$30 off During Our Annual Pro Sale. View Details »

Log all the things!

Elasticsearch Inc
July 22, 2016
Technology
4
1.1k

Log all the things!

Honza Král's talk from Europython 2016:

Centralized logging (and the Elastic stack) is proving itself to be a very useful tool in managing a production infrastructure. When combined with other data sources (application logging, business data, …) it can provide even more insight.

This talk is an introduction into the area with some overview of the motivation, tools and techniques that can prove useful. We will show how the open source ELK (Elasticsearch Logstash and Kibana) stack can be used to implement this.

It is geared towards people familiar with the DevOps concept that are looking to improve their lives by introducing smarter tools.

Elasticsearch Inc

July 22, 2016
Tweet

More Decks by Elasticsearch Inc

See All by Elasticsearch Inc
OSCON: Scaling a distributed engineering team from 50-250
elasticsearch
13
1.3k
Stuff a Search Engine Can Do
elasticsearch
17
1.6k
Using Elastic to monitor anything
elasticsearch
3
1.5k
Why Elastic? @ 50th Vinitaly 2016
elasticsearch
5
1.9k
What's New In Elasticland?
elasticsearch
3
780
Kibana, Timelion, Graph Meetup
elasticsearch
3
750
Elastic for Time Series Data and Predictive Analytics
elasticsearch
4
2.9k
Elastic 2.0
elasticsearch
1
720
Explore your data with Elasticsearch
elasticsearch
5
1.2k

Other Decks in Technology

See All in Technology
ChatGPT for Developer - 超入門
dahatake
39
18k
Amazon Bedrock のはじめ方
icoxfog417
1
1.1k
從心開始的純軟之路
line_developers_tw
PRO
0
220
cloudflare-workersを使ってslack上に匿名チャットを作った話
sugawani
0
130
About HealthKit nutrition
coe
0
150
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
1.1k
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
180
Kuma UIのこれまでとこれから
poteboy
5
2.9k
噂の Amazon Bedrock を Java から使ってみる #javado
tacck
1
120
RealSense T265とD415とUFACTORY Lite 6で模倣学習の実験
hygradme
0
290
Snowflake x Terraformに自動テストを導入した話
kddisnowvillage
0
150
アンドパッドが Ruby と RubyKaigi にコミットする理由
andpad
1
270

Featured

See All Featured
Statistics for Hackers
jakevdp
787
220k
Designing with Data
zakiwarfel
93
4.6k
A Tale of Four Properties
chriscoyier
150
22k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Designing the Hi-DPI Web
ddemaree
274
33k
Mobile First: as difficult as doing things right
swwweet
214
8.3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.6k
Writing Fast Ruby
sferik
615
59k
Happy Clients
brianwarren
91
6.1k
Designing for Performance
lara
601
66k
Learning to Love Humans: Emotional Interface Design
aarron
265
39k
How GitHub Uses GitHub to Build GitHub
holman
467
280k

Transcript

  1. Log all the things!
    Honza Král
    @honzakral

    View Slide

  2. Logs?

    View Slide

  3. Log lines
    Twitter feed
    Invoices
    Metrics
    Events!

    View Slide

  4. Why?

    View Slide

  5. What happened
    last Tuesday?

    View Slide

  6. Multiple machines
    Multiple logs
    Analysis/Discovery
    Time period
    Grep?

    View Slide

  7. Time? Time?! Time!
    apache
    unix timestamp
    log4j
    postfix.log
    ISO 8601
    [23/Jan/2014:17:11:55 +0000]
    1390994740
    2009-01-01T12:00:00+01:00
    [2014-01-29 12:28:25,470]
    Feb 3 20:37:35

    View Slide

  8. Web Server logs VS Load Balancer
    see immediately that caching is off
    static files leaking to gunicorn
    Web Server VS Database
    500s VS Deploys
    new version has a bug
    Traffic VS Ad Campaigns
    Correlate events

    View Slide

  9. Central storage
    Even for data from different systems
    Enriched data
    IP -> location, hostname
    URL -> author, product, category
    Search
    user:honza status:404
    Analysis
    Visualisations for easy pattern discovery
    Ideal state

