
 
PPTX
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...
Michael Kehoe
 
PDF
RightScale Webinar: Provide a Self-Service Portal for vSphere, AWS and Other ...
RightScale
 
PDF
SignalR 101
John Patrick Oliveros
 
PPTX
GAB 2017 - Logic Apps and Azure Functions
Wagner Silveira
 
PPTX
Monitoring Containerized Application in Alibaba Cloud
gavaskar s
 
PPTX
Couchbase Connect 2016
Michael Kehoe
 
PDF
Orchestrating Cloud Workloads with RightScale Self-Service
RightScale
 
PDF
Mastering Azure Monitor
Richard Conway
 
PDF
David Max SATURN 2018 - Migrating from Oracle to Espresso
David Max
 
PDF
Stateful Interaction In Serverless Architecture With Redis: Pyounguk Cho
Redis Labs
 
PDF
Master thesis
Fabio Arcidiacono
 
PPTX
Using SaltStack to Auto Triage and Remediate Production Systems
Michael Kehoe
 
PDF
Serverless for visual journalism at the bbc
AWSCOMSUM
 
Project Sherpa: How RightScale Went All in on Docker
RightScale
 
Reducing MTTR and False Escalations: Event Correlation at LinkedIn
Michael Kehoe
 
Opening the Outage Door: Integrating OMS into CIS
SSP Innovations
 
[Webinar] AWS Monitoring with Site24x7
Site24x7
 
Azure Application insights - An Introduction
Matthias GĂĽntert
 
SharePoint best practices
Dinusha Kumarasiri
 
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Michael Kehoe
 
APRICOT 2017: Trafficshifting: Avoiding Disasters & Improving Performance at ...
Michael Kehoe
 
RightScale Webinar: Provide a Self-Service Portal for vSphere, AWS and Other ...
RightScale
 
SignalR 101
John Patrick Oliveros
 
GAB 2017 - Logic Apps and Azure Functions
Wagner Silveira
 
Monitoring Containerized Application in Alibaba Cloud
gavaskar s
 
Couchbase Connect 2016
Michael Kehoe
 
Orchestrating Cloud Workloads with RightScale Self-Service
RightScale
 
Mastering Azure Monitor
Richard Conway
 
David Max SATURN 2018 - Migrating from Oracle to Espresso
David Max
 
Stateful Interaction In Serverless Architecture With Redis: Pyounguk Cho
Redis Labs
 
Master thesis
Fabio Arcidiacono
 
Using SaltStack to Auto Triage and Remediate Production Systems
Michael Kehoe
 
Serverless for visual journalism at the bbc
AWSCOMSUM
 
Ad

Similar to Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With Elastic Stack | On Premises vs SaaS Elastic Stack Comparisons. (20)

PDF
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
AWS Chicago
 
PDF
Regina Pison - Elastic - OSL19
marketingsyone
 
PPTX
Elastic Stack Introduction
Vikram Shinde
 
PPTX
Open source log analytics
Vinod Nayal
 
PPTX
Elastic Search Capability Presentation.pptx
Knoldus Inc.
 
PPTX
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
LogeekNightUkraine
 
PPTX
ELK Solutions Enablement Session - 17th March'2020
Ashnikbiz
 
PPTX
Intro elasticsearch taswarbhatti
Taswar Bhatti
 
PPTX
Elasticsearch features and ecosystem
Pavel Alexeev
 
PPTX
Log analysis using Logstash,ElasticSearch and Kibana
Avinash Ramineni
 
PPTX
Log analysis using Logstash,ElasticSearch and Kibana - Desert Code Camp 2014
clairvoyantllc
 
PDF
Roaring with elastic search sangam2018
Vinay Kumar
 
PPTX
Devteach 2017 Store 2 million of audit a day into elasticsearch
Taswar Bhatti
 
PDF
Log Analytics with AWS
AWS Germany
 
PDF
Elastic{ON} Seminar New York (2017)
Franklin Angulo
 
PDF
Growing with elastic search
Devi A S L
 
PDF
Eko10 - Security Monitoring for Big Infrastructures without a Million Dollar ...
Hernan Costante
 
