Practical Guide to Using ELK: Log Collection, Analysis, and Query with Logstash and Kibana
This tutorial walks backend engineers through real‑world scenarios of log collection, parsing, and analysis using the ELK stack—Logstash, Elasticsearch, and Kibana—showing configuration examples, Grok patterns, RESTful API queries, aggregations, and visualizations to boost operational efficiency.
Backend developers often need to locate logs, query request details, and generate daily statistics; the ELK (Elasticsearch + Logstash + Kibana) platform provides a user‑friendly solution for these tasks.
Logstash configuration : The tutorial presents a complete Logstash pipeline with input (file, Kafka, RabbitMQ), filter (mutate, date, grok, kv, json, geoip, urldecode), and output (stdout for debugging, Elasticsearch indices, daily file output). Sample configuration files for collecting Nginx access logs are included, along with a custom Grok pattern SNS_NGINX_ACCESS that parses timestamps, request details, and custom fields.
Elasticsearch RESTful APIs : Common API categories (Document, Search, Indices, Cat, Cluster) are introduced. Example queries demonstrate retrieving cluster info, searching logs, filtering by status, limiting fields, counting documents, and using scroll for large result sets. Aggregation examples show daily request counts, term aggregations for top interfaces, and nested date‑histogram aggregations for hourly breakdowns.
Kibana usage : The guide explains basic filter queries, keyword vs. analyzed fields, multi‑value filters, and logical operators. Advanced Lucene/Kuery queries cover full‑text search, field search, wildcards, regex, fuzzy, proximity, range, boosting, and boolean logic. Visualization steps illustrate creating Data Tables, line charts, and area charts, configuring metrics and buckets, adding secondary axes, and exporting results as CSV.
Additional tips : Adding index patterns in Kibana, using Script Fields for type conversion, and customizing visualizations (smoothing, area charts) are covered. The tutorial concludes that mastering ELK enables engineers to efficiently collect, parse, query, and visualize log data, improving daily operational workflows.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Sohu Tech Products
A knowledge-sharing platform for Sohu's technology products. As a leading Chinese internet brand with media, video, search, and gaming services and over 700 million users, Sohu continuously drives tech innovation and practice. We’ll share practical insights and tech news here.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.