Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Avatar for Chris Fidao Chris Fidao
January 24, 2016
Technology
1
360

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.

Avatar for Chris Fidao

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
Avatar for Chris Fidao fideloper
0
81
Refactoring Terraform - CloudCasts - Scaling EC2
Avatar for Chris Fidao fideloper
0
94
Scaling Laravel - Laracon.net 2018
Avatar for Chris Fidao fideloper
15
2k
Linux Environment
Avatar for Chris Fidao fideloper
1
11k
Server Survival
Avatar for Chris Fidao fideloper
29
24k
Powering Your Applications With Nginx
Avatar for Chris Fidao fideloper
9
7.7k
Hexagonal Architecture
Avatar for Chris Fidao fideloper
49
200k
Intro to etcd
Avatar for Chris Fidao fideloper
3
620
Service Oriented Architecture with a little help from NodeJS
Avatar for Chris Fidao fideloper
4
2.3k

Other Decks in Technology

See All in Technology
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
Avatar for AEON aeonpeople
6
2k
データの整合性を保ちたいだけなんだ
Avatar for ShoheiMitani shoheimitani
7
2.8k
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
Avatar for Masahiro Yoshizawa muziyoshiz
1
1.5k
日本の85%が使う公共SaaSは、どう育ったのか
Avatar for たけだ taketakekaho
1
130
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
Avatar for coconala_engineer coconala_engineer
2
560
10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test
Avatar for nihonbuson nihonbuson
PRO
1
170
What happened to RubyGems and what can we learn?
Avatar for Mike McQuaid mikemcquaid
0
230
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
1
380
Amazon Bedrock AgentCore 認証・認可入門
Avatar for iganin hironobuiga
2
500
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
Avatar for 高棹大樹 daitak
0
310
生成AI時代にこそ求められるSRE / SRE for Gen AI era
Avatar for ymotongpoo ymotongpoo
5
2.5k
2人で作ったAIダッシュボードが、開発組織の次の一手を照らした話― Cursor × SpecKit × 可視化の実践 ― Qiita AI Summit
Avatar for NOBORU ITOU noalisaai
1
370

Featured

See All Featured
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
300
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
370
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
440
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.6k
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
120
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
0
350
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
110
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
32k
New Earth Scene 8
Avatar for Sydney Stone popppiees
1
1.5k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao