Welcome!

@DevOpsSummit Authors: Elizabeth White, Pat Romanski, Derek Weeks, Liz McMillan, Steve Wilson

Related Topics: @DevOpsSummit, Microservices Expo, @CloudExpo

@DevOpsSummit: Blog Feed Post

Custom Elasticsearch Index Templates By @Sematext | @DevOps Summit [#DevOps]

Logsene is built on top of Elasticsearch and exposes a subset of its API to the users

One of the great things about Logsene, our log management tool, is that you don't need to care about the back-end - you know, where you store your logs. You just pick a log shipper (here are Top 5 Log Shippers), point it to Logsene (here's How to Send Logs to Logsene) and you are done. Logsene takes care of everything for you - your logs stop filling up your disk, you don't have to worry about log compression and rotation, your logs get indexed so when you need to troubleshoot issues you have one place where you get see and search all your logs from all your applications, servers, and environments. This is all nice and dandy, but what if your logs are special and you want them analyzed in a specific way, and not the way Logsene's predefined index templates and analysis work?  To handle such use cases we've recently made it possible for Logsene users to define how their logs are analyzed. Let's look at an example.

Registering Log Index Template in Logsene
Logsene is built on top of Elasticsearch and exposes a subset of its API to the users. Because of that, all the great tools available for Elasticsearch work with Logsene.  For example, you can use Logstash to ship logs to Logsene and you can use Kibana to search and graph logs stored in Logsene. In fact, Kibana is the alternative UI available out of the box for Logsene users. Logsene users can now use Elasticsearch Index Templates functionality to define new templates for their indices in Logsene. Let's say that we want to have a new type of logs that contain a new type, let's call it messages, with one analyzed text field - message, and two non-analyzed text fields - tag and nick. Our index template for that might look as follows:

curl -XPUT 'logsene-receiver.sematext.com/_template/ aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_MyTemplate' -d '{
"template" : "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee*",
"order" : 21,
"settings" : {
"index.analysis.analyzer.my_own_lowercase.type" : "custom",
"index.analysis.analyzer.my_own_lowercase.tokenizer" : "keyword",
"index.analysis.analyzer.my_own_lowercase.filter.0" : "lowercase",
},
"mappings" : {
"message" : {
"properties" : {
"message" : { "type" : "string" },
"tags" : { "type" : "string", "analyzer" : "my_own_lowercase" },
"nick" : { "type" : "string", "analyzer" : "my_own_lowercase" }
}
}
}
}'

That "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" is a fake Logsene app token we are using in this example.  You should, of course, use your own Logsene app token instead.

There are a few things one should remember when registering an index template in Logsene:

  1. To register a template one should use HTTP PUT method and send it to logsene-receiver.sematext.com/_template/TOKEN_NAME. The TOKEN part is your Logsene app's token and the NAME part is the name of the template, which should be unique for your Logsene app.
  2. The template property inside the JSON request should be set to TOKEN* (yes, with the trailing asterisk), otherwise Logsene will reject the template.
  3. The order property must to be higher than 10 and should be unique for your templates.
  4. Only mappings and settings sections of the templates are allowed, with the limitation that settings section can only contain analysis definition.
  5. You can register multiple index templates by just using a different NAME.
  6. Very importantly, keep in mind that registered index templates do not come into effect immediately - they become active within the next 24 hours - specifically, at 00:00 UTC.

The above command should result in a response similar to the following one:

{"acknowledged":true}

This means that the template was successfully registered. If an error occurs the response from Logsene will be different, for example:

{"error":"Error occured during template verification","errorId": "2739358978185","status":"400"}

Reading Defined Templates
Of course, once your templates are in you can also read them. Doing that is very simple, you just need your Logsene app token and a request that looks as follows:

curl -XGET 'logsene-receiver.sematext.com/_template/ aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee*'

The response will contain all the templates defined for the application with the specified token and will look as follows:

{"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_MyTemplate":{"order":21, "template":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee*","settings":
{"index.analysis.analyzer.my_own_lowercase.tokenizer":"keyword", "index.analysis.analyzer.my_own_lowercase.type":"custom", "index.analysis.analyzer.my_own_lowercase.filter.0":"lowercase"}, "mappings":{"message":{"properties":{"message":{"type":"string"},"tags":
{"analyzer":"my_own_lowercase","type":"string"},"nick":
{"analyzer":"my_own_lowercase","type":"string"}}}},"aliases":{}}}

Of course, you can also read a single template by running a command like this:

curl -XGET 'logsene-receiver.sematext.com/_template /aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_MyTemplate'

Deleting Templates
Sometimes you may need to remove templates you've defined.  Doing that is as simple as running HTTP DELETE command against the _template REST end-point of Logsene and specifying the template name, like this:

curl -XDELETE 'logsene-receiver.sematext.com/_template/ 18fcf616-7c1a-4bb5-840e-deaf9ad73d00_MyTemplate'

If deletion was successful Logsene will respond with the following message:

{"acknowledged":true}

If something went wrong, you will see an error:

{"error":"Only full template names can be used with deletes","errorId":"1944493021299","status":"400"}

If you still haven't had a chance to try out Logsene, go to http://sematext.com/logsene/index.html and create a free account (or just add new Logsene application if you already have an account). You can also try a live demo of Logsene to quickly look how it works on common data.  If you can't ship your logs to the cloud, you can also run Logsene On Premises or on your own cloud instances (e.g. on AWS EC2).

Filed under: Logging Tagged: devops, log analytics, logging, logsene

Read the original blog entry...

More Stories By Sematext Blog

Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting and anomaly detection (SPM), log management and analytics (Logsene), and search analytics (SSA). We also provide Search and Big Data consulting services and offer 24/7 production support for Solr and Elasticsearch.

@DevOpsSummit Stories
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast trove of private and public data available to enterprises.
Most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes a lot of work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reduction in cost and increase in speed.
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the application economy. With CA software at the center of their IT strategy, organizations can leverage the technology that changes the way we live - from the data center to the mobile device. CA's software and solutions help customers thrive in the new application economy by delivering the means to deploy, monitor and secure their applications and infrastructure.
Given the popularity of the containers, further investment in the telco/cable industry is needed to transition existing VM-based solutions to containerized cloud native deployments. The networking architecture of the solution isolates the network traffic into different network planes (e.g., management, control, and media). This naturally makes support for multiple interfaces in container orchestration engines an indispensable requirement.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise...
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single-threaded, you can effectively identify hot spots in your serverless code. In his session at @DevOpsSummit at 21st Cloud Expo, Dave Martin, Product owner at CA Technologies, will give a live demonstration and code walkthrough, showing how to overcome the challenges of monitoring S3 and RDS. This presentation will provide an overview of necessary Amazon Lambda concepts and discus how to integrate the monitoring data with other tools.
SYS-CON Events announced today that Elastifile will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Elastifile Cloud File System (ECFS) is software-defined data infrastructure designed for seamless and efficient management of dynamic workloads across heterogeneous environments. Elastifile provides the architecture needed to optimize your hybrid cloud environment, by facilitating efficient data access across cloud and on-premises boundaries - with all the advantages of public IaaS everywhere.
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
There is only one world-class Cloud event on earth, and that is Cloud Expo – which returns to Silicon Valley for the 21st Cloud Expo at the Santa Clara Convention Center, October 31 - November 2, 2017. Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers. Companies are each developing their unique mix of cloud technologies and services, forming multi-cloud and hybrid cloud architectures and deployments across all major industries. Cloud-driven thinking has become the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, and the public sector.
SYS-CON Events announced today that Golden Gate University will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Since 1901, non-profit Golden Gate University (GGU) has been helping adults achieve their professional goals by providing high quality, practice-based undergraduate and graduate educational programs in law, taxation, business and related professions. Many of its courses are taught by faculty actively working in their field of expertise, providing students with skills that can be applied immediately. The new MS in Business Analytics, like most of its programs, is available fully online or in-person in downtown SF.
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emerging startups to Fortune 1000 companies.
With Cloud Foundry you can easily deploy and use apps utilizing websocket technology, but not everybody realizes that scaling them out is not that trivial. In his session at 21st Cloud Expo, Roman Swoszowski, CTO and VP, Cloud Foundry Services, at Grape Up, will show you an example of how to deal with this issue. He will demonstrate a cloud-native Spring Boot app running in Cloud Foundry and communicating with clients over websocket protocol that can be easily scaled horizontally and coordinate communication between multiple instances by using an additional message broker.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
Vulnerability management is vital for large companies that need to secure containers across thousands of hosts, but many struggle to understand how exposed they are when they discover a new high security vulnerability. In his session at 21st Cloud Expo, John Morello, CTO of Twistlock, will address this pressing concern by introducing the concept of the “Vulnerability Risk Tree API,” which brings all the data together in a simple REST endpoint, allowing companies to easily grasp the severity of the vulnerability. He will provide attendees with actionable advice related to understanding and acting on exposure due to new high severity vulnerabilities.
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Secure Channels, a cybersecurity firm, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Secure Channels, Inc. offers several products and solutions to its many clients, helping them protect critical data from being compromised and access to computer networks from the unauthorized. The company develops comprehensive data encryption security strategies that are tailored for the unique needs of each client; the team builds in an intuitive user experience to boost efficiency and effectiveness of its cyber security solutions.
The goal of Continuous Testing is to shift testing left to find defects earlier and release software faster. This can be achieved by integrating a set of open source functional and performance testing tools in the early stages of your software delivery lifecycle. There is one process that binds all application delivery stages together into one well-orchestrated machine: Continuous Testing. Continuous Testing is the conveyer belt between the Software Factory and production stages. Artifacts are moved from one stage to the next only after they have been tested and approved to continue. New code submitted to the repository is tested upon commit. When tests fail, the code is rejected. Subsystems are approved as part of periodic builds on their way to the delivery stage, where the system is being tested as production ready. The release process stops when tests fail. The key is to shift test c...
Docker containers have brought great opportunities to shorten the deployment process through continuous integration and the delivery of applications and microservices. This applies equally to enterprise data centers as well as the cloud. In his session at 20th Cloud Expo, Jari Kolehmainen, founder and CTO of Kontena, discussed solutions and benefits of a deeply integrated deployment pipeline using technologies such as container management platforms, Docker containers, and the drone.io Cl tool. He also demonstrated deployment of a CI/CD pipeline using container management, as well as show how to deploy a containerized application through a continuous delivery pipeline.
SYS-CON Events announced today that App2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. App2Cloud is an online Platform, specializing in migrating legacy applications to any Cloud Providers (AWS, Azure, Google Cloud).
In his session at @DevOpsSummit at 20th Cloud Expo, Kelly Looney, director of DevOps consulting for Skytap, showed how an incremental approach to introducing containers into complex, distributed applications results in modernization with less risk and more reward. He also shared the story of how Skytap used Docker to get out of the business of managing infrastructure, and into the business of delivering innovation and business value. Attendees learned how up-front planning allows for a clean separation between infrastructure, platform, and service concerns.