![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/logstash.png\")
\u015eekil 1:\u00a0<\/strong>Logstash[1]<\/p>\n\n\n\n\n\n1.1 Logstash Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h4>\n\n\n\n
Logstash pipeline\u2019\u0131 temel olarak 3 a\u015famadan olu\u015fur. \u0130nput, Filter ve Output.
\u0130nputlar : Eventlerin gelmesi, olu\u015fturulmas\u0131d\u0131r.
Filterlar : Gelen eventlerin \u00fczerinde aksiyonlar, transformasyonlar ger\u00e7ekle\u015ftirirler.
Outputlar : Eventleri ba\u015fka bir yere aktar\u0131rlar.<\/p>\n
\u015eekil 2<\/strong>\u00a0: Logstash pipeline[2]<\/p>\n\n\n\n\n\n \u00d6rnek bir Logstash config dosyas\u0131n\u0131n yap\u0131s\u0131 a\u015fa\u011f\u0131da g\u00f6sterilmi\u015ftir. \u0130lerleyen k\u0131s\u0131mlarda daha detayl\u0131 olarak de\u011finilecektir.<\/p>\n\n\n\n Logstash\u2019in iki t\u00fcr config dosyas\u0131 vard\u0131r: Birincisi Standart conf dosyas\u0131, pipelinenin kendisini yani input, filter ve output\u2019un tan\u0131mland\u0131\u011f\u0131 k\u0131s\u0131m. \u0130kinicisi ise Logstash pipelinenin ba\u015flat\u0131lmas\u0131n\u0131 ve \u00e7al\u0131\u015fma \u015feklini etkileyen se\u00e7enekleri belirten yml conf dosyalar\u0131. Bu yaz\u0131da Logstash\u2019in b\u00fcy\u00fck bir k\u0131sm\u0131n\u0131 olu\u015fturan standart config dosyas\u0131 \u00fczerinden uygulamalar g\u00f6sterilecektir.<\/p>\n\n\n\n Input Plugin :\u00a0<\/strong>Datan\u0131n Logstash\u2019e al\u0131nd\u0131\u011f\u0131 k\u0131s\u0131m. En \u00e7ok kullan\u0131lan Logstash input pluginleri \u015funlard\u0131r.<\/p>\n\n\n\n File<\/strong>\u00a0: Filesystem \u00fczerindeki dosya\/lardan loglar\u0131 okur. Filter Plugin :\u00a0<\/strong>Input k\u0131sm\u0131ndan gelen loglar\u0131n \u00fczerinde i\u015flemlerin(D\u00f6n\u00fc\u015ft\u00fcrme, parse etme, silme vb) yap\u0131ld\u0131\u011f\u0131 k\u0131s\u0131m. En \u00e7ok kullan\u0131lan filter pluginleri \u015funlard\u0131r.<\/p>\n\n\n\n Grok<\/strong>: Gelen metni ayr\u0131\u015ft\u0131r\u0131r ve yap\u0131land\u0131r\u0131r. Grok, Logstash\u2019de yap\u0131land\u0131r\u0131lmam\u0131\u015f loglar\u0131 yap\u0131land\u0131r\u0131lm\u0131\u015f ve sorgulanabilir bir \u015feye ayr\u0131\u015ft\u0131rman\u0131n en iyi yoludur. Logstash\u2019de built in olarak bulunan yakla\u015f\u0131k 120 pattern vard\u0131r. \u0130p arama, Say\u0131 arama Hostname arama vs. Mutate:<\/strong>\u00a0Fieldlerde genel d\u00f6n\u00fc\u015f\u00fcmler yapabilir. Eventlerdeki fieldleri yeniden adland\u0131rabilir, kald\u0131rabilir, tiplerini de\u011fi\u015ftirebilirsiniz.<\/p>\n\n\n\n Outputs<\/strong>\u00a0: Logstash pipelinenin son a\u015famas\u0131d\u0131r. Bir event birden fazla outputtan ge\u00e7ebilir. Yayg\u0131n olarak kullan\u0131lan baz\u0131 outputlar \u015funlard\u0131r: Di\u011fer pluginler<\/strong> Codec :\u00a0<\/strong>Codec eklentisi bir verinin g\u00f6r\u00fcn\u00fcm\u00fcn\u00fc de\u011fi\u015ftirir. Codec bile\u015fenleri esasen bir inputun veya outputun par\u00e7as\u0131 olarak \u00e7al\u0131\u015fabilen stream filtreleridir.<\/p>\n\n\n\n Delimiter :<\/strong>\u00a0Dosyadan okuma yap\u0131l\u0131rken delimiterin ne olaca\u011f\u0131n\u0131 belirtir. Default delimiter new line ( \\n ) karakteridir.<\/p>\n\n\n\n Path :\u00a0<\/strong>Input veya Output Dosya yolunu belirtti\u011fimiz k\u0131s\u0131m.<\/p>\n\n\n\n Start_position :<\/strong>\u00a0Okuma esnas\u0131nda okuma i\u015flemine nereden ba\u015flanaca\u011f\u0131n\u0131 bildiren keyword. Beginning ve end olmak \u00fczere iki adet de\u011fer al\u0131r.