ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc0dde291fa7c19f90564e88e6a04ed4c26b5ba6
nexus/wiki/sources/ctp-topic-54-esm-saas-log-analytics.md
weishen fc0dde291f Auto-sync: 2026-04-19 14:51
2026-04-19 14:51:38 +08:00

60 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "CTP Topic 54 ESM SaaS Log Analytics"
type: source
tags: [Log-Analytics, SaaS, ESM, CTP, EKS]
date: 2026-04-14
---
## Source File
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-54-esm-saas-log-analytics.md]]
## Summary
- 核心主题ESMEnterprise Service ManagementSaaS Log Analytics日志分析架构与实践
- 问题域:云环境日志采集、存储、分析和可视化
- 方法/机制ELK StackElasticsearch、Logstash、Kibana/OpenSearch 架构BEATS 代理采集VPC 间私有流量传输TLS 1.2 加密RBAC 访问控制
- 结论/价值Log Analytics 是云运维可观测性的核心组件不同解决方案Logz.io、AWS OpenSearch、自托管 ELK、Microfocus OBA在成本、管理复杂度和功能上有显著差异
## Key Claims
- ELK Stack 是日志分析的标准开源方案,由 Elasticsearch存储搜索、Logstash处理转换和 Kibana可视化组成
- 应用通过 BEATS 代理Filebeat、Metricbeat 等采集日志Filebeat 作为容器持续将日志从应用 VPC 发送到日志 VPC
- OpenSearch 是 AWS 的 ELK 开源替代方案,提供托管服务
- 出于 GDPR 合规要求日志农场按区域splitOregon 美国、Europe 欧洲)
- 静态加密使用加密节点和 NVMe 设备硬件级加密,传输加密使用 TLS 1.2
- VPC 间流量走私有网络,不经过公网
- 成本对比单农场、14天保留、每日 100GBLogz.io 约 $4,000/月AWS OpenSearch 约 $1,500/月,自托管成本最低但维护量大
- 可用性 SLALogz.io 99.8%AWS OpenSearch 99.9%
## Key Quotes
> "The application collects your log, it's called the BEATS." — Jackie, ITOM ESM SAS architect
> "Due to legal reasons like GDPR, farms are split regionally, with farms in Oregon, the US, and Europe." — 区域合规要求
> "We have already built up all the farms." — 实施状态
## Key Concepts
- [[ELK Stack]]Elasticsearch + Logstash + Kibana 开源日志分析技术栈
- [[OpenSearch]]AWS 的 ELK 开源分支,托管日志分析服务
- [[Logstash]]:日志处理管道,聚合和转换日志数据
- [[Kibana]]:日志可视化前端
- [[BEATS]]Elastic 开发的轻量级数据采集器家族Filebeat、Metricbeat、Heartbeat 等)
- [[Filebeat]]:运行在容器中的日志文件采集代理
- [[Redis]]:可选的消息队列缓冲,防止 Logstash 过载
- [[RBAC]]:基于角色的访问控制
- [[GDPR]]:欧盟通用数据保护条例,合规驱动区域部署
- [[TLS 1.2]]:传输层安全协议版本
- [[Log Analytics]]:日志分析,日志数据的采集、存储、搜索和可视化
## Key Entities
- [[Jackie]]ITOM ESM SAS architect演讲者
## Connections
- [[ELK Stack]] ← depends_on ← [[BEATS]]
- [[ELK Stack]] ← depends_on ← [[Logstash]]
- [[ELK Stack]] ← depends_on ← [[Elasticsearch]]
- [[ELK Stack]] ← depends_on ← [[Kibana]]
- [[OpenSearch]] ← extends ← [[ELK Stack]]
- [[Logstash]] ← uses_buffer ← [[Redis]]
- [[Log Analytics]] ← implements ← [[Observability-Engineering]]
## Contradictions
- (暂无)
Reference in New Issue View Git Blame Copy Permalink