Skip to main content

Shipping and analysing MongoDB logs using the Streamsets Data Collector, ElasticSearch and Kibana

In order to show that the considerations done in my last post are general for any log shipping purpose, let's see now how the same process applies to a more real use case scenario: the log shipping and analysis of a MongoDB database logs.

MongoDB logs pattern

Starting from the release 3.0 (I am considering the release 3.2 for this post) the MongoDB logs come with the following pattern:

<timestamp> <severity> <component> [<context>] <message>

where:
  •     timestamp is in iso8601-local format.
  •     severity is the level associated to each log message. It is a single character field. Possible values are F (Fatal), E (Error), W (Warning), I (Informational) and D (Debug).
  •     component is for a functional categorization of the log message. Please refer to the specific release of MongoDB you're using to know the full list of possible values.
  •     context is the specific context for a message.
  •     message: don't think you need some explanation here ;)
So for this kind of logs we can use the following Grok pattern:

%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity} %{WORD:component}  %{DATA:context} %{GREEDYDATA:message}

Please notice that there are 2 spaces between the component and the context.

Create an index on Elasticsearch

Now that we know the pattern of the MongoDB logs we can create an index for them in Elasticsearch:

curl -XPUT 'http://<es_host>:<es_port>/mdblogs' -d '{
    "mappings": {
        "nodelogs" : {
            "properties" : {
                "timestamp": {"type": "date"},
                "severity": {"type": "string"},
                "component": {"type": "string"},
                "context": {"type": "string"},
                "message": {"type": "string"}
            }
        }
    }
}'

Pipeline configuration

As soon as you have all of the required systems (an Elasticsearch cluster, Kibana, Streamsets Data Collector) up and running you can create a new pipeline in SDC cloning the one built in the other post and making just few configuration settings. You need to switch the File Tail origin path to the MongoDB logs directory, then choose the Grok Pattern as Log Format and use the Grok pattern defined above. Finally you have to choose the yyyy'-'MM'-'dd'T'HH':'mm':'ss format for the timestamp conversion in the Timestamp Field Converter stage.

Create a Kibana Dashboard

Create the index in Kibana as explained in the previous post and then you can start to search for the data and implement a custom dashboard like the one shown in the image below:
Labels:

Comments

Post a Comment

Popular posts from this blog

Streamsets Data Collector log shipping and analysis using ElasticSearch, Kibana and... the Streamsets Data Collector

One common use case scenario for the Streamsets Data Collector (SDC) is the log shipping to some system, like ElasticSearch, for real-time analysis. To build a pipeline for this particular purpose in SDC is really simple and fast and doesn't require coding at all. For this quick tutorial I will use the SDC logs as example. The log data will be shipped to Elasticsearch and then visualized through a Kibana dashboard. Basic knowledge of SDC, Elasticsearch and Kibana is required for a better understanding of this post. These are the releases I am referring to for each system involved in this tutorial: JDK 8 Streamsets Data Collector 1.4.0 ElasticSearch 2.3.3 Kibana 4.5.1 Elasticsearch and Kibana installation You should have your Elasticsearch cluster installed and configured and a Kibana instance pointing to that cluster in order to go on with this tutorial. Please refer to the official documentation for these two products in order to complete their installation (if you do
Post a Comment
Read more

Exporting InfluxDB data to a CVS file

Sometimes you would need to export a sample of the data from an InfluxDB table to a CSV file (for example to allow a data scientist to do some offline analysis using a tool like Jupyter, Zeppelin or Spark Notebook). It is possible to perform this operation through the influx command line client. This is the general syntax: sudo /usr/bin/influx -database '<database_name>' -host '<hostname>' -username '<username>'  -password '<password>' -execute 'select_statement' -format '<format>' > <file_path>/<file_name>.csv where the format could be csv , json or column . Example: sudo /usr/bin/influx -database 'telegraf' -host 'localhost' -username 'admin'  -password '123456789' -execute 'select * from mem' -format 'csv' > /home/googlielmo/influxdb-export/mem-export.csv
6 comments
Read more

Using Rapids cuDF in a Colab notebook

During last Spark+AI Summit Europe 2019 I had a chance to attend a talk from Miguel Martinez  who was presenting Rapids , the new Open Source framework from NVIDIA for GPU accelerated end-to-end Data Science and Analytics. Fig. 1 - Overview of the Rapids eco-system Rapids is a suite of Open Source libraries: cuDF cuML cuGraph cuXFilter I enjoied the presentation and liked the idea of this initiative, so I wanted to start playing with the Rapids libraries in Python on Colab , starting from cuDF, but the first attempt came with an issue that I eventually solved. So in this post I am going to share how I fixed it, with the hope it would be useful to someone else running into the same blocker. I am assuming here you are already familiar with Google Colab. I am using Python 3.x as Python 2 isn't supported by Rapids. Once you have created a new notebook in Colab, you need to check if the runtime for it is set to use Python 3 and uses a GPU as hardware accelerator. You
5 comments
Read more