<\/p>\n\n\n\n Tags :\u00a0<\/strong>eventlere tag ekleyebilirsiniz. Bu tagleri daha sonra arama veya d\u00f6n\u00fc\u015f\u00fcm yapmak i\u00e7in kullanabilirsiniz<\/p>\n\n\n\n \u00d6rnek tags =>[\u201cdilisim\u201d]<\/p>\n\n\n\n Metadata :\u00a0<\/strong>Eventlere metadata ekleyebilirsiniz. Bunlar eventlerin i\u00e7inde do\u011frudan bulunmaz ancak y\u00f6nlendirme yaparken kullan\u0131labilir. \u00d6rnek: 3 inputunuz var (Kafka, file, tcp) ve 4 outputunuz var. Hangisi nereye gidecek bunu belirtmek i\u00e7in metadatalardan yard\u0131m al\u0131nabilir.<\/p>\n\n\n\n Bazen bir eventi\u00a0belirli \u015fartlar alt\u0131nda filtrelemek veya outputa aktarmak istersiniz. Bunun i\u00e7in bir conditional ifadeleri kullanabilirsiniz. Logstash\u2019in \u015fartl\u0131 ifadeleri programlama dillerinde oldu\u011fu gibi \u00e7al\u0131\u015f\u0131r. Temel syntax\u0131 \u015fu \u015fekildedir.<\/p>\n\n\n\n Operat\u00f6rler olarak programlama dillerinden de bildi\u011fimiz ==, != ,< ,> , <= , >=, in, not in , and , or , nand , xor , ve ! kullan\u0131l\u0131yor.<\/p>\n\n\n\n \u0130lk olarak https:\/\/www.elastic.co\/downloads\/logstash adresine girip istedi\u011fimiz Logstash versiyonunu ve i\u015fletim sistemimiz se\u00e7ip indiriyoruz. Bu yaz\u0131da Logstash\u2019in 6.8.0 s\u00fcr\u00fcm\u00fc kullan\u0131lm\u0131\u015ft\u0131r. Dosyalar\u0131 indirdikten sonra ilk olarak cmd \u00fczerinden Logstash\u2019\u0131n oldu\u011fu klas\u00f6re gidip command line \u00fczerinden \u201cbin\/logstash\u201d komutu ile Logstash\u2019i \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/p>\n\n\n\n 1.6.1 Standart input \u2013 Standart output<\/strong><\/p>\n\n\n\n Logstash ile yapaca\u011f\u0131m\u0131z ilk uygulamada command line \u00fczerinden girdi\u011fimiz eventi yine command line ile okuyaca\u011f\u0131z.<\/p>\n\n\n\n \u0130lk olarak cmd ile Logstash\u2019in oldu\u011fu directorye gidiyoruz ve istedi\u011fimiz yere logstash.conf isimli dosyay\u0131 olu\u015fturuyoruz. Daha sonra conf dosyam\u0131z\u0131 a\u00e7\u0131p a\u015fa\u011f\u0131daki sat\u0131rlar\u0131 ekliyoruz.<\/p>\n\n\n\n Daha sonra dosyam\u0131z\u0131 kaydedip \u00e7\u0131k\u0131yoruz ve\u00a0<\/p>\n\n\n\n bin\/logstash -f config\/pipelines\/pipeline.conf<\/p>\n<\/blockquote>\n\n\n\n komutu ile ilk Logstash uygulamam\u0131z\u0131 \u00e7al\u0131\u015ft\u0131r\u0131yoruz. Logstash\u2019in ba\u015flamas\u0131 45-50 saniye kadar s\u00fcrebilmektedir. \u201cSuccessfully started\u201d yaz\u0131s\u0131n\u0131 g\u00f6rd\u00fckten sonra \u201cSelamlar dilisim\u201d yaz\u0131p g\u00f6nderiyoruz. Logstash ise cevap olarak bize g\u00f6nderdi\u011fimiz mesaj\u0131n yan\u0131 s\u0131ra 3 adet bilgi daha d\u00f6n\u00fcyor. Bunlar Logstash\u2019in \u00e7al\u0131\u015ft\u0131\u011f\u0131 host ad\u0131, bu i\u015flemin yap\u0131ld\u0131\u011f\u0131 tarih ve versiyon numaras\u0131d\u0131r.<\/p>\n Peki plain texti d\u00fczg\u00fcn bir \u015fekilde iletti ya inputumuz json format\u0131nda olsayd\u0131 o zaman ne olacakt\u0131 ? Name fieldinin de\u011feri Tolga olacak \u015fekilde bir input g\u00f6nderelim.<\/p>\n \u015eekil 5<\/strong>\u00a0: Logstash\u2019in plain text ayarlar\u0131yla Json g\u00f6sterimi<\/p>\n\n\n\n\n\n Biz name\u2019i bir field olarak istemi\u015ftik ancak bu direkt olarak mesaj\u0131n i\u00e7ine katt\u0131. Peki ne yapabiliriz ? Yukar\u0131da bahsetti\u011fim codec pluginini kullanabiliriz. \u015eimdi hem json format\u0131nda input alan hem de ald\u0131\u011f\u0131 inputu hem command line \u00fczerinden bize d\u00f6nd\u00fcren hem de bir text dosyas\u0131na kaydeden bir uygulama yapal\u0131m. Config dosyam\u0131z\u0131n i\u00e7ine girip a\u015fa\u011f\u0131daki \u015fekilde de\u011fi\u015fiklik yapal\u0131m.