MSSQL Use cases for elasticsearch stack?

Blason · November 12, 2017, 1:15pm

Hi Guys,

Can someone please elaborate what could be use cases for MS-SQL? OR Database in general? I mean what kind of dashboards can be created our SQL data?

TIA

dadoonet · November 12, 2017, 1:51pm

Some use cases I can think of:

Search use case where relevancy matters. I don't want only to get data that matches but I want to give my users the most relevant results first. Think about it like "Google" for your MSSQL data.
BI Like use case. I want to give insights to my users. I can compute every night a dashboard in MSSQL by running a batch which is going to aggregate data or I can do that in real time any time I want without having to prepare any script or batch. I just ask for any insight when I actually need it.
Performance. I want that my users get results in some milliseconds, not seconds or minutes
Scale. Scaling can be hard and very costly for traditional RDBMS. Not a problem with elasticsearch.
Offload my MSSQL database. By running queries on elasticsearch instead of MSSQL you will use MSSQL for what it is very good at: storing and getting data by ID (and CRUD in general). Then instead of using lot of CPU for searching on your MSSQL DB you will use Elasticsearch instead. Elasticsearch is built for search.

My 2 cents

Blason · November 12, 2017, 3:42pm

I see I am mean since I am network security admin I am looking from that perspective. Like the top query executed, by whom, where is the database accessed, who accessed, modification time etc?

dadoonet · November 12, 2017, 4:01pm

Something like what packetbeat, filebeat, metricbeat can give you?

Blason · November 12, 2017, 5:15pm

Yeah especially filebeat? I mean not sure what could be the use cases for MS-SQL -

Like I need to start logging of SQL server into Windows Event
Then capture those events from winlogbeat?

Blason · November 12, 2017, 5:36pm

To be specific I believe enabling Database and Server audit and let that log into System/Application events and then forward those to elsaticstack.

dadoonet · November 12, 2017, 5:37pm

I moved your question to #beats where I believe you can get more information about what can be done regarding collecting MSSQL service related data.

steffens · November 13, 2017, 6:10pm

With beats you can collect any kind of logs MS-SQL can write. If possible I'd prefer logging to files instead of Windows Event Logs. Collecting logs via Windows Event Logs can be much slower in comparison to files.

Regarding packetbeat we does not support TDS right now (See https://github.com/elastic/beats/issues/149).

Same for metricbeat. MSSQL would be a great addition to metricbeat. Feel free to open an enhancement request: https://github.com/elastic/beats/issues

system · December 11, 2017, 6:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
MS SQL monitoring with Filebeat? Beats filebeat	11	4722	November 17, 2020
Mssql server data -> elasticsearch Elasticsearch	1	196	December 16, 2021
Concept MS-SQL and Elasticsearch Elasticsearch	2	463	August 19, 2018
Mssql logs through elasticsearch stack Logstash	5	631	November 7, 2017
How can I monitor MSSQL database server using Elastic search Beats	4	2390	April 25, 2019

MSSQL Use cases for elasticsearch stack?

Related topics