La Suite ELK au service des développeurs et de la production

Suite ELK
au service des développeurs et de la production

View Slide

observer, mesurer, améliorer
Icons by Alexander Skowalsky, Shawn Schmidt and Andreas Bjurenborg from the Noun Project

View Slide

logiciels libres
au service de l’entreprise

View Slide

metrics

View Slide

metrics
métier

View Slide

metrics
• utilisateurs connectés
• nombre de commandes
• panier moyen
• état du stock
métier

View Slide

metrics
• panier moyen
• état du stock
métier système

View Slide

metrics
• panier moyen
• état du stock
• temps de chargement
• taux d’échec
• réponse de la BDD
• disponibilité des services
métier système

View Slide

sources hétérogènes

View Slide

étude de cas

View Slide

xeonys-fr-01
HAProxy
Apache/FPM A1
Apache/FPM A2
BDD-A Queues
Varnish
Apache/FPM B1
Apache/FPM B2
BDD-B Queues
Apache/FPM B3
xeonys-uk
HAProxy
Varnish
Apache/FPM 1
Apache/FPM 2
BDD Queues
xeonys-de
HAProxy
Varnish
Apache/FPM 1
Apache/FPM 2
BDD Queues
Apache/FPM 3

View Slide

Icon by Chameleon Design from the Noun Project

View Slide

indicateurs imprécis

View Slide

indicateurs imprécis logs éparpillés

View Slide

Icons by Chameleon Design, il Capitano, Shmidt Sergey and Kirby Wu from the Noun Project

View Slide

ELK
Icons by Chameleon Design, il Capitano, Shmidt Sergey and Kirby Wu from the Noun Project

View Slide

ELK

View Slide

ELK
Elasticsearch

View Slide

ELK
Elasticsearch • Logstash

View Slide

ELK
Elasticsearch • Logstash • Kibana

View Slide

Logstash

View Slide

Logstash
Extract Transform Load

View Slide

Logstash
inputs:
beats:
port: 5044
gelf:
port: 12201
use_udp: true

View Slide

Logstash
inputs:
beats:
port: 5044
gelf:
port: 12201
use_udp: true
filters:
grok:
pattern: httpd
date:
match: dd-MMM-YYYY HH:mm:ss
mutate:
convert: [line: integer]
geoip:
src: remote_ip
target: geo

View Slide

Logstash
inputs:
beats:
port: 5044
gelf:
port: 12201
use_udp: true
filters:
grok:
pattern: httpd
date:
match: dd-MMM-YYYY HH:mm:ss
mutate:
convert: [line: integer]
geoip:
src: remote_ip
target: geo
outputs:
elasticsearch:
host: 127.0.0.1:9200
index: logs-%{type}-%{+YYYY.MM.dd}
stdout:
codec: rubydebug

View Slide

Elasticsearch
la base de donnée au cœur de tout

View Slide

Elasticsearch

View Slide

Elasticsearch
Performance

View Slide

Elasticsearch
Performance
Interface REST/HTTP

View Slide

Elasticsearch
Performance
Interface REST/HTTP
Syntaxe JSON

View Slide

Elasticsearch
Performance
Interface REST/HTTP
Syntaxe JSON
Cluster natif

View Slide

Elasticsearch
Performance
Interface REST/HTTP
Syntaxe JSON
Cluster natif
Simple et souple

View Slide

Elasticsearch
indexation de documents
Icons by Chameleon Design and Shmidt Sergey from the Noun Project

View Slide

index
Icon by Shmidt Sergey from the Noun Project

View Slide

logs-http

View Slide

logs-http-{YMD}

View Slide

logs-http-{YMD}
2016.10.10

View Slide

logs-http-{YMD}
2016.10.11
2016.10.10

View Slide

logs-http-{YMD}
2016.10.12
2016.10.11
2016.10.10

View Slide

logs-http-{YMD}
2016.10.13
2016.10.12
2016.10.11
2016.10.10

View Slide

logs-http-{YMD}
2016.10.14
2016.10.13
2016.10.12
2016.10.11
2016.10.10

View Slide

logs-http-{YMD}
2016.10.14
2016.10.13
2016.10.12
2016.10.11
2016.10.10
2015.08.02

View Slide

logs-http-{YMD}
2016.10.14
2016.10.13
2016.10.12
2016.10.11
2016.10.10
2015.08.02
❌

View Slide

logs-http-{YMD}
2016.10.14
2016.10.13
2016.10.12
2016.10.11
2016.10.10
2015.08.02
recherche ciblée : j-2
❌
{

View Slide

administration facile

View Slide

paquets à installer

View Slide

très peu de conﬁg de départ

View Slide

cluster trivial

View Slide

cluster trivial
sauvegardes par snapshot

View Slide

documents

View Slide

$ curl -XGET 'http://localhost:9200/_search' -d '{
"query": {
"bool" : {
"must" : {
"query_string" : {
"query" : "some query string here"
}
},
"filter" : {
"term" : { "user" : "kimchy" }
}
}
}
}
'
documents

View Slide

$ curl -XGET 'http://localhost:9200/_search' -d '{
"query": {
"bool" : {
"must" : {
"query_string" : {
"query" : "some query string here"
}
},
"filter" : {
"term" : { "user" : "kimchy" }
}
}
}
}
'
documents {
"_shards":{
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits":{
"total" : 1,
"hits" : [
{
"_index" : "twitter",
"_type" : "tweet",
"_id" : "1",
"_source" : {
"user" : "kimchy",
"postDate" : "2009-11-15T14:12:12",
"message" : "hello Elasticsearch"
}
}
]
}
}

View Slide

agrégations

View Slide

agrégations
GET /cars/transactions/_search
{
"size" : 0,
"aggs": {
"colors": {
"terms": {
"field": "color"
},
"aggs": {
"avg_price": {
"avg": {
"field": "price"
}
}
}
}
}
}

View Slide

agrégations
GET /cars/transactions/_search
{
"size" : 0,
"aggs": {
"colors": {
"terms": {
"field": "color"
},
"aggs": {
"avg_price": {
"avg": {
"field": "price"
}
}
}
}
}
}
{
...
"aggregations": {
"colors": {
"buckets": [
{
"key": "red",
"doc_count": 4,
"avg_price": {
"value": 32500
}
},
{
"key": "blue",
"doc_count": 2,
"avg_price": {
"value": 20000
}
},
{
"key": "green",
"doc_count": 2,
"avg_price": {
"value": 21000
}
}
]
}
}
...
}

View Slide

recherche à facettes

View Slide

Kibana

View Slide

Kibana
Interface graphique web

View Slide

Kibana
Basé sur les agrégations

View Slide

Kibana
Visualisations

View Slide

Kibana
Visualisations
Fouille de données

View Slide

Kibana

View Slide

logs HTTP

View Slide

éléments de corrélation

View Slide

HTTP

View Slide

PHP
HTTP

View Slide

PHP
HTTP Proxy

View Slide

Queues
PHP
HTTP Proxy

View Slide

Queues
PHP
HTTP Proxy
date
request
method
referrer
user-agent
host
stack

View Slide

Queues
PHP
HTTP Proxy
date
request
method
referrer
user-agent
host
stack
date
ﬁle
line
class
function
message
severity
app_name
app_env
host
stack

View Slide

Queues
PHP
HTTP Proxy
date
request
method
referrer
user-agent
host
stack
date
ﬁle
line
class
function
message
severity
app_name
app_env
host
stack
date
request
method
frontend
backend
host
stack

View Slide

Queues
PHP
HTTP Proxy
date
request
method
referrer
user-agent
host
stack
date
ﬁle
line
class
function
message
severity
app_name
app_env
host
stack
date
request
method
frontend
backend
host
stack
date
message
severity
app_name
app_env
host
stack

View Slide

index dédiés
• logs-http-access
• logs-http-error
• logs-gelf
• logs-redis
• logs-pgsql
• logs-fpm

View Slide

collecte
Icons by Chameleon Design from the Noun Project

View Slide

collecte
+ lib/gelf.php

View Slide

collecte
inputs:
beats:
port: 5044
gelf:
port: 12201
use_udp: true
Logstash
+ lib/gelf.php

View Slide

collecte
inputs:
beats:
port: 5044
gelf:
port: 12201
use_udp: true
Logstash
+ lib/gelf.php
prospectors:
paths: /var/log/*.log
input_type: log
output:
logstash:
hosts: logstash:5044
Filebeat

View Slide

Beat

View Slide

Beat
framework Go

View Slide

Beat
framework Go
Filebeat

View Slide

Beat
framework Go
Filebeat
Metricbeat

View Slide

Beat
framework Go
Filebeat
Metricbeat
Packetbeat

View Slide

et les données métier ?

View Slide

2 proﬁls d’utilisation

View Slide

au moins

View Slide

au moins
chercher des causes

View Slide

au moins
chercher des causes
valider des hypothèses

View Slide

popularité croissante

View Slide

popularité croissante
Hébergement et Infogérance Open Source

View Slide

adopter prudemment

View Slide

adopter prudemment
license

View Slide

adopter prudemment
license
modèle économique

View Slide

adopter prudemment
license
modèle économique
gouvernance du projet

View Slide

adopter prudemment
license
modèle économique
place de la communauté

View Slide

adopter prudemment
license
modèle économique
place de la communauté
✔

View Slide

open-source préservé

View Slide

gros projets externes pérennisés

View Slide

gros projets externes pérennisés
fort engagement dans Lucene

View Slide

modèle économique

View Slide

modèle économique
Libre, gratuit
• Elasticsearch
• Logstash
• Kibana
• Beat
• Curator
• …

View Slide

modèle économique
Libre, gratuit
• Elasticsearch
• Logstash
• Kibana
• Beat
• Curator
• …
Services
• formation
• assistance
• consulting
• X-Pack

View Slide

modèle économique
Libre, gratuit
• Elasticsearch
• Logstash
• Kibana
• Beat
• Curator
• …
Services
• formation
• assistance
• consulting
• X-Pack
Cloud
• As A Service
• Hébergé

View Slide

conclusions

View Slide

Hébergement et Infogérance Open Source
Jérémy Lecour

View Slide

forge.evolix.org
www.evolix.fr
@evolix – @jlecour
[email protected]
@
wiki.evolix.org
Git logo from git-scm.org
Chain by Bohdan Burmich from the Noun Project
Paw Print by Mattijs Dekkers from the Noun Project
Twitter logo from twitter.com

View Slide

La Suite ELK au service des développeurs et de la production

La Suite ELK au service des développeurs et de la production

Jérémy Lecour

More Decks by Jérémy Lecour

Other Decks in Technology

Featured

Transcript