<\/p>\n\n\n\n Codec kullanarak art\u0131k json tipindeki loglar\u0131m\u0131z\u0131\/eventlerimizi Logstash\u2019e tan\u0131tabilecek ve file plugin kullanarak bunlar\u0131 bir dosyaya kaydedebilece\u011fiz. \u015eimdi tekrar Logstash pipelinem\u0131z\u0131 aya\u011fa kald\u0131ral\u0131m ve az \u00f6nceki inputu tekrar girelim.<\/p>\n \u015eekil 6<\/strong>\u00a0: Logstash Json g\u00f6sterimi<\/p>\n\n\n\n\n\n G\u00f6rd\u00fc\u011f\u00fcn\u00fcz gibi bu sefer name ad\u0131nda bir field ve Tolga ad\u0131nda bu fielde ait bir value elde ettik. Son sat\u0131rdaki infoya dikkat edelim. Burada bize belirtilen pathte bir dosya a\u00e7\u0131ld\u0131\u011f\u0131n\u0131 ve dosyaya yazma i\u015fleminin yap\u0131ld\u0131\u011f\u0131ndan bahsediyor.\u00a0<\/p>\n\n\n\n \u015eimdi bu sefer i\u00e7in i\u00e7ine ba\u015fka uygulamalar katal\u0131m. Postman \u00fczerinden json tipinde eventler yollay\u0131p bunlar\u0131 yine cmdden izleyelim.<\/p>\n\n\n\n Bunun i\u00e7in yukar\u0131daki config dosyam\u0131z\u0131n input k\u0131sm\u0131na http pluginini ekliyoruz ve daha sonra uygulamam\u0131z\u0131 tekrar ba\u015flat\u0131p Postman clientimizi a\u00e7\u0131yoruz.<\/p>\n\n\n\n Postman clientimizi a\u00e7\u0131ktan sonra host ve port bilgilerini girip sa\u011f taraftan jsonu se\u00e7iyoruz ve g\u00f6ndermek istedi\u011fimiz eventleri yaz\u0131yoruz. Name ve Peoplecount fieldlerinden olu\u015fan bir json g\u00f6nderdim.<\/p>\n \u015eekil 7<\/strong>\u00a0: Postman\u0131n i\u00e7 g\u00f6r\u00fcnt\u00fcs\u00fc<\/p>\n\n\n\n\n\n Daha sonra console \u00fczerinden kontrol etti\u011fimzde bu sefer yukar\u0131daki outputlardan \u00e7ok daha fazla say\u0131da field oldu\u011funu g\u00f6zlemleyebiliriz. Bunun sebebi ise \u00fc\u00e7\u00fcnc\u00fc parti bir uygulama\/agent kullanm\u0131\u015f olmam\u0131zdan dolay\u0131d\u0131r.<\/p>\n \u015eekil 8<\/strong>\u00a0: Postman agent bilgileri<\/p>\n\n\n\n\n\n \u0130lk iki sat\u0131rda g\u00f6nderdi\u011fimiz de\u011ferleri g\u00f6rebiliyoruz. Geri kalan header k\u0131sm\u0131 ise bizim hangi agenti kulland\u0131\u011f\u0131m\u0131z ve agent \u00fczerinde hangi ayarlar\u0131 yapt\u0131\u011f\u0131m\u0131z hakk\u0131nda bize bilgi veriyor. Bu asl\u0131nda \u00e7ok yararl\u0131 bir bilgidir. Siz kendi serverinize Postman ya da X uygulamas\u0131 \u00fczerinden request at\u0131lmas\u0131n\u0131 istemiyorsan\u0131z bunu filter k\u0131sm\u0131nda if sorgusu ile kontrol ederek istemedi\u011finiz yerlerden gelen requestleri engelleyebilirsiniz.<\/p>\n\n\n\n 1.6.2 Logstash \u2013 TCP uygulamas\u0131<\/strong><\/p>\n\n\n\n Bu uygulamada bir port \u00fczerinden gelen veriyi localde bir dosyaya kaydedece\u011fiz. Bu sefer input, filter ve outputu par\u00e7alayarak g\u00f6sterece\u011fim.\u00a0<\/p>\n\n\n\n 5400 portuna gelen loglar\u0131 tcp \u00fczerinden ile Logstash\u2019e aktaraca\u011f\u0131z. Bunun i\u00e7in tcp pluginini kullan\u0131yoruz. Json tipinde veriler aktaraca\u011f\u0131m\u0131z i\u00e7in codec belirttik ve son olarak port olarak 5400 se\u00e7tim. Siz ba\u015fka bir port ile deneyebilirsiniz.<\/p>\n\n\n\n Filter k\u0131sm\u0131nda ise bir tak\u0131m i\u015flemler yapt\u0131k. \u0130lk olarak age ve _id fieldleri e\u011fer string tipinde ( \u201cx\u201d ) geliyorsa bunlar\u0131 integer\u2019a \u00e7evirdik. \u0130lk uygulamam\u0131zda g\u00f6rm\u00fc\u015ft\u00fck Logstash baz\u0131 fieldler ekliyordu. Bunlar\u0131 bu sefer d\u0131\u015farda b\u0131rakmak istedim bunun i\u00e7in mutate plugininin remove_field \u00f6zelli\u011finden faydaland\u0131m. Silmek istedi\u011fim alanlar\u0131 i\u00e7ine string olarak ekledim.<\/p>\n\n\n\n Daha sonra tekrar commandline \u00fczerinden g\u00f6rmek istedi\u011fim i\u00e7in output k\u0131sm\u0131n\u0131 bu \u015fekilde d\u00fczelttim.