Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
220
Jane & Webby
odolbeau
0
400
Translating a monolingual application
odolbeau
2
560
DX: Developer eXperience
odolbeau
1
95
DX: Developer eXperience
odolbeau
1
540
EasyAdminBundle introduction
odolbeau
0
180
REX API Platform
odolbeau
0
1.3k
Features flags at BlaBlaCar
odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
510
Other Decks in Programming
See All in Programming
[DevinMeetupTokyo2025] コード書かせないDevinの使い方
takumiyoshikawa
2
250
副作用と戦う PHP リファクタリング ─ ドメインイベントでビジネスロジックを解きほぐす
kajitack
3
520
AIコーディングエージェント全社導入とセキュリティ対策
hikaruegashira
15
9.3k
SQLアンチパターン第2版 データベースプログラミングで陥りがちな失敗とその対策 / Intro to SQL Antipatterns 2nd
twada
PRO
36
11k
TypeScriptでDXを上げろ! Hono編
yusukebe
4
930
書き捨てではなく継続開発可能なコードをAIコーディングエージェントで書くために意識していること
shuyakinjo
0
180
Reactの歴史を振り返る
tutinoko
1
170
抽象化という思考のツール - 理解と活用 - / Abstraction-as-a-Tool-for-Thinking
shin1x1
1
930
Claude Code派?Gemini CLI派? みんなで比較LT会!_20250716
junholee
1
800
Vibe Codingの幻想を超えて-生成AIを現場で使えるようにするまでの泥臭い話.ai
fumiyakume
21
10k
構文解析器入門
ydah
7
2k
新しいモバイルアプリ勉強会(仮)について
uetyo
1
250
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
Into the Great Unknown - MozCon
thekraken
40
2k
Six Lessons from altMBA
skipperchong
28
3.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
For a Future-Friendly Web
brad_frost
179
9.9k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Practical Orchestrator
shlominoach
190
11k
Embracing the Ebb and Flow
colly
86
4.8k
Fireside Chat
paigeccino
38
3.6k
How to Ace a Technical Interview
jacobian
278
23k
Why Our Code Smells
bkeepers
PRO
337
57k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
takumiyoshikawa
kajitack
hikaruegashira
twada
yusukebe
shuyakinjo
tutinoko
shin1x1
junholee
fumiyakume
ydah
uetyo
reverentgeek
thekraken
skipperchong
jcasabona
brad_frost
erikaheidi
samanthasiow
shlominoach
colly
paigeccino
jacobian
bkeepers
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
