Beacon is a high-performance, real-time log aggregation system built with Elixir, designed to compete with ELK stack while offering better real-time capabilities and resource efficiency. It can handle millions of log entries per second with true real-time processing and alerting.
- High-Performance Ingestion: Ingest millions of logs per second
- Real-Time Processing: Process and filter logs in real-time
- Advanced Search: Full-text search with filtering capabilities
- WebSocket Support: Stream logs directly to clients in real-time
- Time Series Storage: Efficient storage with built-in retention policies
- Subscription Management: Create and manage filtered log subscriptions
- Intelligent Alerts: Configurable alert rules with multiple notification channels
- Distributed Architecture: Multi-node clustering with automatic load balancing
- Production Monitoring: Built-in Prometheus metrics, Grafana dashboards, and health checks
- Resource Efficient: Built on Elixir/OTP for excellent performance
- Architecture
- Getting Started
- Usage
- Monitoring & Operations
- Distributed Architecture
- Advanced Features
- Development
- Documentation
- Contributing
- License
Beacon is built on a GenStage processing pipeline architecture with distributed clustering support:
- Ingestor: Receives and validates incoming logs
- Parser: Parses and normalizes log formats
- Pipeline: Multi-stage processing pipeline
- Filter: Removes unwanted logs
- Enrichment: Adds metadata and context
- Aggregation: Performs real-time aggregations
- Storage: Efficient time-series storage with text indexing and replication
- Alerts Engine: Monitors logs against configurable rules and triggers notifications
- Distributed Layer: Node clustering, load balancing, and data replication
- HTTP/WebSocket API: Unified interface for queries, real-time streaming, and alert management
- Monitoring: Built-in metrics, health checks, and observability
- Erlang/OTP 26 or later
- Elixir 1.18 or later
- Node.js 20 or later
- npm 10 or later
- Docker & Docker Compose (for Prometheus/Grafana stack)
Clone the repository:
git clone https://github.com/Chahine-tech/beacon.git
cd beaconcd api
mix deps.getcd front
npm installcd api
mix run --no-halt
# Or for interactive mode:
# iex -S mixThe server will start on port 4000 by default.
cd front
npm run dev# Single log with full metadata
curl -X POST http://localhost:4000/logs \
-H "Content-Type: application/json" \
-d '{
"level": "error",
"message": "Database connection timeout",
"source": "db-service",
"timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'",
"user_id": "12345",
"request_id": "abc-123"
}'
# Batch logs
curl -X POST http://localhost:4000/logs/batch \
-H "Content-Type: application/json" \
-d '[
{
"level": "error",
"message": "Failed authentication attempt",
"source": "auth-service",
"timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"
},
{
"level": "info",
"message": "User profile updated",
"source": "user-service",
"timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'",
"user_id": "67890"
}
]'# Basic search
curl "http://localhost:4000/search?q=error"
# Search with time range (ISO8601 format)
curl "http://localhost:4000/search?q=database&start_time=2025-01-01T00:00:00.000Z&end_time=2025-01-02T00:00:00.000Z"
# Advanced search with multiple parameters
curl "http://localhost:4000/search?q=error&limit=50&sort=timestamp"# Get alert engine statistics
curl http://localhost:4000/alerts/stats
# Create an alert rule
curl -X POST http://localhost:4000/alerts/rules \
-H "Content-Type: application/json" \
-d '{
"name": "High Error Rate Alert",
"description": "Triggers when error logs are detected",
"severity": "high",
"status": "active",
"conditions": [
{
"type": "threshold",
"field": "level",
"operator": "eq",
"value": "error"
}
],
"logical_operator": "and",
"cooldown_seconds": 60,
"tags": ["production", "critical"]
}'
# List all alert rules
curl http://localhost:4000/alerts/rules
# Get specific alert rule
curl http://localhost:4000/alerts/rules/{rule_id}
# List alert instances
curl http://localhost:4000/alerts/instances
# Acknowledge an alert instance
curl -X POST http://localhost:4000/alerts/instances/{instance_id}/acknowledge \
-H "Content-Type: application/json" \
-d '{
"acknowledged_by": "operator@example.com",
"reason": "Investigating the issue"
}'Connect to the WebSocket endpoint to receive logs in real-time:
# Using wscat (npm install -g wscat)
wscat -c ws://localhost:4000/ws/logsAccess the frontend dashboard in your browser:
http://localhost:5173/
The dashboard provides:
- Real-time log streaming view
- Advanced search interface
- Log analytics and visualization
- System health monitoring
Beacon includes enterprise-grade monitoring and operations features for production deployments.
Multiple health check endpoints for different use cases:
# Quick liveness check (for load balancers)
curl http://localhost:4000/health
# Readiness check (returns 503 if not ready)
curl http://localhost:4000/health/ready
# Detailed health status (comprehensive diagnostics)
curl http://localhost:4000/health/detailedExport metrics in Prometheus format for monitoring and alerting:
# Prometheus text format
curl http://localhost:4000/metrics
# JSON format
curl http://localhost:4000/metrics/jsonKey Metrics:
logs_ingested_total- Total logs ingestedlogs_ingestion_rate- Logs per secondstorage_bytes_total- Storage sizesystem_memory_total_bytes- Memory usagecluster_nodes_total- Number of cluster nodesrealtime_subscriptions- Active WebSocket connectionsalerts_active_rules- Active alert rulesalerts_sent_total- Total alerts sent
Prometheus Configuration:
scrape_configs:
- job_name: 'beacon'
scrape_interval: 30s
static_configs:
- targets: ['localhost:4000']
metrics_path: /metricsBeacon provides 5 pre-built Grafana dashboards with 33+ panels:
# List available dashboards
curl http://localhost:4000/api/grafana/dashboards
# Download specific dashboard
curl http://localhost:4000/api/grafana/dashboards/overviewAvailable Dashboards:
- Overview Dashboard - System health and high-level metrics (16 panels)
- Performance Dashboard - Detailed performance and throughput (6 panels)
- Storage Dashboard - Storage utilization and growth tracking (6 panels)
- Cluster Dashboard - Distributed cluster health monitoring (2 panels)
- Alerts Dashboard - Alert system performance tracking (3 panels)
Quick Start with Monitoring Stack:
# Start Prometheus, Grafana, and AlertManager
cd examples
docker-compose -f docker-compose.monitoring.yml up -d
# Import dashboards automatically
./grafana-quickstart.shAccess Grafana at http://localhost:3000 (admin/admin)
Alert Rules:
50+ pre-configured Prometheus alert rules across 8 categories:
- Health alerts (service down, memory issues)
- Ingestion alerts (rate changes, no logs)
- Storage alerts (growth, capacity)
- Cluster alerts (node loss, split brain)
- Real-time alerts (WebSocket issues)
- Alert system alerts (alert storms)
- Performance alerts (efficiency, utilization)
- Meta alerts (monitoring failures)
See examples/prometheus-alerts.yml for complete alert rules.
View and validate runtime configuration:
# View current configuration
curl http://localhost:4000/config
# Validate configuration
curl http://localhost:4000/config/validateEnvironment Variables:
Configure Beacon using environment variables:
# Server
export PORT=4000
export APPLICATION_ENV=prod
# Cluster
export NODE_NAME=node1@localhost
export REPLICATION_FACTOR=2
export SHARD_COUNT=16
# Storage
export RETENTION_DAYS=30
export STORAGE_COMPRESSION=true
# Monitoring
export METRICS_ENABLED=true
export ALERTS_ENABLED=trueSee Configuration Guide for all available options.
Initiate graceful shutdown to ensure no data loss:
# Initiate shutdown
curl -X POST http://localhost:4000/ops/shutdown
# Check shutdown status
curl http://localhost:4000/ops/shutdown/statusThe shutdown process:
- Stops accepting new traffic
- Notifies WebSocket clients
- Drains the processing pipeline
- Flushes storage
- Cleans up cluster state
Beacon supports distributed clustering for high availability and scalability.
- Automatic Node Discovery - Using libcluster
- Data Replication - Configurable replication factor
- Consistent Hashing - For data distribution
- Load Balancing - Automatic request routing
- Fault Tolerance - Node failure handling
# Get cluster status
curl http://localhost:4000/cluster/status
# Get node health
curl http://localhost:4000/cluster/nodes/health
# Trigger rebalance
curl -X POST http://localhost:4000/cluster/rebalance
# Get specific node info
curl http://localhost:4000/cluster/nodes/{node_name}# Start multiple nodes
./start_cluster.sh
# Or manually
NODE_NAME=node1@127.0.0.1 PORT=4000 iex -S mix
NODE_NAME=node2@127.0.0.1 PORT=4001 iex -S mix
NODE_NAME=node3@127.0.0.1 PORT=4002 iex -S mixSee DISTRIBUTED.md for detailed clustering documentation.
The search API offers advanced filtering and full-text search capabilities with:
- Full-text search across all log fields
- Time-range filtering
- Level-based filtering
- Source filtering
- Query optimization for time-series data
- Pagination support
Real-time features include WebSocket streaming and subscription management with:
- Live log tailing with filtering
- Subscription-based event delivery
- Automatic reconnection handling
- Backpressure management
Comprehensive alerting system with:
- Pattern matching and threshold-based rules
- Multiple notification channels (Webhook, Slack, Email)
- Alert state management (firing, acknowledged, resolved)
- Cooldown periods
- Alert history tracking
- Alert storm prevention
See alert examples in the Usage section above.
Beacon is organized as a monorepo with separate backend and frontend folders:
lib/log_aggregator.ex: Main application modulelib/log_aggregator/application.ex: OTP application setuplib/log_aggregator/ingestor.ex: Log ingestion systemlib/log_aggregator/pipeline/: Log processing pipelinelib/log_aggregator/storage/: Storage subsystemlib/log_aggregator/distributed/: Clustering and distributionlib/log_aggregator/real_time/: Real-time subsystemlib/log_aggregator/alerts/: Alert management systemlib/log_aggregator/monitoring.ex: Monitoring and metricslib/log_aggregator/grafana/: Grafana dashboard templateslib/log_aggregator/http_endpoint.ex: HTTP APIlib/log_aggregator/open_api/: OpenAPI/Swagger documentation
- Modern React application with TypeScript
- Real-time dashboard for log visualization
- Search interface with advanced filtering
- Alert management UI
- Docker Compose configurations
- Prometheus configuration and alert rules
- Grafana quickstart scripts
- Monitoring stack setup
Backend tests:
cd api
mix testComprehensive documentation is available:
- Advanced search and query capabilities
- Real-time streaming and WebSocket API
- Distributed clustering architecture
- Complete monitoring guide (health checks, metrics)
- Grafana dashboard integration guide
- OpenAPI/Swagger documentation
- examples/README.md - Quick start guides and examples
- Swagger UI: http://localhost:4000/api/swagger
- OpenAPI Spec: http://localhost:4000/api/openapi
- Operations runbook and troubleshooting
# Start monitoring stack (Prometheus + Grafana)
cd examples
./grafana-quickstart.shBeacon is designed for high performance:
- Ingestion: 100K+ logs/second per node
- Query: <100ms for recent data searches
- Memory: <2GB for 1M logs in memory
- Compression: 10:1 compression ratio for archived logs
- Clustering: Linear scalability with node count
Built with β€οΈ using Elixir/OTP