Logstash 1.5 and the three silly plugins

Transcript

Logstash 1.5 and the three silly plugins João Duarte -

@jsvd

Agenda • Logstash 1.5 • Three silly plugins • input

• ﬁlter • output • Demo!

Logstash 1.5 • Separation between core and plugins • New

plugins: Kafka (input and output), JMX input, RSS input, Heartbeat input • Performance improvements: grok ﬁlter, json (de)serialization • Windows love • documentation moved to https://elastic.co/guide/en/ logstash

• Plugins are Rubygems • Core and plugins can have

separate release cycles • Install/Uninstall/Update Plugins • from rubygems.org, local .gem ﬁle, local path • A plugin's spec suite can be executed in its repo Plugin system

Logstash 1.5 +180 plugins | 1 plugin => 1 github

repo

/tmp/logstash-1.5.0 % bin/plugin install logstash-filter-cidr Validating logstash-filter-cidr Installing logstash-filter-cidr Installation

successful /tmp/logstash-1.5.0 % /tmp/logstash-1.5.0 % bin/plugin uninstall logstash-filter-cidr Uninstalling logstash-filter-cidr /tmp/logstash-1.5.0 % /tmp/logstash-1.5.0 % bin/plugin list tcp logstash-input-tcp logstash-output-tcp /tmp/logstash-1.5.0 % /tmp/logstash-1.5.0 % bin/plugin update ........ Updated logstash-filter-geoip 0.1.9 to 0.1.10 Updated logstash-input-kafka 0.1.14 to 0.1.15 Updated logstash-output-elasticsearch 0.2.4 to 0.2.5 /tmp/logstash-1.5.0 % Logstash 1.5 bin/plugin

/tmp/logstash-1.5.0 % bin/plugin install logstash-filter-cidr Validating logstash-filter-cidr Installing logstash-filter-cidr Installation

/tmp % git clone https://github.com/logstash-plugins/logstash-filter- grok Cloning into 'logstash-filter-grok'... [...]

/tmp % cd logstash-filter-grok /tmp/logstash-filter-grok [master] % bundle install [...] Bundle complete! 2 Gemfile dependencies, 29 gems now installed. Use `bundle show [gemname]` to see where a bundled gem is installed. /tmp/logstash-filter-grok [master] % bundle exec rspec [...] ....................................................................... ................... Finished in 3.74 seconds 90 examples, 0 failures /tmp/logstash-filter-grok [master] % Logstash 1.5 bin/plugin

The story of the 3 silly plugins

Logstash not just for logs!

Logstash burglar alert system!!

Logstash burglar alert system!! !!!!!!!

None

logstash-input-imagesnap

imagesnap

logstash-input

logstash-input-imagesnap

logstash-filter-imagedetect !!!!!! .jpg .jpg

logstash-ﬁlter

imagedetect http://mindmeat.blogspot.pt/2008/07/java-image-comparison.html

logstash-ﬁlter-imagecompare

"Nous ne comprenons pas tout, mais nous n’insultons rien." logstash-output-say

say

logstash-output

logstash-output-say

Now what?

imagesnap imagecompare say if different { }

imagesnap imagecompare say if different { } different

Alright let’s build it

~/experiments/meetup_fr_20150526 % tree -L 1 . !"" logstash-1.5.0/ !"" logstash-filter-imagecompare/

!"" logstash-input-imagesnap/ !"" logstash-output-say/

% tail logstash-1.5.0/Gemfile gem "logstash-input-imagesnap", :path => "~/experiments/meetup_fr_20150526/logstash- input-imagesnap" gem

"logstash-filter-imagecompare", :path => "~/experiments/experiments/meetup_fr_20150526/ logstash-filter-imagecompare" gem "logstash-output-say", :path => "~/experiments/meetup_fr_20150526/logstash- output-say" logstash-1.5.0/Gemﬁle

input { imagesnap {} } filter { imagecompare { add_tag

=> ['different'] } } output { if 'different' in [tags] { say { voice => Thomas text => "Intrus! Intrus ! Allez-vous en! Je vais appeler la police!" } } } demo.conf

Logstash 1.5 and the three silly plugins

Logstash 1.5 and the three silly plugins

More Decks by Elastic Co

Other Decks in Programming

Featured

Transcript