tal-tech / Go Stash
Licence: mit
go-stash is a high performance, free and open source server-side data processing pipeline that ingests data from Kafka, processes it, and then sends it to ElasticSearch.
Stars: ✭ 214
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Go Stash
Elastiflow
Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
Stars: ✭ 2,322 (+985.05%)
Mutual labels: logstash, elk
Spring Boot Microservice Eureka Zuul Docker
Spring-Boot rest microservices using Eureka, Zuul, Docker. Monitoring with logstash, logback, elasticsearch, kibana
Stars: ✭ 45 (-78.97%)
Mutual labels: logstash, elk
Justlog
JustLog brings logging on iOS to the next level. It supports console, file and remote Logstash logging via TCP socket with no effort. Support for logz.io available.
Stars: ✭ 439 (+105.14%)
Mutual labels: logstash, elk
Docker monitoring logging alerting
Docker host and container monitoring, logging and alerting out of the box using cAdvisor, Prometheus, Grafana for monitoring, Elasticsearch, Kibana and Logstash for logging and elastalert and Alertmanager for alerting.
Stars: ✭ 479 (+123.83%)
Mutual labels: logstash, elk
Synesis lite suricata
Suricata IDS/IPS log analytics using the Elastic Stack.
Stars: ✭ 167 (-21.96%)
Mutual labels: logstash, elk
synesis lite syslog
Syslog collection with the Elastic Stack.
Stars: ✭ 31 (-85.51%)
Mutual labels: logstash, elk
Docker Elk
The Elastic stack (ELK) powered by Docker and Compose.
Stars: ✭ 12,327 (+5660.28%)
Mutual labels: logstash, elk
Elastic
Elastic Stack (6.2.4) 을 활용한 Dashboard 만들기 Project
Stars: ✭ 121 (-43.46%)
Mutual labels: logstash, elk
Elk Docker
Docker configuration for ELK monitoring stack with Curator and Beats data shippers support
Stars: ✭ 342 (+59.81%)
Mutual labels: logstash, elk
Microservice Scaffold
基于Spring Cloud(Greenwich.SR2)搭建的微服务脚手架(适用于在线系统),已集成注册中心(Nacos Config)、配置中心(Nacos Discovery)、认证授权(Oauth 2 + JWT)、日志处理(ELK + Kafka)、限流熔断(AliBaba Sentinel)、应用指标监控(Prometheus + Grafana)、调用链监控(Pinpoint)、以及Spring Boot Admin。
Stars: ✭ 211 (-1.4%)
Mutual labels: logstash, elk
Ansible Elk
📊 Ansible playbook for setting up an ELK/EFK stack and clients.
Stars: ✭ 284 (+32.71%)
Mutual labels: logstash, elk
Elk Stack
ELK Stack ... based on Elastic Stack 5.x
Stars: ✭ 148 (-30.84%)
Mutual labels: logstash, elk
Docker Elk Cadvisor Dashboards
ElasticSearch 1.7 (+data container) | Logstash 1.5.3 (+conf for elk logs) | Kibana 4 (+Dashboard for elk logs) | cAdvisor (Collect & View containers performance) | Nginx Proxy 1.9.3 (for SSL + password access).
Stars: ✭ 83 (-61.21%)
Mutual labels: logstash, elk
Elkstack
The config files and docker-compose.yml files of Dockerized ELK Stack
Stars: ✭ 96 (-55.14%)
Mutual labels: logstash, elk
Json Logging Python
Python logging library to emit JSON log that can be easily indexed and searchable by logging infrastructure such as ELK, EFK, AWS Cloudwatch, GCP Stackdriver
Stars: ✭ 143 (-33.18%)
Mutual labels: logstash, elk
English | 简体中文
go-stash简介
go-stash是一个高效的从Kafka获取,根据配置的规则进行处理,然后发送到ElasticSearch集群的工具。
go-stash有大概logstash 5倍的吞吐性能,并且部署简单,一个可执行文件即可。
安装
cd stash && go build stash.go
Quick Start
./stash -f etc/config.yaml
config.yaml示例如下:
Clusters:
- Input:
Kafka:
Name: go-stash
Log:
Mode: file
Brokers:
- "172.16.48.41:9092"
- "172.16.48.42:9092"
- "172.16.48.43:9092"
Topic: ngapplog
Group: stash
Conns: 3
Consumers: 10
Processors: 60
MinBytes: 1048576
MaxBytes: 10485760
Offset: first
Filters:
- Action: drop
Conditions:
- Key: status
Value: 503
Type: contains
- Key: type
Value: "app"
Type: match
Op: and
- Action: remove_field
Fields:
- message
- source
- beat
- fields
- input_type
- offset
- "@version"
- _score
- _type
- clientip
- http_host
- request_time
Output:
ElasticSearch:
Hosts:
- "http://172.16.188.73:9200"
- "http://172.16.188.74:9200"
- "http://172.16.188.75:9200"
Index: "go-stash-{{yyyy.MM.dd}}"
MaxChunkBytes: 5242880
GracePeriod: 10s
Compress: false
TimeZone: UTC
详细说明
input
Conns: 3
Consumers: 10
Processors: 60
MinBytes: 1048576
MaxBytes: 10485760
Offset: first
Conns
链接kafka的链接数,链接数依据cpu的核数,一般<= CPU的核数;
Consumers
每个连接数打开的线程数,计算规则为Conns * Consumers,不建议超过分片总数,比如topic分片为30,Conns *Consumers <= 30
Processors
处理数据的线程数量,依据CPU的核数,可以适当增加,建议配置:Conns * Consumers * 2 或 Conns * Consumers * 3,例如:60 或 90
MinBytes MaxBytes
每次从kafka获取数据块的区间大小,默认为1M~10M,网络和IO较好的情况下,可以适当调高
Offset
可选last和false,默认为last,表示从头从kafka开始读取数据
Filters
- Action: drop
Conditions:
- Key: k8s_container_name
Value: "-rpc"
Type: contains
- Key: level
Value: info
Type: match
Op: and
- Action: remove_field
Fields:
- message
- _source
- _type
- _score
- _id
- "@version"
- topic
- index
- beat
- docker_container
- offset
- prospector
- source
- stream
- Action: transfer
Field: message
Target: data
- Action: drop
- 删除标识:满足此条件的数据,在处理时将被移除,不进入es
- 按照删除条件,指定key字段及Value的值,Type字段可选contains(包含)或match(匹配)
- 拼接条件Op: and,也可写or
- Action: remove_field
移除字段标识:需要移除的字段,在下面列出即可
- Action: transfer
转移字段标识:例如可以将message字段,重新定义为data字段
Output
Index
索引名称,indexname-{{yyyy.MM.dd}}表示年.月.日,也可以用{{yyyy-MM-dd}},格式自己定义
MaxChunkBytes
每次往ES提交的bulk大小,默认是5M,可依据ES的io情况,适当的调整
GracePeriod
默认为10s,在程序关闭后,在10s内用于处理余下的消费和数据,优雅退出
Compress
数据压缩,压缩会减少传输的数据量,但会增加一定的处理性能,可选值true/false,默认为false
TimeZone
默认值为UTC,世界标准时间
ES性能写入测试
测试环境
- stash服务器:3台 4核 8G
- es服务器: 15台 16核 64G
关键配置
- Input:
Conns: 3
Consumers: 10
Processors: 60
MinBytes: 1048576
MaxBytes: 10485760
Filters:
- Action: remove_field
Fields:
- message
- source
- beat
- fields
- input_type
- offset
- request_time
Output:
Index: "nginx_pro-{{yyyy.MM.d}}"
Compress: false
MaxChunkBytes: 5242880
TimeZone: UTC
写入速度平均在15W/S以上
微信交流群
加群之前有劳给一个star,一个小小的star是作者们回答问题的动力。
如果文档中未能覆盖的任何疑问,欢迎您在群里提出,我们会尽快答复。
您可以在群内提出使用中需要改进的地方,我们会考虑合理性并尽快修改。
如果您发现bug请及时提issue,我们会尽快确认并修改。
添加我的微信:kevwan,请注明go-stash,我拉进go-stash社区群🤝
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].