Working with Logstash and Kibana
Logstash is a utility for aggregating and normalizing log files from disparate sources and storing them in an Elasticsearch cluster. Once logs are stored in Elasticsearch, we will use Kibana, the same tool Marvel's user interface is built on, to view and explore our aggregated logs.
The Elasticsearch community refers to the Elasticsearch, Logstash, and Kibana tool combination as the ELK stack. This section shows how to load NGINX server logs into ELK, but there are many other potential use cases for these technologies.
ELK can help us explore NGINX server logs by:
- Visualizing server traffic over time
- Plotting server visits by location on a map
- Searching logs by resource extension (HTML, JS, CSS, and so on), IP address, ...