<\/p>\n\n\n\n Peki 5400 portuna nas\u0131l veri g\u00f6nderece\u011fiz? Ben bunun i\u00e7in netcat\u2019i kulland\u0131m. Netcat, a\u011f\u0131 okuyan ve TCP veya UDP ileti\u015fim kurallar\u0131n\u0131 kullanarak a\u011f ba\u011flant\u0131lar\u0131n\u0131 yazan bir hizmetdir.\u00a0<\/p>\n\n\n\n \u0130lk olarak bir json dosyas\u0131 olu\u015fturup a\u015fa\u011f\u0131daki sat\u0131rlar\u0131 dosyan\u0131n i\u00e7ine ekleyip kaydettim.<\/p>\n\n\n\n Daha sonra tekrar bir cmd a\u00e7\u0131p yukar\u0131daki x.json dosyam\u0131z\u0131n oldu\u011fu konuma geldim ve a\u015fa\u011f\u0131daki komut ile dosyam\u0131z\u0131 netcat ile 5400 portuna aktarm\u0131\u015f oldum.<\/p>\n\n\n\n nc localhost 5400 < original.json<\/p>\n\n\n\n Daha sonra Logstash\u2019i \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131m terminal ekran\u0131na d\u00f6nd\u00fc\u011f\u00fcm zaman sonu\u00e7lar\u0131n ekrana 1 saniyeden k\u0131sa bir s\u00fcrede gelmi\u015f oldu\u011funu g\u00f6rd\u00fcm.<\/p>\n \u015eekil 9<\/strong>\u00a0: Json dosyas\u0131n\u0131n Tcp plugininde g\u00f6sterimi<\/p>\n\n\n\n\n\n 1.6.3 Logstash \u2013 Twitter Uygulamas\u0131<\/strong><\/p>\n\n\n\n Bu uygulamam\u0131zda Logstash Twitter input plugini kullaranak Twitter API ile ileti\u015fime ge\u00e7ip belirtti\u011fimiz hashtage ait tweetleri \u00e7ekip bir dosyaya kaydedece\u011fiz.<\/p>\n\n\n\n Config dosyam\u0131z a\u015fa\u011f\u0131daki gibidir. Bunun i\u00e7in ilk olarak twitter developer accountu a\u00e7mal\u0131 ve a\u015fa\u011f\u0131daki 4 adet key\u2019e sahip olmal\u0131s\u0131n\u0131z. Ben kendi keylerimi payla\u015fam\u0131yorum maalesef.<\/p>\n\n\n\n Burada keywords fieldi aramak istedi\u011fimiz hashtag\u0131, full_tweet fieldi o tweete air t\u00fcm detay bilgileri alan ve ignore_retweets ise retweetleri ignore etmemizi sa\u011flayan fieldler. Retweetleri ignore ettik \u00e7\u00fcnk\u00fc bir hashtage at\u0131lan binlerce retweet tweetler \u00fczerinde bir analiz yapmak istedi\u011fimiz zaman bizi yan\u0131ltabilir.<\/p>\n \u015eekil 10<\/strong>\u00a0: Logstash Twitter Plugini<\/p>\n\n\n\n\n\n Daha sonra json dosyam\u0131za girdi\u011fimizde tweetlerin gelmi\u015f oldu\u011funu g\u00f6rebilece\u011fiz. \u00c7ok fazla field i\u00e7erdi\u011finden 1 tweete ait \u00e7ekilen bilgileri a\u015fa\u011f\u0131da g\u00f6sterebilirim.<\/p>\n\n\n\n 1.6.4 ELK ( Elasticsearch, Logstash, Kibana ) ve Kafka uygulamas\u0131\u00a0<\/strong><\/p>\n\n\n\n Bu uygulamada local disk \u00fczerinde bulunan bir csv dosyas\u0131n\u0131 al\u0131p \u00f6nce Elasticsearch\u2019e g\u00f6nderip Kibana \u00fczerinden kontrol edece\u011fiz daha sonra ayn\u0131 veriyi bir Kafka topicine yazaca\u011f\u0131z.<\/p>\n\n\n\n Elimizde \u201cislem(str)\u201d,\u201dislemtarihi(str)\u201d,\u201dyapankisi(int)\u201d,\u201dbasari_kodu(str)\u201d,\u201dislemsuresi(int)\u201d,\u201doperator_server_definer(str)\u201d s\u00fctunlar\u0131ndan olu\u015fan 3 adet csv dosyas\u0131 var. Bu csv dosyalar\u0131n\u0131n ad\u0131 daily_date.csv \u015feklinde burada date \u00f6nemli \u00e7\u00fcnk\u00fc Elasticsearch\u2019te indexlerken bu isimleri kullanaca\u011f\u0131z.<\/p>\n\n\n\n Config dosyas\u0131n\u0131 yine \u00fc\u00e7e b\u00f6lerek a\u00e7\u0131klayaca\u011f\u0131m. \u0130lk olarak input k\u0131sm\u0131nda file plugini kullanarak path\u2019imizi ve okumaya dosyan\u0131n neresinden ba\u015flayaca\u011f\u0131m\u0131z\u0131 belirtiyoruz. Dosyalar\u0131m\u0131z\u0131n hepsi daily_date \u015feklinde oldu\u011fu i\u00e7in daily_* notasyonu bize t\u00fcm dosyalar\u0131m\u0131z\u0131 g\u00f6rmemizi sa\u011flayacak.