Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Avatar for Chris Fidao Chris Fidao
January 24, 2016
Technology
1
360

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.

Avatar for Chris Fidao

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
Avatar for Chris Fidao fideloper
0
91
Refactoring Terraform - CloudCasts - Scaling EC2
Avatar for Chris Fidao fideloper
0
100
Scaling Laravel - Laracon.net 2018
Avatar for Chris Fidao fideloper
15
2k
Linux Environment
Avatar for Chris Fidao fideloper
1
11k
Server Survival
Avatar for Chris Fidao fideloper
29
24k
Powering Your Applications With Nginx
Avatar for Chris Fidao fideloper
9
7.7k
Hexagonal Architecture
Avatar for Chris Fidao fideloper
49
200k
Intro to etcd
Avatar for Chris Fidao fideloper
3
630
Service Oriented Architecture with a little help from NodeJS
Avatar for Chris Fidao fideloper
4
2.3k

Other Decks in Technology

See All in Technology
8万デプロイ
Avatar for iwamot iwamot
PRO
2
240
ナレッジワークのご紹介(第88回情報処理学会 )
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
190
親子 or ペアで Mashup for the Future! しゃべって楽しむ 初手AI駆動でものづくり体験
Avatar for hiroramos hiroramos4
PRO
0
110
JAWS Days 2026 楽しく学ぼう! 認証認可 入門/20260307-jaws-days-novice-lane-auth
Avatar for opelab opelab
11
2k
Claude Code のコード品質がばらつくので AI に品質保証させる仕組みを作った話 / A story about building a mechanism to have AI ensure quality, because the code quality from Claude Code was inconsistent
Avatar for nrs nrslib
13
7.5k
vLLM Community Meetup Tokyo #3 オープニングトーク
Avatar for jpishikawa jpishikawa
0
340
CyberAgentの生成AI戦略 〜変わるものと変わらないもの〜
Avatar for katayan katayan
0
140
作りっぱなしで終わらせない! 価値を出し続ける AI エージェントのための「信頼性」設計 / Designing Reliability for AI Agents that Deliver Continuous Value
Avatar for Kento Kimura aoto
PRO
2
290
クラウド × シリコンの Mashup - AWS チップ開発で広がる AI 基盤の選択肢
Avatar for Hiroshi Tokoyo htokoyo
2
240
楽しく学ぼう!コミュニティ入門 AWSと人が つむいできたストーリー
Avatar for hiroramos hiroramos4
PRO
1
190
Kubernetesにおける推論基盤
Avatar for ry ry
1
360
Lambda Web AdapterでLambdaをWEBフレームワーク利用する
Avatar for arakawsh sahou909
0
110

Featured

See All Featured
It's Worth the Effort
Avatar for 3n 3n
188
29k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Money Talks: Using Revenue to Get Sh*t Done
Avatar for Nikki Halliwell nikkihalliwell
0
180
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
8.1k
Designing for Timeless Needs
Avatar for Cassini Nazir cassininazir
0
160
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
163
24k
Heart Work Chapter 1 - Part 1
Avatar for Lake Fama lfama
PRO
5
35k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
1
300
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.4k
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
Avatar for konakalab konakalab
0
380
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.4k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao