Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
3k
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
320
Jane & Webby
odolbeau
0
500
Translating a monolingual application
odolbeau
2
690
DX: Developer eXperience
odolbeau
1
130
DX: Developer eXperience
odolbeau
1
580
EasyAdminBundle introduction
odolbeau
0
240
REX API Platform
odolbeau
0
1.4k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
680
Other Decks in Programming
See All in Programming
Spring Security 実践 ─ GraphQL APIで実務に役立つ 認証・認可 を学ぶ
wagyu
0
270
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.5k
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
330
ランチタイムLT会3周年!ランチタイムLT会を3年間続けられたお話
y0hgi
1
120
気づいたらRubyで100作品 ー クリエイティブコーディングが生活の一部になるまで / 100 Ruby Sketches Later: How Creative Coding Became Part of My Life
chobishiba
3
620
任せる範囲はこう広がった / How the Scope of AI Delegation Has Expanded
nrslib
1
220
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
210
Agentic UI
manfredsteyer
PRO
0
210
Developing with AI Agents — Codex, Claude Code & Cowork Practical Guide
x5gtrn
PRO
0
1.3k
軽量Java基盤の設計 DIコンテナに頼らない、長期保守と1秒起動の実現 JJUG CCC 2026 Spring
macha64
0
620
symfony/aiとlaravel/boost
77web
0
110
どこまでゆるくて許されるのか
tk3fftk
0
290
Featured
See All Featured
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
290
Designing for Timeless Needs
cassininazir
1
260
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.3k
The agentic SEO stack - context over prompts
schlessera
0
830
The SEO Collaboration Effect
kristinabergwall1
1
500
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Prompt Engineering for Job Search
mfonobong
0
360
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
123
22k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
400
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
170
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.3k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.9k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting