Auto-sync: 2026-04-19 14:51
This commit is contained in:
60
wiki/sources/ctp-topic-54-esm-saas-log-analytics.md
Normal file
60
wiki/sources/ctp-topic-54-esm-saas-log-analytics.md
Normal file
@@ -0,0 +1,60 @@
|
||||
---
|
||||
title: "CTP Topic 54 ESM SaaS Log Analytics"
|
||||
type: source
|
||||
tags: [Log-Analytics, SaaS, ESM, CTP, EKS]
|
||||
date: 2026-04-14
|
||||
---
|
||||
|
||||
## Source File
|
||||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-54-esm-saas-log-analytics.md]]
|
||||
|
||||
## Summary
|
||||
- 核心主题:ESM(Enterprise Service Management)SaaS Log Analytics(日志分析)架构与实践
|
||||
- 问题域:云环境日志采集、存储、分析和可视化
|
||||
- 方法/机制:ELK Stack(Elasticsearch、Logstash、Kibana)/OpenSearch 架构,BEATS 代理采集,VPC 间私有流量传输,TLS 1.2 加密,RBAC 访问控制
|
||||
- 结论/价值:Log Analytics 是云运维可观测性的核心组件,不同解决方案(Logz.io、AWS OpenSearch、自托管 ELK、Microfocus OBA)在成本、管理复杂度和功能上有显著差异
|
||||
|
||||
## Key Claims
|
||||
- ELK Stack 是日志分析的标准开源方案,由 Elasticsearch(存储搜索)、Logstash(处理转换)和 Kibana(可视化)组成
|
||||
- 应用通过 BEATS 代理(Filebeat、Metricbeat 等)采集日志,Filebeat 作为容器持续将日志从应用 VPC 发送到日志 VPC
|
||||
- OpenSearch 是 AWS 的 ELK 开源替代方案,提供托管服务
|
||||
- 出于 GDPR 合规要求,日志农场按区域split(Oregon 美国、Europe 欧洲)
|
||||
- 静态加密使用加密节点和 NVMe 设备硬件级加密,传输加密使用 TLS 1.2
|
||||
- VPC 间流量走私有网络,不经过公网
|
||||
- 成本对比(单农场、14天保留、每日 100GB):Logz.io 约 $4,000/月,AWS OpenSearch 约 $1,500/月,自托管成本最低但维护量大
|
||||
- 可用性 SLA:Logz.io 99.8%,AWS OpenSearch 99.9%
|
||||
|
||||
## Key Quotes
|
||||
> "The application collects your log, it's called the BEATS." — Jackie, ITOM ESM SAS architect
|
||||
|
||||
> "Due to legal reasons like GDPR, farms are split regionally, with farms in Oregon, the US, and Europe." — 区域合规要求
|
||||
|
||||
> "We have already built up all the farms." — 实施状态
|
||||
|
||||
## Key Concepts
|
||||
- [[ELK Stack]]:Elasticsearch + Logstash + Kibana 开源日志分析技术栈
|
||||
- [[OpenSearch]]:AWS 的 ELK 开源分支,托管日志分析服务
|
||||
- [[Logstash]]:日志处理管道,聚合和转换日志数据
|
||||
- [[Kibana]]:日志可视化前端
|
||||
- [[BEATS]]:Elastic 开发的轻量级数据采集器家族(Filebeat、Metricbeat、Heartbeat 等)
|
||||
- [[Filebeat]]:运行在容器中的日志文件采集代理
|
||||
- [[Redis]]:可选的消息队列缓冲,防止 Logstash 过载
|
||||
- [[RBAC]]:基于角色的访问控制
|
||||
- [[GDPR]]:欧盟通用数据保护条例,合规驱动区域部署
|
||||
- [[TLS 1.2]]:传输层安全协议版本
|
||||
- [[Log Analytics]]:日志分析,日志数据的采集、存储、搜索和可视化
|
||||
|
||||
## Key Entities
|
||||
- [[Jackie]]:ITOM ESM SAS architect,演讲者
|
||||
|
||||
## Connections
|
||||
- [[ELK Stack]] ← depends_on ← [[BEATS]]
|
||||
- [[ELK Stack]] ← depends_on ← [[Logstash]]
|
||||
- [[ELK Stack]] ← depends_on ← [[Elasticsearch]]
|
||||
- [[ELK Stack]] ← depends_on ← [[Kibana]]
|
||||
- [[OpenSearch]] ← extends ← [[ELK Stack]]
|
||||
- [[Logstash]] ← uses_buffer ← [[Redis]]
|
||||
- [[Log Analytics]] ← implements ← [[Observability-Engineering]]
|
||||
|
||||
## Contradictions
|
||||
- (暂无)
|
||||
Reference in New Issue
Block a user