PPTX
Elastic stack Presentation
Amr Alaa Yassen
 
PDF
Analyzing your web and application logs with the Amazon Elasticsearch Service...
javier ramirez
 
PDF
Log analysis with the elk stack
Vikrant Chauhan
 
Elastic.co's ELK Stack - Platform Agnostic Immutable Infrastructure & Analys...
AWS Chicago
 
Regina Pison - Elastic - OSL19
marketingsyone
 
Elastic Stack Introduction
Vikram Shinde
 
Open source log analytics
Vinod Nayal
 
Elastic Search Capability Presentation.pptx
Knoldus Inc.
 
Serhii Matynenko "How to Deal with Logs, Migrating from Monolith Architecture...
LogeekNightUkraine
 
ELK Solutions Enablement Session - 17th March'2020
Ashnikbiz
 
Intro elasticsearch taswarbhatti
Taswar Bhatti
 
Elasticsearch features and ecosystem
Pavel Alexeev
 
Log analysis using Logstash,ElasticSearch and Kibana
Avinash Ramineni
 
Log analysis using Logstash,ElasticSearch and Kibana - Desert Code Camp 2014
clairvoyantllc
 
Roaring with elastic search sangam2018
Vinay Kumar
 
Devteach 2017 Store 2 million of audit a day into elasticsearch
Taswar Bhatti
 
Log Analytics with AWS
AWS Germany
 
Elastic{ON} Seminar New York (2017)
Franklin Angulo
 
Growing with elastic search
Devi A S L
 
Eko10 - Security Monitoring for Big Infrastructures without a Million Dollar ...
Hernan Costante
 
Elastic stack Presentation
Amr Alaa Yassen
 
Analyzing your web and application logs with the Amazon Elasticsearch Service...
javier ramirez
 
Log analysis with the elk stack
Vikrant Chauhan
 
Ad

Recently uploaded (20)

PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Encapsulation theory and applications.pdf
gurumoop
 
Approach and Philosophy of On baking technology
30anthuong17
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 

Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With Elastic Stack | On Premises vs SaaS Elastic Stack Comparisons.

