Log and Infrastructure Monitoring

Kibana is a user-friendly interface for visualizing and managing Elasticsearch data and logs. Foundations in infrastructure and log monitoring enable IT administrators and developers to spot problems in their applications and systems, diagnose them, and then optimize to prevent future challenges. In this chapter, we will explore how to monitor logs and infrastructure using Kibana, using a hypothetical movie projection system as an example case scenario.

Consider that you are working as a senior IT engineer at a giant film studio, Universal Phoenix, and responsible for monitoring an infrastructure that hosts the digital library of all their movies. This infrastructure hosts several microservices, each responsible for a different facet like streaming, metadata indexing, user authentication, and others. You have recently chosen Elastic Stack for its logging and monitoring needs, which includes Kibana.

Setting Up

First things first, you have to make sure that Elastic Stack is correctly installed and configured in your infrastructure. Elastic Stack consists of four main components: Elasticsearch for storage, Logstash for centralized logging, Kibana for visualization, and Beats for data shipping. In the case of Universal Phoenix, assume you have already set up Elastic Stack correctly.

Launching Kibana

Accessing Kibana is as simple as launching your web browser and navigating to the IP address of your Elasticsearch server using port 5601 (http://[yourElasticsearchIP]:5601). This should bring up the Kibana interface, a powerful graphical interface for managing and analyzing your Elastic Stack.

Understanding Kibana Interface

On the Kibana dashboard, you'll notice a number of options in the sidebar. For this tutorial, we're primarily interested in settings under the "Observability" section, specifically "Logs" and "Metrics."

The "Logs" application provides a real-time stream of log entries as they're ingested by Elasticsearch. The "Metrics" application gives you in-depth insights into the performance of your hardware and services.

Using Kibana Logs for Log Monitoring

To access the logs section, click on "Observability" --> "Logs." This should present you with a streamlined UI that displays the latest logs from all your services and applications. Given that we're dealing with the digital library system at Universal Phoenix, you might see logs from various services such as 'HarryPotter_MetadataService', 'TheGodfather_StreamingService', and so on. Viewing all these logs in one place makes it easier to trace and rectify issues.

HarryPotter_MetadataService: Indexing new digital copy of 'Harry Potter and the Prisoner of Azkaban' [2022-02-17 07:30:57]
TheGodfather_StreamingService: User 50721 requested to stream 'The Godfather Part II' at quality 4k [2022-02-17 07:31:00]

You can filter logs based on keywords, specific time ranges, specific hosts, and more. This makes it incredibly easy to troubleshoot application issues because you can isolate the logs from a particular service or even a specific time frame.

// Filtering logs for 3rd February 2022
filter: '@timestamp:[2022-02-03T00:00:00.000Z TO 2022-02-04T00:00:00.000Z]'

// Filtering logs for 'Titanic_MetadataService'
filter: kubernetes.pod.name:"Titanic_MetadataService"

Using Kibana Metrics for Infrastructure Monitoring

Now, let's explore Kibana's Metrics application. This tool allows you to keep an eye on your infrastructure from a single location. Navigate to "Observability" --> "Metrics."

Here, you can see an overview of your entire IT infrastructure, from CPU usage per machine, memory, disk IO, network traffic, and much more. Universal Phoenix's movie streaming platform inevitably demands a robust infrastructure to handle requests from several users worldwide. Monitoring this infrastructure's health is thus a critical task, and utilizing Kibana's Metrics can make it significantly easier.

// Overview of Infrastructure Metrics
Infrastructure Summary:  
CPU usage: 67%  
Memory usage: 72%  
Disk IO: 62%  
Network traffic: 78%

Kibana allows setting alerts for various conditions that can make proactive system managing world-class. For instance, you could easily set up a CPU utilization alert that notifies you when any system on your network exceeds, say 80%, utilization.

// Creating Alert in Kibana
Go to Stack Management --> Kibana --> Alerts and Actions --> Create Alert.  
Choose 'Index threshold' alert type  
Define Conditions:  
If CPU usage  
Is above 80   
On 'All' schedule  
For the last '5' minutes  

Apart from setting proactive alerts, another exciting feature is the built-on anomaly detection powered by machine learning. It can automatically spot any potential issues based on past data, reducing the manual labor of monitoring considerably.

In conclusion, Kibana is an extremely potent tool offering in-depth observability into your logs and infrastructure. Through Kibana, you can streamline your logging and monitoring processes, making it easier to manage your infrastructure proactively, spot issues, and optimize to meet future challenges.