Skip to main content

Shipping and analysing MongoDB logs using the Streamsets Data Collector, ElasticSearch and Kibana

In order to show that the considerations done in my last post are general for any log shipping purpose, let's see now how the same process applies to a more real use case scenario: the log shipping and analysis of a MongoDB database logs.

MongoDB logs pattern

Starting from the release 3.0 (I am considering the release 3.2 for this post) the MongoDB logs come with the following pattern:

<timestamp> <severity> <component> [<context>] <message>

where:
  •     timestamp is in iso8601-local format.
  •     severity is the level associated to each log message. It is a single character field. Possible values are F (Fatal), E (Error), W (Warning), I (Informational) and D (Debug).
  •     component is for a functional categorization of the log message. Please refer to the specific release of MongoDB you're using to know the full list of possible values.
  •     context is the specific context for a message.
  •     message: don't think you need some explanation here ;)
So for this kind of logs we can use the following Grok pattern:

%{TIMESTAMP_ISO8601:timestamp} %{WORD:severity} %{WORD:component}  %{DATA:context} %{GREEDYDATA:message}

Please notice that there are 2 spaces between the component and the context.

Create an index on Elasticsearch

Now that we know the pattern of the MongoDB logs we can create an index for them in Elasticsearch:

curl -XPUT 'http://<es_host>:<es_port>/mdblogs' -d '{
    "mappings": {
        "nodelogs" : {
            "properties" : {
                "timestamp": {"type": "date"},
                "severity": {"type": "string"},
                "component": {"type": "string"},
                "context": {"type": "string"},
                "message": {"type": "string"}
            }
        }
    }
}'

Pipeline configuration

As soon as you have all of the required systems (an Elasticsearch cluster, Kibana, Streamsets Data Collector) up and running you can create a new pipeline in SDC cloning the one built in the other post and making just few configuration settings. You need to switch the File Tail origin path to the MongoDB logs directory, then choose the Grok Pattern as Log Format and use the Grok pattern defined above. Finally you have to choose the yyyy'-'MM'-'dd'T'HH':'mm':'ss format for the timestamp conversion in the Timestamp Field Converter stage.

Create a Kibana Dashboard

Create the index in Kibana as explained in the previous post and then you can start to search for the data and implement a custom dashboard like the one shown in the image below:
Labels:

Comments

Post a Comment

Popular posts from this blog

Turning Python Scripts into Working Web Apps Quickly with Streamlit

 I just realized that I am using Streamlit since almost one year now, posted about in Twitter or LinkedIn several times, but never wrote a blog post about it before. Communication in Data Science and Machine Learning is the key. Being able to showcase work in progress and share results with the business makes the difference. Verbal and non-verbal communication skills are important. Having some tool that could support you in this kind of conversation with a mixed audience that couldn't have a technical background or would like to hear in terms of results and business value would be of great help. I found that Streamlit fits well this scenario. Streamlit is an Open Source (Apache License 2.0) Python framework that turns data or ML scripts into shareable web apps in minutes (no kidding). Python only: no front‑end experience required. To start with Streamlit, just install it through pip (it is available in Anaconda too): pip install streamlit and you are ready to execute the working de...
14 comments
Read more

Load testing MongoDB using JMeter

Apache JMeter ( http://jmeter.apache.org/ ) added support for MongoDB since its 2.10 release. In this post I am referring to the latest JMeter release (2.13). A preliminary JMeter setup is needed before starting your first test plan for MongoDB. It uses Groovy as scripting reference language, so Groovy needs to be set up for our favorite load testing tool. Follow these steps to complete the set up: Download Groovy from the official website ( http://www.groovy-lang.org/download.html ). In this post I am referring to the Groovy release 2.4.4, but using later versions is fine. Copy the groovy-all-2.4.4.jar to the $JMETER_HOME/lib folder. Restart JMeter if it was running while adding the Groovy JAR file. Now you can start creating a test plan for MongoDB load testing. From the UI select the MongoDB template ( File -> Templates... ). The new test plan has a MongoDB Source Config element. Here you have to setup the connection details for the database to be tested: The Threa...
40 comments
Read more

Evaluating Pinpoint APM (Part 1)

I started a journey evaluating Open Source alternatives to commercial New Relic and AppDynamics tools to check if some is really ready to be used in a production environment. One cross-platform Application Performance Management (APM) tool that particularly caught my attention is Pinpoint . The current release supports mostly Java applications and JEE application servers and provides support also for the most popular OS and commercial relational databases. APIs are available to implement new plugins to support specific systems. Pinpoint has been modeled after Google Dapper and promises to install agents without changing a single line of code and mininal impact (about 3% increase in resource usage) on applications performance. Pinpoint is licensed under the Apache License, Version 2.0 . Architecture Pinpoint has three main components:  - The collector: it receives monitoring data from the profiled applications. It stores those information in HBase .  - The web UI: the f...
4 comments
Read more