Forum Discussion
CirrocumulusTelemetry streaming directly to elastic
Hey all!
I´ve been reading up on telemetry streaming, but seems as I´m missing something. Most guides use logstash, but i want to send telemetry directly to elastic.
Can anyone help out with that declrarations to send ?
/Kim
BitAddict77Nimbostratus
Hi,
I am wondering if you made any progress with the F5 Telemetry streaming to Elasticsearch. I have enabled Telemetry Streaming on a F5 loadbalancer directly sending my Elasticsearch, but I can't get it work.
Maybe you are able to share your experience and help me? Would really appreciate it since I feel very lost regarding this issue.
kimhenriksenHi,
No we put it on ice and are now working on a prometheus solution instead. Have you check out the application study tool on github? If not, take a look at it. I´ve set it up in my local lab, you get very good info there and a feel for what you can do with prometheus. It´s a pull setup so, the tool logs in with a (in my case) auditor account and collects the info needed and presents it in a very good way. Maybe it´s doable for elastic in some similiar way but I dont know.
Here the link:
https://github.com/f5devcentral/application-study-tool
I've tried ElasticSearch in my home lab, but there were a few gotchas and it was a bit of a headache in order to get it to work (e.g. reindexing the F5 Timestamp).
I haven't used the Application Study Tool yet, but it looks good especially if you are managing a fleet of BIG-IP devices.
Currently, in my lab I am just using Prometheus as a pull consumer for metrics and SNMP polling to get the information that I need from the BIG-IP into my Grafana dashboard and I am quite impressed with the results. It's definitely a lot easier than getting ElasticSearch to work.
Grafana Dashboard Screenshot:
PSFletchTheTekCumulonimbus
Hi,
Logstash is elastic. It's normally known as ELK which is now part of what i think they call elasticsearch stack.
Elasticsearch is the nosql DB
Logstash is the data ingestor &
Kibana is the gui front end.
Now they are movinfg towards the agent approach or the use of the slightly older filebeat, metric beat agent.
Which pretty much does the same job as logstash it takes one protocol syslog/telemetry and converts this into fields that elastic can process and collate.
I think they are trying to move this again more into the ingest node, but it all depends on how you want to deploy it.So really, what i think you need to look for and i'd love to be copied in if its ever found as i've asked before and it didn't go far is either config for logstash or the agent to convert telemetry info into elastic.
- kimhenriksen
As I´ve understood if logstash is the syslog receiver that translates the data for elastic. But, some are moving away from the logstash part and just doing the EK minus L. And from what I´ve read is seems to be possible to use a push/pull method to update elastic directly.. and not have to use logstash. It´s a different setup.. but a little more modern i think.
It´s just the How I´m looking for now. We´ll see what I´ll find 🙂
- LiefZimmerman
Admin
kimhenriksen - your question kinda landed at a holiday-centric time; and it may be buried now for many people.
Have you made any progress?
If not (or if partial) I'm happy to hunt around internally for a SME who may be able to provide guidance.Cheers,
Lief- kimhenriksen
Hello!
No, have had much time for it either.
I think I saw some info about it in a lab guide (UDF if might be called.. ), not sure. But the part I have access to didnt explain it all, or give supply the commands used.
But if you´re able to find something in-house I´d be glad to have something to read 🙂
