We all have faced the problem when the system gets too slow. Have you wondered why this problem occurs? Well, there could be several reasons but one of them is application performance. In today’s time, the term application has become very large and complex. Users using these applications often choose different mediums, as they have separate goals and requirements as per their needs.
This diversity in consumption medium brings complexity in a configuration which is only increasing in today’s time. Application performance means how available your application is for this real-world which brings us to APM. In this blog, first of all, we will discuss, what is APM, why it is needed, and what are the APM tools, which can help us obtain the information and health of the system.
Right off the bat, I want to say that, this blog does not cover installing and configuring ElastAlert in the usual sense, i.e. working with pre-existing rules. It helps, I hope, in understanding the requirements for adding one’s own rule. Continue reading “Make Your Own Rules, ElastAlert Style”
Imagine you wake up one day, open your front door, and find huge wooden logs of different shapes and sizes placed in your front yard. On one of them is a note that says, “Well, here have ’em, all the logs, both structured and unstructured. Please deliver all the furniture by the end of the week or else … Now, if you’re inexperienced in “woodwork”, you need to start thinking. This is, more or less, how I felt when I was first assigned a task like this.
At the time, I faced a fair amount of difficulties bringing the logs from servers to visualize in kibana. The area which was most troubling and rewarding was figuring out logstash. This blog is a helpful summary of what I learned about logstash and how it helped. So, Ladies, Gentlemen, and others, sit tight and read on.
A few days back I encountered with a simple but painful issue. I am using ELK to parse my application logs and generate some meaningful views. Here I met with an issue which is, logstash inserts my logs into elasticsearch as per the current timestamp, instead of the actual time of log generation.
This creates a mess to generate graphs with correct time value on Kibana.
So I had a dig around this and found a way to overcome this concern. I made some changes in my logstash configuration to replace default time-stamp of logstash with the actual timestamp of my logs.
Add following piece of code in your filter plugin section of logstash’s configuration file, and it will make logstash to insert logs into elasticsearch with the actual timestamp of your logs, besides the timestamp of logstash (current timestamp).
locale => "en"
timezone => "GMT"
match => [ "timestamp", "yyyy-mm-dd HH:mm:ss +0000" ]
In my case, the timezone was GMT for my logs. You need to change these entries “yyyy-mm-dd HH:mm:ss +0000” with the corresponding to the regex for actual timestamp of your logs.
Date plugin will override the logstash’s timestamp with the timestamp of your logs. Now you can easily adjust timezone in kibana and it will show your logs on correct time.
(Note: Kibana adjust UTC time with you bowser’s timezone)