Logging & ELK Stack
Elasticsearch, Logstash, Kibana, Beats, log aggregation, search, dashboards, troubleshooting log ingestion
1What is Elasticsearch in the ELK Stack?
What is Elasticsearch in the ELK Stack?
답변
Elasticsearch is a distributed search and analytics engine based on Apache Lucene. It stores logs as indexed JSON documents, enabling fast and complex real-time searches. Elasticsearch uses inverted indexes to optimize full-text queries, making it ideal for analyzing millions of log lines. It is at the core of the ELK Stack and serves as the primary database for all collected data.
2What is the primary role of Logstash in the ELK Stack?
What is the primary role of Logstash in the ELK Stack?
답변
Logstash is a data processing pipeline that ingests, transforms, and enriches logs before indexing them in Elasticsearch. It uses an input-filter-output architecture to parse raw logs, extract structured fields with Grok patterns, and add metadata. Logstash enables normalization of heterogeneous log formats from multiple sources, facilitating their subsequent analysis in Kibana.
3What is the primary function of Kibana?
What is the primary function of Kibana?
답변
Kibana is the visualization and data exploration interface for data stored in Elasticsearch. It enables the creation of interactive dashboards, custom charts, and ad-hoc searches on logs. Kibana also offers advanced features like Machine Learning for anomaly detection, and Timelion for time-series analysis, making log analysis accessible without complex queries.
What are Beats in the ELK ecosystem?
What is the main difference between Filebeat and Logstash?
+17 면접 질문