Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
170
Jane & Webby
odolbeau
0
370
Translating a monolingual application
odolbeau
2
510
DX: Developer eXperience
odolbeau
1
70
DX: Developer eXperience
odolbeau
1
530
EasyAdminBundle introduction
odolbeau
0
160
REX API Platform
odolbeau
0
1.3k
Features flags at BlaBlaCar
odolbeau
5
1k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
470
Other Decks in Programming
See All in Programming
Domain-Driven Design (Tutorial)
hschwentner
13
22k
AIエージェントを活用したアプリ開発手法の模索
kumamotone
1
650
もっと大きなデータを送りませんか? エラーがゴロゴロ出るようなデータです
sublimer
0
170
GDG Super.init(version=6) - From Where to Wear : 모바일 개발자가 워치에서 발견한 인사이트
haeti2
0
500
SREチームのタスク優先度と向き合う Road to SRE NEXT@札幌
nealle
0
130
Go1.24で testing.B.Loopが爆誕
kuro_kurorrr
0
120
Boost Your Web Performance with Hyperdrive
chimame
1
220
イベントソーシングによってインピーダンスミスマッチから解放された話
tkawae
1
140
Introduction to C Extensions
sylph01
3
150
ニックトレイン登壇資料
ryotakurokawa
0
110
Functional APIから再考するLangGraphを使う理由
os1ma
4
600
生産性アップのためのAI個人活用
kunoyasu
0
450
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Gamification - CAS2011
davidbonilla
80
5.2k
Building Your Own Lightsaber
phodgson
104
6.3k
Designing Experiences People Love
moore
140
23k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.4k
Building Applications with DynamoDB
mza
93
6.3k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
134
33k
4 Signs Your Business is Dying
shpigford
183
22k
Agile that works and the tools we love
rasmusluckow
328
21k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
hschwentner
kumamotone
sublimer
haeti2
nealle
kuro_kurorrr
chimame
tkawae
sylph01
ryotakurokawa
os1ma
kunoyasu
yeseniaperezcruz
davidbonilla
phodgson
moore
palkan
mza
eileencodes
shpigford
rasmusluckow
danielanewman
marcelosomers
rmw
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
