Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
270
Jane & Webby
odolbeau
0
460
Translating a monolingual application
odolbeau
2
660
DX: Developer eXperience
odolbeau
1
110
DX: Developer eXperience
odolbeau
1
560
EasyAdminBundle introduction
odolbeau
0
200
REX API Platform
odolbeau
0
1.4k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
620
Other Decks in Programming
See All in Programming
PostgreSQLで手軽にDuckDBを使う!DuckDB&pg_duckdb入門/osc25hi-duckdb
takahashiikki
0
250
ELYZA_Findy AI Engineering Summit登壇資料_AIコーディング時代に「ちゃんと」やること_toB LLMプロダクト開発舞台裏_20251216
elyza
2
1.1k
AI 駆動開発ライフサイクル(AI-DLC):ソフトウェアエンジニアリングの再構築 / AI-DLC Introduction
kanamasa
11
5.5k
AIで開発はどれくらい加速したのか?AIエージェントによるコード生成を、現場の評価と研究開発の評価の両面からdeep diveしてみる
daisuketakeda
1
780
インターン生でもAuth0で 認証基盤刷新が出来るのか
taku271
0
170
Patterns of Patterns
denyspoltorak
0
680
Unicodeどうしてる? PHPから見たUnicode対応と他言語での対応についてのお伺い
youkidearitai
PRO
0
710
AtCoder Conference 2025
shindannin
0
950
rack-attack gemによるリクエスト制限の失敗と学び
pndcat
0
210
KIKI_MBSD Cybersecurity Challenges 2025
ikema
0
160
GISエンジニアから見たLINKSデータ
nokonoko1203
0
190
Basic Architectures
denyspoltorak
0
310
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.1k
The browser strikes back
jonoalderson
0
310
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Between Models and Reality
mayunak
1
170
The Power of CSS Pseudo Elements
geoffreycrofte
80
6.1k
YesSQL, Process and Tooling at Scale
rocio
174
15k
Google's AI Overviews - The New Search
badams
0
890
What's in a price? How to price your products and services
michaelherold
246
13k
For a Future-Friendly Web
brad_frost
180
10k
Speed Design
sergeychernyshev
33
1.5k
New Earth Scene 8
popppiees
1
1.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
takahashiikki
elyza
kanamasa
daisuketakeda
taku271
denyspoltorak
youkidearitai
shindannin
pndcat
ikema
nokonoko1203
irinanazarova
jonoalderson
addyosmani
mayunak
geoffreycrofte
rocio
badams
michaelherold
brad_frost
sergeychernyshev
popppiees
stephaniewalter
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
