Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Chris Fidao
January 24, 2016
Technology
1
280

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
fideloper
0
23
Refactoring Terraform - CloudCasts - Scaling EC2
fideloper
0
39
Scaling Laravel - Laracon.net 2018
fideloper
15
1.7k
Linux Environment
fideloper
1
10k
Server Survival
fideloper
29
23k
Powering Your Applications With Nginx
fideloper
9
7.6k
Hexagonal Architecture
fideloper
49
200k
Intro to etcd
fideloper
3
520
Service Oriented Architecture with a little help from NodeJS
fideloper
4
2.2k

Other Decks in Technology

See All in Technology
Aurora MySQL v3(MySQL8.0互換)の オンラインDDLの罠挙動を全バージョンで検証した
yutakikai
1
150
LLM とプロンプトエンジニアリング/チューターをビルドする / LLM and Prompt Engineering and Building Tutors
ks91
PRO
0
220
入社後初めてのタスクでk8sアップグレードした話.pdf
kkato1
1
380
ChatGPT for IT Service Management (IT Pro)
dahatake
2
160
現代CSSフレームワークの内部実装とその仕組み
poteboy
2
710
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.4k
Discord とビルダー&チャットボットの使い方 / How to use Discord and Builder & Chatbots
ks91
PRO
0
130
株式会社EventHub・エンジニア採用資料
eventhub
0
1.9k
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
220
マルチアカウント環境への発見的統制の導入
ch1aki
1
1.3k
「共通基盤」を超えよ! 今、Platform Engineeringに取り組むべき理由
jacopen
25
5.9k
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
3
810

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
688
190k
Six Lessons from altMBA
skipperchong
20
3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
5
1.5k
Happy Clients
brianwarren
91
6.4k
In The Pink: A Labor of Love
frogandcode
138
21k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
321
20k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Large-scale JavaScript Application Architecture
addyosmani
503
110k
10 Git Anti Patterns You Should be Aware of
lemiorhan
646
57k
The MySQL Ecosystem @ GitHub 2015
samlambert
242
12k
Become a Pro
speakerdeck
PRO
10
4.5k
Build your cross-platform service in a week with App Engine
jlugia
225
17k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao