Bird
Raised Fist0
Microservicessystem_design~5 mins

Centralized logging (ELK stack) in Microservices - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What does ELK stand for in the ELK stack?
ELK stands for Elasticsearch, Logstash, and Kibana. These three tools work together to collect, store, and visualize logs.
Click to reveal answer
beginner
What is the role of Logstash in the ELK stack?
Logstash collects logs from different sources, processes them (like filtering or parsing), and sends them to Elasticsearch for storage.
Click to reveal answer
beginner
How does Elasticsearch help in centralized logging?
Elasticsearch stores and indexes logs so you can quickly search and analyze large amounts of log data.
Click to reveal answer
beginner
What is Kibana used for in the ELK stack?
Kibana provides a web interface to visualize and explore logs stored in Elasticsearch using charts, graphs, and dashboards.
Click to reveal answer
beginner
Why is centralized logging important in microservices?
Centralized logging helps collect logs from many microservices in one place, making it easier to monitor, troubleshoot, and understand system behavior.
Click to reveal answer
Which ELK component is responsible for storing and indexing logs?
AElasticsearch
BLogstash
CKibana
DBeats
What does Logstash do in the ELK stack?
AVisualizes logs
BStores logs
CCollects and processes logs
DSends alerts
Which tool provides dashboards and charts to view logs?
AKibana
BLogstash
CFluentd
DElasticsearch
Why is centralized logging useful in microservices?
AIt stores logs locally on each service
BIt collects logs in one place for easier analysis
CIt replaces the need for monitoring
DIt automatically fixes bugs
Which ELK stack component is NOT part of the core ELK acronym but often used for lightweight log shipping?
ALogstash
BKibana
CElasticsearch
DBeats
Explain the roles of Elasticsearch, Logstash, and Kibana in the ELK stack.
Think about collecting, storing, and viewing logs.
You got /3 concepts.
    Why is centralized logging important when working with microservices?
    Consider the challenge of many services writing logs separately.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the main purpose of the ELK stack in microservices architecture?
      easy
      A. To manage database transactions
      B. To deploy microservices automatically
      C. To collect, store, and visualize logs from multiple services in one place
      D. To monitor network traffic between services

      Solution

      1. Step 1: Understand ELK stack components

        ELK stands for Elasticsearch (storage), Logstash (processing), and Kibana (visualization), all focused on logs.

      2. Step 2: Identify ELK stack role in microservices

        It centralizes logs from many services to one place for easier monitoring and troubleshooting.

      3. Final Answer:

        To collect, store, and visualize logs from multiple services in one place -> Option C

      4. Quick Check:

        ELK stack = centralized logging [OK]
      Hint: ELK = Elasticsearch + Logstash + Kibana for logs [OK]
      Common Mistakes:
      • Confusing ELK with deployment tools
      • Thinking ELK manages databases
      • Assuming ELK monitors network traffic
      2. Which of the following is the correct Docker Compose service name for running Elasticsearch in an ELK stack?
      easy
      A. elasticsearch
      B. kibana
      C. logstash
      D. filebeat

      Solution

      1. Step 1: Recall ELK stack components

        Elasticsearch stores logs, Logstash processes, Kibana visualizes, Filebeat ships logs.

      2. Step 2: Identify correct service name in Docker Compose

        The service running Elasticsearch is named "elasticsearch" in Docker Compose files.

      3. Final Answer:

        elasticsearch -> Option A

      4. Quick Check:

        Elasticsearch service = elasticsearch [OK]
      Hint: Elasticsearch service is named 'elasticsearch' in Docker Compose [OK]
      Common Mistakes:
      • Confusing Logstash or Kibana as Elasticsearch service
      • Using 'filebeat' as ELK core service
      • Misspelling service names
      3. Given this Logstash configuration snippet:
      input { beats { port => 5044 } } output { elasticsearch { hosts => ["http://elasticsearch:9200"] } }

      What happens when Logstash receives logs on port 5044?
      medium
      A. Logs are discarded because port 5044 is incorrect
      B. Logs are sent to Elasticsearch at http://elasticsearch:9200
      C. Logs are visualized directly by Kibana
      D. Logs are stored locally on Logstash server

      Solution

      1. Step 1: Analyze Logstash input configuration

        Logstash listens for logs from Beats agents on port 5044.

      2. Step 2: Analyze Logstash output configuration

        Logs received are forwarded to Elasticsearch at the specified host and port.

      3. Final Answer:

        Logs are sent to Elasticsearch at http://elasticsearch:9200 -> Option B

      4. Quick Check:

        Logstash input port 5044 forwards logs to Elasticsearch [OK]
      Hint: Logstash input port 5044 sends logs to Elasticsearch host [OK]
      Common Mistakes:
      • Assuming logs go directly to Kibana
      • Thinking port 5044 is invalid
      • Believing logs are stored locally on Logstash
      4. You configured Logstash to receive logs on port 5044, but no logs appear in Elasticsearch. Which is the most likely cause?
      medium
      A. Docker Compose file is missing Kibana service
      B. Kibana is not running
      C. Logstash input port is set to 9200 instead of 5044
      D. Elasticsearch service is down or unreachable

      Solution

      1. Step 1: Check connectivity between Logstash and Elasticsearch

        If Elasticsearch is down or unreachable, Logstash cannot send logs to it.

      2. Step 2: Verify other options

        Kibana not running or missing does not stop logs from reaching Elasticsearch; wrong input port would prevent Logstash from receiving logs, not sending.

      3. Final Answer:

        Elasticsearch service is down or unreachable -> Option D

      4. Quick Check:

        Logs missing usually means Elasticsearch unreachable [OK]
      Hint: Check Elasticsearch status if logs don't appear [OK]
      Common Mistakes:
      • Blaming Kibana for missing logs in Elasticsearch
      • Confusing input port with Elasticsearch port
      • Ignoring Elasticsearch service health
      5. You want to add a new microservice that sends logs to the ELK stack using Filebeat. Which steps should you take to ensure logs appear in Kibana?
      hard
      A. Install Filebeat on the microservice host, configure it to send logs to Logstash on port 5044, and verify Elasticsearch and Kibana are running
      B. Install Kibana on the microservice host and configure it to collect logs directly
      C. Configure Elasticsearch to pull logs from the microservice host automatically
      D. Run Logstash on the microservice host and send logs directly to Kibana

      Solution

      1. Step 1: Setup Filebeat on microservice host

        Filebeat collects logs locally and forwards them to Logstash on port 5044.

      2. Step 2: Ensure ELK stack components are running

        Logstash processes logs, sends them to Elasticsearch, and Kibana visualizes them.

      3. Final Answer:

        Install Filebeat on the microservice host, configure it to send logs to Logstash on port 5044, and verify Elasticsearch and Kibana are running -> Option A

      4. Quick Check:

        Filebeat -> Logstash -> Elasticsearch -> Kibana [OK]
      Hint: Filebeat sends logs to Logstash; Kibana visualizes them [OK]
      Common Mistakes:
      • Trying to send logs directly to Kibana
      • Expecting Elasticsearch to pull logs automatically
      • Running Logstash on microservice host unnecessarily