Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Log Everything with Fluentd

Kentaro Kuribayashi
February 15, 2013
Technology
4
4k

Log Everything with Fluentd

Kentaro Kuribayashi

February 15, 2013
Tweet

More Decks by Kentaro Kuribayashi

See All by Kentaro Kuribayashi
わたしがこのところハマっている「ライセンスフリー無線」のご紹介 / An Invitation to License-Free Radio
kentaro
1
110
先行きの見えなさを楽しさに変える ーVUCA時代のキャリア論と絶対他力主義ー / How to develop your career in the VUCA era
kentaro
5
2.7k
組織の生産性を高める意思決定の構造と方法 / How to do make decision rapidly and effectively
kentaro
17
8.3k
キャリアを時間・空間軸で考える / Thinking about your career from both time and space viewpoints
kentaro
10
5k
WEB+DB PRESSで特集記事を書く方法 / How to Become an Author of WEB+DB PRESS
kentaro
5
980
GMOペパボが考えるこれからのサービス開発 / Toward The Next Service Development Era
kentaro
1
1.3k
IoTシステムの双方向データフローにおける設計と実装の複雑さを解消する手法の提案 / Master's Thesis Examination
kentaro
0
710
双方向データフローに基づくインテリジェントなIoTシステムを実現するための研究 / My Research Plan for the Doctoral Course
kentaro
0
590
Elixirで構成された3層構造からなるIoTシステムにおける分散機械学習・推論実行基盤へ向けて / Toward a Distributed Machine Learning Infrastructure for IoT Systems in Elixir
kentaro
1
820

Other Decks in Technology

See All in Technology
ユーザーストーリーマッピング
kawaguti
PRO
4
650
ShowNet2022 Topology
shownet
PRO
0
650
CyberAgent AI事業本部MLOps研修基礎編
hosimesi11
2
330
10x More Effective Sprint Review for the Agile Team
eiki
0
120
データマイニングと機械学習-K近傍法 & 機械学習のお作法
trycycle
0
170
Spring I/O 2023 - Spring Boot in a Cloud-Native Polyglot World
salaboy
0
140
ChatGPTで開発者の英語の悩みを解決
takagimeow
0
110
3 Critical Reasons I Stopped Using Story Points
eiki
0
200
MySQL and Vitess (and Kubernetes) at HubSpot
jfg956
0
110
OpenAI社のWhisper APIを使ってみた! / ChatGPT研究会 第7弾 (ALGYAN)
you
0
260
AWSに関するOSS活動で得た貢献までの壁を越えるコツ
bun913
0
260
私が考えるCloudflareサービスが中小企業にもたらすインパクト
matyuda
0
120

Featured

See All Featured
Code Review Best Practice
trishagee
52
12k
Making Projects Easy
brettharned
102
5k
Building Your Own Lightsaber
phodgson
96
5k
Embracing the Ebb and Flow
colly
76
3.7k
Automating Front-end Workflow
addyosmani
1352
200k
From Idea to $5000 a Month in 5 Months
shpigford
374
45k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
18k
Atom: Resistance is Futile
akmur
256
24k
Thoughts on Productivity
jonyablonski
52
2.9k
Teambox: Starting and Learning
jrom
124
8k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
183
15k

Transcript

  1. Log Everything
    @kentaro

    View Slide

  2. @kentaro
    Software engineer
    Rubyist / Perl Monger
    Kentaro Kuribayashi
    paperboy&co.
    PHPer

    View Slide

  3. View Slide

  4. Contributions
    to
    Fluentd World

    View Slide

  5. out_flatten
    https://github.com/kentaro/fluent-plugin-flatten
    out_extract_query_params
    https://github.com/kentaro/fluent-plugin-extract_query_params
    out_rewrite
    https://github.com/kentaro/fluent-plugin-rewrite

    View Slide

  6. View Slide

  7. Log Format

    View Slide

  8. View Slide

  9. • Easy to extend
    • Easy to parse

    View Slide

  10. Key Description Apache Nginx
    time Time request is received %t $time_local
    vhost Host name %v $host
    host Remote host %h $remote_addr
    method Request method %m $method
    path Request path %U%q $request_uri
    version HTTP version %H $server_protocol
    status Response status %>s $status
    size Response size %b $body_bytes_sent
    referer Referer %{Referer}i $http_referer
    ua User-agent %{User-Agent}i $http_user_agent
    restime Time elapsed for response %D $request_time
    ustime Time elapsed for upstream response - $upstream_response_time

    View Slide

  11. LogFormat "vhost:%V\ttime:%t\thost:%h\tmethod:%m\tpath:%U%q
    \tversion:%H\tstatus:%>s\tsize:%b\treferer:%{Referer}i\tua:
    %{User-Agent}i\trestime:%D" ltsv
    log_format ltsv "vhost:$host\ttime:$time_local\thost:
    $remote_addr\tmethod:$request_method\tpath:$request_uri
    \tversion:$server_protocol\tstatus:$status\tsize:
    $body_bytes_sent\treferer:$http_referer\tua:
    $http_user_agent\trestime:$request_time\tustime:
    $upstream_response_time";
    Apache
    Nginx

    View Slide

  12. Log Everything
    to
    Access Log File

    View Slide

  13. with
    Log Everything
    to
    Access Log File

    View Slide

  14. fluent-plugin-php

    View Slide

  15. View Slide

  16. apache_note()

    View Slide

  17. %{foo}n #=> bar
    apache_note(‘foo’, ‘bar’)
    PHP Code
    Apache Log Format

    View Slide

  18. Flags

    View Slide

  19. • URL Groups
    • User/Guest
    • Device
    • Bot Access
    • etc.

    View Slide

  20. Structuralize URLs
    • Visualization
    • Analysis
    • Rough grouping is enough

    View Slide

  21. Group Path
    read ^/book
    buy ^/cart
    ^/book/\d+/purchase
    find
    ^/special
    ^/label
    ^/users
    ^/books
    ^/authors
    write ^/admin
    ^/users/{account}/draft
    set ^/users/{account}/manage
    ^/users/{account}/profile
    ^/users/{account}/account
    communicate ^/users/{account}/contact
    ^/users/{account}/reaction
    top ^/$
    ^$

    View Slide

  22. out_rewrite

    View Slide


  23. type rewrite
    remove_prefix apache.log
    add_prefix filtered
    # url group

    key uriGroup
    pattern ^(.+)$
    append_to_tag true
    fallback other

    ...

    View Slide

  24. ...
    # pc/smartphone

    key device
    pattern ^(pc|sp)$
    append_to_tag true

    ...

    View Slide

  25. ...
    # user/guest

    key loggedIn
    pattern ^(user|guest)$
    append_to_tag true


    View Slide

  26. filtered.book.pc.user => { ... }
    filtered.book.sp.guest => { ... }
    filtered.read.pc.guest => { ... }
    ... uriGroup:book device:pc loggedIn:user ...
    ... uriGroup:book device:sp loggedIn:guest ...
    ... uriGroup:read device:pc loggedIn:guest ...
    Raw Log Lines
    Filtered Key/Values

    View Slide

  27. View Slide

  28. Profiling

    View Slide

  29. Problem
    Hard to track results
    continuously

    View Slide

  30. class Foo {
    function hoge () {
    $this->profiler->start(‘method-hoge’);
    // ... do something ...
    $this->profiler->end(‘method-hoge’);
    }
    function fuga () {
    $this->profiler->start(‘method-fuga-foo’);
    // ... do something ...
    $this->profiler->end(‘method-fuga-foo’);
    $this->profiler->start(‘method-fuga-bar’);
    // ... do something ...
    $this->profiler->end(‘method-fuga-bar’);
    }
    }

    View Slide

  31. public function dispatchLoopShutdown()
    {
    $profile_result = Model_Measure::dump();
    if (APPLICATION_ENV !== 'production') {
    Pb_Logger::debug($profile_result);
    }
    Pb_Util::httpd_note('profile', json_encode($profile_result));
    }

    View Slide

  32. static public function httpd_note($name, $value = '')
    {
    if (function_exists('apache_note')) {
    if ($value) {
    return apache_note($name, $value);
    } else {
    // do nothing...
    }
    }
    }

    View Slide

  33. ... profile:%{profile}n" ...
    profile:{\"book.index.get_book\":0.1010639667511,
    \"book.index.get_author\":0.2032630443573,
    \"book.index.get_chapters\":0.23988509178162,
    \"book.index.get_version\":0.039833068847656,
    \"book.index.check\":0.00014090538024902,
    \"book.index.get_pager\":0.00022792816162109}
    Log Format
    Raw Log Line

    View Slide

  34. out_flatten

    View Slide


  35. type flatten
    key foo
    add_tag_prefix flattened.
    remove_tag_prefix test.
    inner_key value_for_flat_key

    "test" => {
    "foo" => '{"bar" : {"qux" : "quux", "hoe" : "poe" }, "baz" : "bazz" }',
    "hoge" => "fuga"
    }
    "flattened.foo.bar.qux" => { "value_for_flat_key" => "quux" }
    "flattened.foo.bar.hoe" => { "value_for_flat_key" => "poe" }
    "flattened.foo.baz" => { "value_for_flat_key" => "bazz" }
    flattened

    View Slide


  36. type flatten
    key profile
    inner_key response_time
    add_tag_prefix flattened.
    remove_tag_prefix app.httpd.access.

    View Slide

  37. View Slide

  38. View Slide

  39. Bonus

    View Slide

  40. out_extract_query_params

    View Slide


  41. type extract_query_params
    key url
    add_tag_prefix extracted.
    only foo, baz

    "test" => {
    "url" => "http://example.com/?foo=bar&baz=qux&hoge=fuga"
    }
    "extracted.test" => {
    "url" => "http://example.com/?foo=bar&baz=qux&hoge=fuga"
    "foo" => "bar",
    "baz" => "qux"
    }
    Extract
    Params

    View Slide


  42. type extract_query_params
    key path
    add_tag_prefix extracted.
    only hoge

    method:%m path:%U%q version:%H
    #=> method:GET path:/foo/bar?campaign_id=1 version:HTTP1.1
    extracted.access_log => {
    "method" : "GET",
    "path" : "/foo/bar?campaign_id=1",
    "version" : "HTTP1.1",
    "campaign_id" : "1"
    }
    Extract
    Params
    Works
    fine with
    LTSV

    View Slide

  43. Recap

    View Slide

  44. • Adopt LTSV asap
    • Log things as much
    as possible
    • My plugins help you

    View Slide