<\/p>\n\n\n\n Burada ilk olarak csv pluginini kullanarak csv dosyalar\u0131m\u0131z\u0131n columnlar\u0131n\u0131 ve seperatoru belirtiyoruz. Ruby plugini kullanarak her bir csv dosyas\u0131 i\u00e7in dosya pathini al\u0131yoruz sondan \/ i\u015faretine g\u00f6re b\u00f6l\u00fcp .csv ifadesini \u201c\u201d ile de\u011fi\u015ftiriyoruz yani geriye sadece dosya ad\u0131 kal\u0131yor ve bunu bir de\u011fi\u015fkene aktar\u0131yoruz.<\/p>\n\n\n\n \u00d6rnek : daily_22-04-2020.csv \u2013> daily_22-04-2020 olacak ve biz daha sonra bu de\u011fi\u015fkenimizi Elasticsearch\u2019te index olu\u015ftururken kullanaca\u011f\u0131z.<\/p>\n\n\n\n Burada \u00e7ok fazla mutate kulland\u0131k bunlar\u0131 beraber ve ayr\u0131 ayr\u0131 kullanabiliriz. Burada ayr\u0131 ayr\u0131 kullan\u0131m\u0131n\u0131 g\u00f6stermek i\u00e7in bu kadar uzatt\u0131m. \u0130lk mutate plugininde yapankisi ve islems\u00fcresini integer\u2019a \u00e7evirdik. Bunlar\u0131n tipi zaten intti ama olur da veri i\u00e7inde yanl\u0131\u015fl\u0131kla string gelirse diye \u00f6nlem ald\u0131k. Daha sonra bunlar\u0131 Kafka\u2019da g\u00f6stermek i\u00e7in hepsini mesaj isimli bir metadata de\u011fi\u015fkenine aktard\u0131k. Metadatalar datan\u0131n i\u00e7inde do\u011frudan yer almazlar ama message de\u011fi\u015fkeni do\u011frudan yer al\u0131yordu. Hem onu ortadan kald\u0131rm\u0131\u015f olduk hem de tekrar elimizde messagenin sahip oldu\u011fu valueyi tuttuk. Di\u011fer mutatelerde ise istemedi\u011fimiz, Logstash\u2019in kendi ekledi\u011fi fieldleri sildik.<\/p>\n\n\n\n Geldik son k\u0131sm\u0131m\u0131za, burada ilk ba\u015fta Elasticsearch pluginini kullanarak Elasticsearch\u2019in \u00e7al\u0131\u015ft\u0131\u011f\u0131 adresi belirttik. Daha sonra yukar\u0131da dosya isimlerini kesmi\u015ftik hat\u0131rlars\u0131n\u0131z. O kesti\u011fimiz isimleri burada index ad\u0131 olarak kullan\u0131yoruz. Yani bu ne demek ? Her bir csv dosyas\u0131 kendi ad\u0131n\u0131 ta\u015f\u0131yan bir indexi olu\u015fturacak ve veriler ayr\u0131 ayr\u0131 indexlerde tutulacak.<\/p>\n\n\n\n Document type ise default Elasticsearch dok\u00fcman tipidir. G\u00fcncel versiyonlarda _docdur ancak eski Elasticsearch versiyonlar\u0131 kullan\u0131yorsan\u0131z doc gibi farkl\u0131 olabilir de\u011fi\u015ftirmeniz gerekli bu y\u00fczden ayr\u0131ca belirttim \u015fu an kullanmama gerek yok \u00e7\u00fcnk\u00fc ben g\u00fcncel Elasticsearch versiyonu kullan\u0131yorum.\u00a0<\/p>\n\n\n\n Kafka taraf\u0131nda ise yine Kafka plugini yard\u0131m\u0131yla veriyi g\u00f6nderece\u011fimiz Kafka topicinin ad\u0131, Kafka serverlerimizin bilgileri ve ne g\u00f6nderece\u011fimizi codec k\u0131sm\u0131nda belirtiyoruz. Bu da \u00fcstteki message -> metadata mesaj d\u00f6n\u00fc\u015f\u00fcm\u00fc yapt\u0131\u011f\u0131m\u0131z mesaj yani verinin kendisiydi direkt virg\u00fcllerle ayr\u0131lm\u0131\u015f \u015fekilde veriyi Kafka\u2019ya bas\u0131yoruz.<\/p>\n\n\n\n \u015eimdi yukar\u0131da anlatt\u0131klar\u0131m\u0131z\u0131 ad\u0131m ad\u0131m uygulayal\u0131m;<\/p>\n\n\n\n \u0130lk olarak a\u015fa\u011f\u0131daki komut ile bir Kafka topici yaratal\u0131m.<\/p>\n\n\n\n Daha sonra uygulamam\u0131z\u0131 ba\u015flatabiliriz s\u0131ras\u0131yla \u015fu uygulamalar\u0131 a\u015fa\u011f\u0131daki komutlarla ba\u015flat\u0131yoruz: Elasticsearch -> Kibana -> Zookeeper -> Kafka -> Logstash -> Kafka topic<\/p>\n\n\n\n \u0130lk olarak Kibana aray\u00fcz\u00fcm\u00fcze girip \u201cget indices\u201d ile indexlerimizi sorgulad\u0131\u011f\u0131m\u0131zda daily dosyalar\u0131m\u0131z\u0131n isminde indexlerimizin olu\u015ftu\u011funu g\u00f6r\u00fcyoruz.