Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
240
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
400
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
580
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
98
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
550
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
180
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.3k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
510

Other Decks in Programming

See All in Programming
LLMとPlaywright/reg-suitを活用した jQueryリファクタリングの実際
Avatar for kinocoboy kinocoboy2
4
670
Your Perfect Project Setup for Angular @BASTA! 2025 in Mainz
Avatar for Manfred Steyer manfredsteyer
PRO
0
120
CSC509 Lecture 05
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
290
株式会社 Sun terras カンパニーデック
Avatar for Sun terras.Inc sunterras
0
220
Playwrightはどのようにクロスブラウザをサポートしているのか
Avatar for nus3 yotahada3
7
2.3k
CSC509 Lecture 02
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
400
Go Conference 2025: Goで体感するMultipath TCP ― Go 1.24 時代の MPTCP Listener を理解する
Avatar for Takeru Hayasaka takehaya
7
1.6k
GitHub Actions × AWS OIDC連携の仕組みと経緯を理解する
Avatar for Itaru Ota ota1022
0
240
dynamic!
Avatar for MOROHASHI Kyosuke moro
9
6.4k
そのpreloadは必要?見過ごされたpreloadが技術的負債として爆発した日
Avatar for mugi mugitti9
2
3k
ABEMAモバイルアプリが
Kotlin Multiplatformと歩んだ5年 ─ 導入と運用、成功と課題 / iOSDC 2025
Avatar for Akio Yasui akkyie
0
320
XP, Testing and ninja testing ZOZ5
Avatar for seki at druby.org m_seki
2
280

Featured

See All Featured
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
37
2.9k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
132
19k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.2k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1371
200k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
209
24k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
352
21k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
368
20k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.5k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
160
23k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
127
53k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting