Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Life of a Logstash Event

Elastic Co
March 19, 2015
Technology
4
6.9k

Life of a Logstash Event

Join me for this presentation to follow the journey of a Logstash event as it travels through the internal Logstash processing pipeline. Understanding Logstash internals will help you make better design decisions for your streaming data processing architecture.

You will learn how data is transported in and out of Logstash through its input and output plugins, how Logstash decodes and encodes external data formats using the codec plugins and how the parsing, transformation and enrichment of this data is executed by the filter plugins.

We will follow an event as it travels through the pipeline stages and internal queuing, what happens when things start to break downstream, plus how congestion and backpressure is handled.

The Logstash pipeline is multithreaded, so you’ll also learn how to scale up and take advantage of all your host CPU cores and how to leverage parallelism to accelerate the processing throughput.

Logstash is an amazingly powerful and flexible tool. As a Logstash user, this presentation will help you optimize your logstash configuration and, for developers, you will have much better insights for contributing plugins.

Elastic Co

March 19, 2015
Tweet

More Decks by Elastic Co

See All by Elastic Co
Les Vendredis noirs : même pas peur ! - Breizhcamp
elastic
15
770
Confoo Montreal: Ingest node: enriching documents within Elasticsearch
elastic
16
810
Elastic{ON} 2018 - Sipping from the Firehose: Scalable Endpoint Data for Incident Response
elastic
6
4.2k
Elastic{ON} 2018 - A Security Analytics Platform for Today
elastic
3
11k
Elastic{ON} 2018 - The State of Geo in Elasticsearch
elastic
7
12k
Elastic{ON} 2018 - Reliable by design - Applying formal methods to distributed systems
elastic
5
4.7k
Elastic{ON} 2018 - Bigger, Faster, Stronger - Leveling Up Enterprise Logging
elastic
1
4.9k
Elastic{ON} 2018: Latest in Logstash
elastic
1
4.5k
Elastic{ON} 2018 - Lessons Learned from Workday's Search Application Journey from POC to Production
elastic
2
2.4k

Other Decks in Technology

See All in Technology
次世代Web認証「パスキー」 / mo-zatsudan-passkey
nkzn
22
13k
WebアプリケーションにおけるPDOの使い方入門 / phpcon odawara 2024
meihei3
2
420
普段有償でサポート業務をしているCSAが技術知見を無料で公開する理由
07jp27
1
620
強みを伸ばすキャリアデザイン
yug1224
0
200
エンタープライズ環境下での Active Directory の運用 TIPS
tamaiyutaro
1
1.5k
**強い**エンジニアのなり方 - フィードバックサイクルを勝ち取る / grow one day each day
soudai
60
17k
マルチアカウント環境への発見的統制の導入
ch1aki
1
1.3k
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
0
170
アプリがつくるNOT A HOTELブランド
hokuts
0
450
自動生成を活用した、運用保守コストを抑える Error/Alert/Runbook の一元集約管理 / Centralized management of Error/Alert/Runbook to minimize operational costs using automated code generation
biwashi
9
2k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs (QCon London)
inesmontani
PRO
0
150
The CloudCompare project by Dr. Daniel Girardeau-Montaut
kentaitakura
0
500

Featured

See All Featured
Building an army of robots
kneath
300
41k
Large-scale JavaScript Application Architecture
addyosmani
503
110k
The Art of Programming - Codeland 2020
erikaheidi
41
12k
Happy Clients
brianwarren
91
6.4k
Imperfection Machines: The Place of Print at Facebook
scottboms
258
12k
Rebuilding a faster, lazier Slack
samanthasiow
72
8.2k
Infographics Made Easy
chrislema
237
18k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
51k
Statistics for Hackers
jakevdp
789
220k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
How To Stay Up To Date on Web Technology
chriscoyier
781
250k
Building Effective Engineering Teams - LeadDev
addyosmani
26
1.8k

Transcript

  1. Life of an Event in Logstash Colin Surprenant, Elasticsearch Software

    Engineer [email protected] colinsurprenant

  2. { } CC-BY-ND 4.0 Agenda 2 •Logstash quick intro •Pipeline

    overview •Plugin architecture •Scaling up Logstash •Pipeline stages •input •filter •output

  3. { } CC-BY-ND 4.0 Logstash quick intro Collect, parse and

    store logs 3

  4. { } CC-BY-ND 4.0 Logstash quick intro • Logs? 4

    ALL  THE  DATA  with  a  timestamp No  timestamp?  Hey!  
 we’ll  add  one  for  you.  

  5. { } CC-BY-ND 4.0 Logstash quick intro Transport & processing


    of
 streaming / continuous data 5

  6. { } CC-BY-ND 4.0 Logstash quick intro – Heterogenous formats

    and protocols – Unstructured format – Decentralized 6 Logging problems

  7. { } CC-BY-ND 4.0 Definitions • Event • Plugin (input,

    filter, output) • Pipeline 7

  8. { } CC-BY-ND 4.0 Logstash pipeline 8

  9. { } CC-BY-ND 4.0 Logstash pipeline 9 3 stages pipeline

  10. { } CC-BY-ND 4.0 Plugin architecture • ~200 plugins https://github.com/logstash-plugins

    • Input plugins: captures external data+format & transform it to logstash events • Filter plugins: process/transform events • Output plugins: send events to external destination & format 10

  11. { } CC-BY-ND 4.0 Plugin architecture • Codecs are plugins

    • Optional part of input and output plugins • encode and decode raw data that enter or exit the pipeline • Character encoding/transcoding into UTF-8 11 Codecs

  12. { } CC-BY-ND 4.0 Plugin architecture 12

  13. { } CC-BY-ND 4.0 Logstash pipeline 13 3 stages pipeline

  14. { } CC-BY-ND 4.0 Logstash pipeline 14 Internal queuing

  15. { } CC-BY-ND 4.0 Logstash pipeline 15 backpressure

  16. { } CC-BY-ND 4.0 Scaling out Logstash 16 shipper/indexer architecture

  17. { } CC-BY-ND 4.0 Scaling up the pipeline • Logstash

    pipeline is multithreaded • Each stage offers configurable concurrency options • Leverage multiple cores in host 17

  18. { } CC-BY-ND 4.0 Pipeline input stage 18

  19. { } CC-BY-ND 4.0 Pipeline input worker 19

  20. { } CC-BY-ND 4.0 Pipeline filter stage 20

  21. { } CC-BY-ND 4.0 Pipeline filter stage 21

  22. { } CC-BY-ND 4.0 Pipeline filter stage 22

  23. { } CC-BY-ND 4.0 Pipeline output stage 23

  24. { } CC-BY-ND 4.0 Pipeline output stage 24

  25. { } CC-BY-ND 4.0 Function compilation • Filter and output

    stages are compiled to a single function • Anyone knows or can guess why? 25

  26. { } CC-BY-ND 4.0 Function Compilation • Hint 26

  27. { } CC-BY-ND 4.0 Function Compilation • Conditionals • Message

    passing is not free 27

  28. { } CC-BY-ND 4.0 Logstash pipeline 28

  29. { } Thank you! Colin Surprenant, Elasticsearch Software Engineer [email protected]

    colinsurprenant

  30. { } This work is licensed under the Creative Commons

    Attribution-NoDerivatives 4.0 International License. To view a copy of this license, visit: http://creativecommons.org/licenses/by-nd/4.0/ or send a letter to: Creative Commons PO Box 1866 Mountain View, CA 94042 USA CC-BY-ND 4.0