<\/p>\n \u015eekil 11<\/strong>\u00a0: Elasticsearch indexlerinin Kibana\u2019da g\u00f6sterimi<\/p>\n\n\n\n\n\n Daha sonra indexlerimizin i\u00e7i dolu mu diye sorgu att\u0131\u011f\u0131m\u0131zda ise csv dosyalar\u0131m\u0131z\u0131n i\u00e7eriklerinin ba\u015far\u0131l\u0131 bir \u015fekilde Elasticsearch \u00fczerinden aranabilir hale geldi\u011fini g\u00f6zlemliyoruz.<\/p>\n \u015eekil 12<\/strong>\u00a0: Kibana sorgu sonucu<\/p>\n\n\n\n\n\n Son olarak Kafka topicimize bakal\u0131m. Kafka plugini kullanarak csv dosyalar\u0131n\u0131n i\u00e7eri\u011fini Kafka topicimize de g\u00f6ndermi\u015f olduk.<\/p>\n \u015eekil 13<\/strong>\u00a0: Csv\u2019nin Kafka Topic\u2019e yaz\u0131lmas\u0131<\/p>\n\n\n\n\n\n Kaynak\u00e7a<\/strong> Bu yaz\u0131m buraya kadard\u0131. Bir sonraki yaz\u0131mda g\u00f6r\u00fc\u015fmek \u00fczere ?<\/p>\n","protected":false},"excerpt":{"rendered":" Selamlar herkese bu yaz\u0131mda ELK stack yap\u0131s\u0131nda bulunan Logstash\u2019e giri\u015f yap\u0131p, teori ve uygulamalar ile u\u00e7tan uca Logstash pipelinelar\u0131n\u0131 g\u00f6sterece\u011fim. 1. Logstash […]<\/p>\n","protected":false},"author":2,"featured_media":5922,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[87],"tags":[170,171,176,177,178,179,145],"class_list":["post-6139","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-elastic-tr","tag-elastic-search-tr","tag-elk-tr","tag-logstash-tr","tag-pipeline-tr","tag-search-tr","tag-tr-tr"],"yoast_head":"\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/logstash_internal_architecture.png\")
<\/strong><\/p>\ninput {\n tcp {\n port => 5000\n type => syslog\n }\n udp {\n port => 5000\n type => syslog\n }\n}\n\nfilter {\n if [type] == \"syslog\" {\n grok {\n match => { \"message\" => \"%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\\[%{POSINT:syslog_pid}\\])?: %{GREEDYDATA:syslog_message}\" }\n add_field => [ \"received_at\", \"%{@timestamp}\" ]\n add_field => [ \"received_from\", \"%{host}\" ]\n }\n date {\n match => [ \"syslog_timestamp\", \"MMM d HH:mm:ss\", \"MMM dd HH:mm:ss\" ]\n }\n }\n}\n\noutput {\n elasticsearch { hosts => [\"localhost:9200\"] }\n stdout { codec => rubydebug }\n}<\/code><\/pre>\n\n\n\n1.2 Pluginler<\/h4>\n\n\n\n
Redis<\/strong>\u00a0: Redis objesinden loglar\u0131 okur.
Stdin<\/strong>: Standart inputtan (command line) okur.
S3<\/strong>: Amazon S3\u2019den loglar\u0131 okur.
Rabbitmq, Mongodb, Kafka gibi input pluginleri de mevcuttur.<\/p>\n\n\n\n
A\u015fa\u011f\u0131da \u00f6rnek 4 pattern g\u00f6sterilmi\u015ftir.\u00a0
UNIXPATH (\/([\\w_%!$@:.,+~-]+|\\.)*)+
CISCOMAC (?:(?:[A-Fa-f0-9]{4}.){2}[A-Fa-f0-9]{4})
WINDOWSMAC (?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})
COMMONMAC (?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})<\/p>\n\n\n\n
Elasticsearch<\/strong>\u00a0: loglar\/eventler Elasticsearch\u2019e g\u00f6nderir. Verilerinizi sorgulanabilir bir bi\u00e7imde kaydetmeyi sa\u011flar.
File<\/strong>\u00a0: Dosya sisteminizdeki bir dosyaya yazar.
Stdout<\/strong>\u00a0: Standart output\u2019a yazar.
Kafka<\/strong>\u00a0: Bir Kafka topic \u00fczerine yazar.<\/p>\n\n\n\n
Azure event hubs<\/strong>\u00a0: Azure\u2019den eventler al\u0131r.
Cloudwatch<\/strong>\u00a0: AWS Cloudwatch Api\u2019dan eventleri al\u0131r.
Github<\/strong>\u00a0: Github\u2019dan eventler al\u0131r.
Graphite<\/strong>: Graphiteden metricleri al\u0131r.
http<\/strong>\u00a0: http ve https \u00fczerinden eventler al\u0131r.
Jdbc<\/strong>\u00a0: Jdbc \u00fczerinden eventleri al\u0131r.
Rabbitmq<\/strong>\u00a0: Rabbitmq \u00fczerinden eventleri al\u0131r.
Tcp-udp<\/strong>\u00a0: tcp ve udp \u00fczerinden eventler okunur veya yaz\u0131l\u0131r.
Twitter<\/strong>\u00a0: Twitter streaming api \u00fczerinden eventler al\u0131n\u0131r.
