Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Avatar for Chris Fidao Chris Fidao
January 24, 2016
Technology
1
350

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.

Avatar for Chris Fidao

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
Avatar for Chris Fidao fideloper
0
78
Refactoring Terraform - CloudCasts - Scaling EC2
Avatar for Chris Fidao fideloper
0
93
Scaling Laravel - Laracon.net 2018
Avatar for Chris Fidao fideloper
15
2k
Linux Environment
Avatar for Chris Fidao fideloper
1
11k
Server Survival
Avatar for Chris Fidao fideloper
29
23k
Powering Your Applications With Nginx
Avatar for Chris Fidao fideloper
9
7.7k
Hexagonal Architecture
Avatar for Chris Fidao fideloper
49
200k
Intro to etcd
Avatar for Chris Fidao fideloper
3
620
Service Oriented Architecture with a little help from NodeJS
Avatar for Chris Fidao fideloper
4
2.3k

Other Decks in Technology

See All in Technology
あの夜、私たちは「人間」に戻った。 ── 災害ユートピア、贈与、そしてアジャイルの再構築 / 20260108 Hiromitsu Akiba
Avatar for SHIFT EVOLVE shift_evolve
PRO
0
620
Everything As Code
Avatar for わいわい yosuke_ai
0
510
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.5k
First-Principles-of-Scrum
Avatar for Kenji Hiranabe hiranabe
4
2k
2025年 山梨の技術コミュニティを振り返る
Avatar for しみず ゆうき yuukis
0
160
Claude Codeを使った情報整理術
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
20
12k
テストセンター受験、オンライン受験、どっちなんだい?
Avatar for Yuuki Yamashita yama3133
0
210
AWS re:Invent 2025 を振り返る
Avatar for kazzpapa3 kazzpapa3
2
110
Sansan Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.6k
Scrum Guide Expansion Pack が示す現代プロダクト開発への補完的視点
Avatar for Sonjin Yamamoto sonjin
0
620
ソフトとハード両方いけるデータ人材の育て方
Avatar for Yuta Ozaki waiwai2111
0
160
自己管理型チームと個人のセルフマネジメント 〜モチベーション編〜
Avatar for KAKEHASHI kakehashi
PRO
5
2.8k

Featured

See All Featured
State of Search Keynote: SEO is Dead Long Live SEO
Avatar for Ryan Jones ryanjones
0
84
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6k
Paper Plane (Part 1)
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
3k
Designing for Performance
Avatar for Lara Hogan lara
610
70k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
2
79
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
75
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
231
22k
Designing Experiences People Love
Avatar for Jonathan Moore moore
143
24k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
273
21k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
58
41k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao