Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
3k
1
Share
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
300
Jane & Webby
odolbeau
0
480
Translating a monolingual application
odolbeau
2
680
DX: Developer eXperience
odolbeau
1
120
DX: Developer eXperience
odolbeau
1
580
EasyAdminBundle introduction
odolbeau
0
220
REX API Platform
odolbeau
0
1.4k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
660
Other Decks in Programming
See All in Programming
Xdebug と IDE による デバッグ実行の仕組みを見る / Exploring-How-Debugging-Works-with-Xdebug-and-an-IDE
shin1x1
0
340
レガシーPHP転生 〜父がドメインエキスパートだったのでDDD+Claude Codeでチート開発します〜
panda_program
0
550
Swift Concurrency Type System
inamiy
0
310
LM Linkで(非力な!)ノートPCでローカルLLM
seosoft
0
410
Coding at the Speed of Thought: The New Era of Symfony Docker
dunglas
0
4.7k
車輪の再発明をしよう!PHP で実装して学ぶ、Web サーバーの仕組みと HTTP の正体
h1r0
3
510
テレメトリーシグナルが導くパフォーマンス最適化 / Performance Optimization Driven by Telemetry Signals
seike460
PRO
2
220
2026-03-27 #terminalnight 変数展開とコマンド展開でターミナル作業をスマートにする方法
masasuzu
0
300
Running Swift without an OS
kishikawakatsumi
0
350
ファインチューニングせずメインコンペを解く方法
pokutuna
0
270
PHPのバージョンアップ時にも役立ったAST(2026年版)
matsuo_atsushi
0
290
Migration to Signals, Signal Forms, Resource API, and NgRx Signal Store @Angular Days 03/2026 Munich
manfredsteyer
PRO
0
240
Featured
See All Featured
The agentic SEO stack - context over prompts
schlessera
0
730
Music & Morning Musume
bryan
47
7.1k
How GitHub (no longer) Works
holman
316
150k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
64
53k
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
1
2.5k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
340
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
How to train your dragon (web standard)
notwaldorf
97
6.6k
The Invisible Side of Design
smashingmag
302
51k
4 Signs Your Business is Dying
shpigford
187
22k
Producing Creativity
orderedlist
PRO
348
40k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
shin1x1
panda_program
inamiy
seosoft
dunglas
h1r0
seike460
masasuzu
kishikawakatsumi
pokutuna
matsuo_atsushi
manfredsteyer
schlessera
bryan
holman
soudai
lindahogenes
rkendrick25
dougneiner
notwaldorf
smashingmag
shpigford
orderedlist
lfama
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