Email<\/strong>\u00a0: eventler email server \u00fczerinden g\u00f6nderilir.
\u0130nfluxdb<\/strong>\u00a0: eventler influxdb\u2019ye yaz\u0131l\u0131r.
Mongodb<\/strong>\u00a0: eventler mongodb\u2019ye yaz\u0131l\u0131r.
Solr_http<\/strong>\u00a0: loglar solr\u2019da indexlenir ve saklan\u0131r.
Webhdfs<\/strong>\u00a0: loglar hdfs\u2019e yaz\u0131l\u0131r.<\/p>\n\n\n\n1.3 Logstash Terimleri<\/h4>\n\n\n\n
filter{\nif \"dilisim\" in tags[]{\n\tdrop();\n} }\n<\/code><\/pre>\n\n\n\n1.4 Logstash \u015eartl\u0131 \u0130fadeler<\/h4>\n\n\n\n
![\"\"](\"http:\/\/blog.dilisim.com\/wp-content\/uploads\/2020\/05\/image-43.png\")
\n1.5 Logstash Kurulumu<\/h4>\n\n\n\n
1.6 Logstash ile uygulamalar<\/h4>\n\n\n\n
input {\n\tstdin {\n\n\t}\n}\n#filter k\u0131sm\u0131n\u0131 eklememize \u015fu an i\u00e7in gerek yok. Filter k\u0131sm\u0131 olmasa bile logstash \u00e7al\u0131\u015fabilmektedir. Ald\u0131\u011f\u0131 veriyi oldu\u011fu gibi aktar\u0131r.\n\noutput {\n\tstdout {\n\n\t}\n}\n<\/code><\/pre>\n\n\n\n\n
![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0.png\")
\u015eekil 4<\/strong>\u00a0: \u0130lk uygulamam\u0131z\u0131n console g\u00f6r\u00fcnt\u00fcs\u00fc<\/p>\n\n\n\n\n\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-1.png\")
<\/strong><\/p>\ninput {\n\tstdin {\n\t\tcodec => json\n\t}\n}\n\noutput {\n\tstdout {\n\n }\n\n\tfile {\n\t\tpath => \"tempoutput.txt\"\n\t}\n}\n<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-2.png\")
<\/p>\nhttp {\n\t host => \"127.0.0.1\"\n\t port => 8080\n }\n#host ve port bilgimizi yukar\u0131daki \u015fekilde ayarl\u0131yoruz. Port istedi\u011finiz bir de\u011fer olabilir ( ba\u015fka bir uygulama taraf\u0131ndan kullan\u0131lmamas\u0131 gerekir ).<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-3.png\")
<\/p>\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-4.png\")
<\/p>\ninput {\n\t\ttcp {\n\t\t\tport => 5400\n\t\t\tcodec => json\n\t\t\t}\n}\n<\/code><\/pre>\n\n\n\nfilter {\n\tmutate {\n\t\tconvert => {\n\t\t\t\"age\" => \"integer\"\n\t\t\t\"_id\" => \"integer\"\n\t\t}\n\t\tremove_field => [\"host\",\"@version\",\"@timestamp\",\"port\"]\n\t\t}\n}<\/code><\/pre>\n\n\n\noutput {\n\tstdout {\n\t\t\t\n\t}\n}\n<\/code><\/pre>\n\n\n\n{\"_id\":\"1\",\"name\":\"Ali\",\"age\":\"10\",\"city\":\"istanbul\"}\n{\"_id\":\"2\",\"name\":\"Veli\",\"age\":\"22\",\"city\":\"bursa\"}\n{\"_id\":\"3\",\"name\":\"Hasan\",\"age\":\"34\",\"city\":\"bayburt\"}\n{\"_id\":\"4\",\"name\":\"Elif\",\"age\":\"11\",\"city\":\"bal\u0131kesir\"}\n{\"_id\":\"5\",\"name\":\"Gizem\",\"age\":\"53\",\"city\":\"adana\"}\n<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-5.png\")
<\/p>\ninput {\n\ttwitter {\n\t\tconsumer_key => \"xxxx\"\n\t\tconsumer_secret => \"xxx\"\n\t\toauth_token => \"xxxx\"\n\t\toauth_token_secret => \"xxxx\"\n\t\tkeywords => [ \"big data\"]\n\t\tfull_tweet => true\n\t\tignore_retweets => true\n}\n}\n\noutput {\nfile {\n\tpath => \"tweetsnew.json\"\n\n}\n}\n\n\n<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-6.png\")
<\/p>\n{\"quote_count\":0,\n\"in_reply_to_screen_name\":null,\n\"filter_level\":\"low\",\n\"possibly_sensitive\":false,\n\"created_at\":\"Thu May 07 11:24:49 +0000 2020\",\"retweet_count\":0,\"@version\":\"1\",\"@timestamp\":\"2020-05-07T11:24:49.000Z\",\n\"is_quote_status\":false,\n\"truncated\":false,\n\"place\":null,\n\"entities\":{\"urls\":[{\"url\":\"https:\/\/t.co\/T6Mvytsqse\",\"expanded_url\":\"https:\/\/bit.ly\/3fcor94\",\"display_url\":\"bit.ly\/3fcor94\",\"indices\":[81,104]}],\"user_mentions\":[],\"symbols\":[],\"hashtags\":[]},\"coordinates\":null,\"id_str\":\"1258357111345553412\",\"timestamp_ms\":\"1588850689146\",\"in_reply_to_status_id_str\":null,\n\"source\":\"<a href=\\\"http:\/\/twitter.com\/download\/iphone\\\" rel=\\\"nofollow\\\">Twitter for