  • 1. DEEP DIVE INTO ELASTICSEARCH Establish A Powerful Log Analysis System With Elastic Stack. On Premises vs SaaS Elastic Stack Comparisons. Tyler DevOps Engineer NFQ Asia Company
  • 2. Agenda • Intro. • Overview: Elastic Stack. • Establish a powerful log analysis system with Elastic Stack. • Elastic stack options from cloud providers. • Which one would be fit for us? • Cost Reflections. • In conclusion.
  • 3. About Me • In tech for 7+ years. • Technical Project Coordinator @ AVASO Technology Solutions. • Infrastructure Technical Lead @ Betfair Group PLC. • DevOps Engineer @ NFQ Asia. • Member of Vietnam Elasticsearch Community. • Bash/PowerShell languages. • A dog parent :D
  • 4. About NFQ Asia • Member of NFQ Company. • 15+ years’ experience in e-business strategy and software development • 300+ professionals. • 4 countries: offices in Lithuania, Germany, Vietnam, Singapore. • Founded in Vietnam since 2015. • Having organized 5 community events/hackathons in Vietnam.
  • 7. What is Elastic Stack? • Formerly known as ELK Stack. • ELK - The acronym for three open source projects: elasticsearch, logstash, and kibana. • Distributed, scalable, and highly available (both on premises or SaaS). • The Elastic Stack is the next evolution of ELK. • Supports the lightweight Beats data shippers from ES v2.1.1.
  • 8. Elasticsearch • “You know, for Search” • Free, Open Source. • Search engine based on Lucene. • Near real-time searching, analytics and visualization capabilities. • Sophisticated Restful API.
  • 9. Logstash • Open source data collection engine that unifies data from disparate sources, normalizes it and distributes it. • The ingestion workhorse for elasticsearch and more. • Real-time capabilities and pluggable pipeline architecture. • Community-extensible and developer-friendly plugin ecosystem.
  • 10. Kibana • Open source analytics and visualization platform designed to work with elasticsearch. • Specialized for large volumes of streaming and real-time data. • No code, no additional infrastructure required. • Easily and quickly understandable through graphic representation.
  • 11. Beats Platform • “Data shippers” that are installed on servers as agents. • Either elasticsearch directly or through logstash. • Library written based on Golang. • Supports create your own beat for specific use cases.
  • 12. ESTABLISH A POWERFUL LOG ANALYSIS SYSTEM WITH ELASTIC STACK
  • 13. Rationale • What is log? • How do we solve the production issue as usual? • How much time do you spend investigating the production issue? • Where are the archived log? • Visualization and dashboards?
  • 14. The Challenge How do you satisfy the search needs of the application system’s over 2,000 docs per second while simultaneously providing tactical operational insights that help both Development Team and Operation Team iteratively improve the customer experience?
  • 15. The Simple Log Analysis Diagram
  • 17. Scalability Rationale • High availability. • Petabyte-scale data is written and/or read frequently. • High scalability. • Sufficient data allocation. • Costs.
  • 19. The Elasticsearch Hot-Warm Architecture (cont.)
  • 20. ON PREMISES VS SaaS ELASTIC STACK COMPARISONS
  • 21. WHAT IS AWS ELASTICSEARCH SERVICE? • Managed service in AWS Cloud. • Introduced in Oct 2015. • Fully managed; Zero admin. • Highly available and reliable. • Built-in Kibana support. • Integrated with other services in AWS ecosystem.
  • 23. What is Elastic Cloud? • Launched in Oct 2015. • Provided by Elastic. • High provisioning and scaling. • Hosted in the Cloud Providers. • Service-oriented architecture. • Containerization using Docker. • Fully supports custom plugins and API.
  • 25. HOW DO I KNOW WHICH ONE IS FIT WITH ME?
  • 26. Specifications comparison sheet Self-managed Elastic Stack AWS Elasticsearch Service Elastic Cloud Enterprise Pros More options and features. Complete control settings and capacity. Access to other APIs Comprehensive ES monitoring solutions. Lowest costs. SaaS. Simplify the operations via APIs. Security by IAM. Automated snapshots*. Encryption at rest. Monitoring included*. Technical supported. SaaS. Fully control through APIs. Technical Supported. Uptime SLA. Feature-rich and complete monitoring product. Available on Marketplace. Cons Self maintenance. Infrastructure matters. No technical supported. X-Pack limit features. Limited control. Less capacity and scalability. Backup once time per day. No plugins, no logs. Medium expensive. Only support I2 series EC2 instances. Most expensive. Imperfect for AWS-hosted solutions.
  • 28. Costs Comparison Chart 8,400.38 10,678.56 11,512.51 75,303.17 81,375.17 11,316.98 14,500.26 25,201.1525,201.15 32,035.68 34,537.54 203,318.55 219,712.95 28,319.95 38,295.63 50,402.30 0 50,000 100,000 150,000 200,000 250,000 Elastic Stack (AWS) Elastic Stack (GCP) AWS Elasticsearch Services Elastic Cloud (GCP) Elastic Cloud (AWS) Cost($) Service Models One Year One Year (All Upfront) Three Years Three Years (All Upfront) *Costs calculated based on 3TB-data cluster in multi-AZ in Frankfurt region
  • 29. In Conclusion • Elasticsearch leverage the power of analysis ability for both Dev/Ops teams. • Easily operate/maintain the huge cluster of servers and microservices. • Choose the proper architecture depend on application/system. • Estimate the budget to meet the requirements. • Optimize the aggregation to adopt the resources. • High availability oriented system.
  • 30. We are hiring… • Java Senior/Lead Developer • PHP Senior Developer • PHP Technical Lead • Front-end Senior Developer • Front-end Technical Lead • Technical Project Manager Simply send us an email with your enclosed updated CV to: career@nfq.asia
  • 31. Contact Me LinkedIn: linkedin.com/in/tylernguyen91 Email: tai.nguyen@nfq.asia Telegram: @tylern91