    View Slide

  10. Centralised
    Logging

    View Slide

  11. Steps
    Collect data
    Parse data
    Enrich data
    Store data
    Search and aggregate
    Visualize data

    View Slide

  12. Elastic Stack

    View Slide

  13. Steps in Elastic Stack
    Collect data
    Parse data
    Enrich data
    Store data
    Search and aggregate
    Visualize data

    View Slide

  14. Steps in Elastic Stack
    Collect data
    Parse data
    Enrich data
    Store data
    Search and aggregate
    Visualize data

    View Slide

  15. View Slide

  16. metricbeat:
    modules:
    - module: redis
    metricsets: ["info"]
    hosts: ["host1"]
    period: 1s
    enabled: true
    - module: apache
    metricsets: ["info"]
    hosts: ["host1"]
    period: 30s
    enabled: true
    filebeat:
    prospectors:
    - paths:
    - "logs/access.log"
    document_type: access
    multiline:
    pattern: ^#
    negate: true
    match: after
    protocols:
    http:
    ports: [80, 8000]
    mysql:
    ports: [3306]
    redis:
    ports: [6379]
    pgsql:
    ports: [5432]
    thrift:
    ports: [9090]
    output:
    logstash:
    hosts: ["localhost:5044"]

    View Slide

  17. View Slide

  18. Inputs
    Monitoring collectd, graphite, ganglia, snmptrap, zenoss
    Datastores elasticsearch, redis, sqlite, s3
    Queues kafka, rabbitmq, zeromq
    Logging beats, eventlog, gelf, log4j, relp, syslog, varnish log
    Platforms
    drupal_dblog, gemfire, heroku, sqs, s3, twitter
    Local
    exec, generator, file, stdin, pipe, unix
    Protocol imap, irc, stomp, tcp, udp, websocket, wmi, xmpp

    View Slide

  19. Filters
    aggregate alter anonymize collate csv
    cidr clone cipher checksum date dns
    drop elasticsearch extractnumbers
    environment elapsed fingerprint geoip
    grok i18n json json_encode kv mutate
    metrics multiline metaevent prune punct
    ruby range syslog_pri sleep split throttle
    translate uuid urldecode useragent xml
    zeromq ...

    View Slide

  20. Outputs
    Store elasticsearch, gemfire, mongodb, redis, riak, rabbitmq, solr
    Monitoring
    ganglia, graphite, graphtastic, nagios, opentsdb, statsd, zabbix
    Notification email, hipchat, irc, pagerduty, sns
    Protocol
    gelf, http, lumberjack, metriccatcher, stomp, tcp, udp, websocket,
    xmpp
    External service
    google big query, google cloud storage, jira, loggly, riemann, s3,
    sqs, syslog, datadog
    External monitoring boundary, circonus, cloudwatch, librato
    Local csv, dots, exec, file, pipe, stdout, null

    View Slide

  21. View Slide

  22. Open Source


    Document-based


    Based on Lucene

    JSON over HTTP
    Distributed Search Engine

    View Slide

  23. Cluster
    Collection of Nodes
    Index
    Collection of Shards
    Shard
    Unit of scale
    Distributed across cluster
    Primary and replica
    Data Management
    node 1
    orders
    products
    2
    1
    4
    1
    node 2
    orders
    products
    2
    2
    node 3
    orders
    3 4
    1
    3
    products

    View Slide

  24. Time based data flow
    Current
    replicas to speed up search
    on stronger boxes
    Week old
    snapshot
    keep only 1 replica
    Month old move to weaker boxes
    2 months close the indices
    3 months delete

    View Slide

  25. View Slide

  26. View Slide

  27. View Slide

  28. View Slide

  29. Architecture
    Enrich Visualize
    Collect Store

    View Slide

  30. Logging and
    Python

    View Slide

  31. Track metrics
    execution time
    query time
    # of queries
    Include metadata
    user_id
    content
    Log as JSON
    Enhance your logs

    View Slide

  32. Add structured info
    Track info through services
    Log to file
    Add filebeat to read the file
    Structlog

    View Slide

  33. Thanks!
    Honza Král
    @honzakral

    View Slide