iPhone<\/a>\",\"in_reply_to_user_id\":null,\n\"text\":\"Top Ways in Which Big Data Has Fortified Geolocation Apps - Data Science Central https:\/\/t.co\/T6Mvytsqse\",\"reply_count\":0,\"favorite_count\":0,\"in_reply_to_user_id_str\":null,\"in_reply_to_status_id\":null,\"geo\":null,\"id\":1258357111345553412,\"contributors\":null,\"retweeted\":false,\"user\":{\"description\":null,\"url\":\"http:\/\/about.me\/nivanecu\",\"protected\":false,\"profile_background_image_url_https\":\"https:\/\/abs.twimg.com\/images\/themes\/theme1\/bg.png\",\"statuses_count\":549,\"followers_count\":31,\"contributors_enabled\":false,\"profile_use_background_image\":false,\"created_at\":\"Sat May 28 00:01:42 +0000 2011\",\"is_translator\":false,\"location\":\"Quito, Ecuador\",\"default_profile\":false,\"translator_type\":\"none\",\"profile_background_image_url\":\"http:\/\/abs.twimg.com\/images\/themes\/theme1\/bg.png\",\"screen_name\":\"nivanecu\",\"profile_banner_url\":\"https:\/\/pbs.twimg.com\/profile_banners\/306491885\/1431542810\",\"profile_link_color\":\"0084B4\",\"notifications\":null,\"profile_text_color\":\"000000\",\"id_str\":\"306491885\",\"following\":null,\"name\":\"Nelson Ivan Herrera\",\"utc_offset\":null,\"listed_count\":2,\"profile_sidebar_border_color\":\"000000\",\"verified\":false,\"favourites_count\":83,\"time_zone\":null,\"profile_image_url_https\":\"https:\/\/pbs.twimg.com\/profile_images\/1252324954667978752\/7vofA9XA_normal.jpg\",\"profile_image_url\":\"http:\/\/pbs.twimg.com\/profile_images\/1252324954667978752\/7vofA9XA_normal.jpg\",\"profile_background_color\":\"000000\",\"id\":306491885,\"default_profile_image\":false,\"follow_request_sent\":null,\"profile_background_tile\":false,\"lang\":null,\"friends_count\":43,\"profile_sidebar_fill_color\":\"000000\",\"geo_enabled\":true},\"lang\":\"en\",\"favorited\":false}\n<\/code><\/pre>\n\n\n\ninput {\n\tfile {\n\t\tpath => \"\/Users\/tolgadilisim\/Desktop\/event-data\/daily_*.csv\"\n\t\tstart_position => \"beginning\"\n }\n}<\/code><\/pre>\n\n\n\nfilter {\n\t\tcsv {\n\t\t\tseparator => \",\"\n\t\t\tcolumns => [\"islem\",\"islemtarihi\",\"yapankisi\",\"basari_kodu\",\"islemsuresi\",\"operator_server_definer\"]\n\t\t}\n\t\truby {\n\t code => \"\n\t event.set('index_type',event.get('path').split('\/')[-1].gsub('.csv',''))\n\t \"\n\t }\n\n\t\tmutate {\n\t\t\tconvert => {\n\t\t\t\t\"yapankisi\" => \"integer\"\n\t\t\t\t\"islemsuresi\" => \"integer\"\n\t\t\t}\n\t\t}\n\n\t mutate { add_field => { \"[@metadata][mesaj]\" => \"%{message}\" } }\n\t\tmutate { add_field => { \"[@metadata][index_type]\" => \"%{index_type}\" } }\n mutate { remove_field => [\"index_type\"] }\n\n\t\tmutate {\n\t\t\t remove_field => [\"host\",\"message\",\"@version\",\"@timestamp\",\"path\"]\n\n\t\t }\n\n\n\n}\n<\/code><\/pre>\n\n\n\noutput {\n\t\telasticsearch {\n\t\t\thosts => [\"localhost:9200\"]\n\t\t\tindex => \"%{[@metadata][index_type]}\"\n\t\t\tdocument_type => \"_doc\"\n\t\t\thttp_compression => true\n\t\t\t\t}\n\n\t\tkafka {\n\t\t\ttopic_id => \"tolgakafka\"\n\t\t\tbootstrap_servers => \"localhost:9092\"\n\n\t\t\tcodec => plain {\n\t\t\t\tformat => \"%{[@metadata][mesaj]}\"\n\t\t\t}\n\t\t}\n}\n\n<\/code><\/pre>\n\n\n\nbin\/kafka-topics.sh --create --bootstrap-server localhost:9092 --replication-factor 1 --partitions 1 --topic tolgakafka<\/code><\/pre>\n\n\n\n\n
![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-7.png\")
<\/p>\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-8.png\")
<\/p>\n![\"\"](\"https:\/\/bentego.com\/wp-content\/uploads\/2020\/07\/pasted-image-0-9.png\")
<\/p>\n
[1] : elastic.co\/guide\/en\/logstash\/current\/introduction.html\u00a0
[2] : tutorialspoint.com\/logstash\/images\/logstash_internal_architecture.jpg
[3] : elastic.co\/guide\/en\/logstash\/current\/event-dependent-configuration.html<\/p>\n\n\n\n