Make sense of a mountain of logs Now in Ruby!
You have logs. Billions of lines of data. You shipped, dated it, parsed it and stored it. And you used Logstash to do it. Now what do you do with it? Now you make sense of it. See everything you want, and nothing you don't. Chart it and rank it and play with the numbers. Kibana helps you do that. Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
Go ahead, spread your log parsing infrastructure out. Spin up a single Elasticsearch instance, or a huge cluster. Then bring it all back together with Kibana. Kibana will load balance against your Elasticsearch cluster. Logstash's daily rolling indicies let you scale to huge datasets, while Kibana's sequential querying gets you most relevant data quickly, with more as it becomes available. Elasticsearch 19.5's swanky new
index.store.compress.stored compression setting means you can store more events and retrieve them faster than ever before.
Find one event, or one million. Kibana uses the same flexible Lucene search syntax as Elasticsearch. Toss out a simple keyword to search globally or pick out certain fields to drill down into exactly what you want. See an entire event, or columnize your results to see only the stuff you really need.
Visually analyze trends in log volume to find peaks and valleys. Mouse over bars for exact counts. Drag to select date ranges to narrow your search.
Score, trend and average fields to find patterns. Find the most common values and see how they've changed over time.
Create dashboards from searches to view events in real time, as they happen. Or create an RSS feed and get updates at any interval. Export a CSV and use your favorite spreadsheet application to work with your data