Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Avatar for Chris Fidao Chris Fidao
January 24, 2016
Technology
1
350

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.

Avatar for Chris Fidao

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
Avatar for Chris Fidao fideloper
0
70
Refactoring Terraform - CloudCasts - Scaling EC2
Avatar for Chris Fidao fideloper
0
89
Scaling Laravel - Laracon.net 2018
Avatar for Chris Fidao fideloper
15
1.9k
Linux Environment
Avatar for Chris Fidao fideloper
1
11k
Server Survival
Avatar for Chris Fidao fideloper
29
23k
Powering Your Applications With Nginx
Avatar for Chris Fidao fideloper
9
7.7k
Hexagonal Architecture
Avatar for Chris Fidao fideloper
49
200k
Intro to etcd
Avatar for Chris Fidao fideloper
3
610
Service Oriented Architecture with a little help from NodeJS
Avatar for Chris Fidao fideloper
4
2.3k

Other Decks in Technology

See All in Technology
レガシーで硬直したテーブル設計から変更容易で柔軟なテーブル設計にする
Avatar for Red Frasco red_frasco
4
630
TypeScript 6.0で非推奨化されるオプションたち
Avatar for uhyo uhyo
15
5.4k
小規模チームによる衛星管制システムの開発とスケーラビリティの実現
Avatar for Takahiro Miyoshi sankichi92
0
150
ブラウザ拡張のセキュリティの話 / Browser Extension Security
Avatar for GMO Flatt Security flatt_security
0
200
履歴テーブル、今回はこう作りました 〜 Delegated Types編 〜 / How We Built Our History Table This Time — With Delegated Types
Avatar for moznion moznion
1
1.9k
不確実性に備える ABEMA の信頼性設計とオブザーバビリティ基盤
Avatar for Katsutoshi Nagaoka nagapad
4
8.6k
Android Studio Otter の最新 Gemini 機能 / Latest Gemini features in Android Studio Otter
Avatar for Yuki Anzai yanzm
0
460
Introduction to Bill One Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
320
2025 DORA Reportから読み解く!AIが映し出す、成果を出し続ける組織の共通点 #開発生産性_findy
Avatar for Hiroyuki TAKAHASHI takabow
0
470
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6k
ABEJA FIRST GUIDE for Software Engineers
Avatar for ABEJA abeja
0
3.2k
Eight Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
5.6k

Featured

See All Featured
Visualization
Avatar for Eitan Lees eitanlees
150
16k
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
2.8k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
527
40k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
36
6.1k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
8.1k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
Designing for Performance
Avatar for Lara Hogan lara
610
69k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao