Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
150
Jane & Webby
odolbeau
0
350
Translating a monolingual application
odolbeau
2
500
DX: Developer eXperience
odolbeau
1
67
DX: Developer eXperience
odolbeau
1
510
EasyAdminBundle introduction
odolbeau
0
160
REX API Platform
odolbeau
0
1.2k
Features flags at BlaBlaCar
odolbeau
5
990
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
460

Other Decks in Programming

See All in Programming
ソフトウェアエンジニアの成長
masuda220
PRO
10
1.1k
『テスト書いた方が開発が早いじゃん』を解き明かす #phpcon_nagoya
o0h
PRO
2
210
color-scheme: light dark; を完全に理解する
uhyo
3
310
定理証明プラットフォーム lapisla.net
abap34
1
1.8k
個人アプリを2年ぶりにアプデしたから褒めて / I just updated my personal app, praise me!
lovee
0
340
dbt Pythonモデルで実現するSnowflake活用術
trsnium
0
150
データベースのオペレーターであるCloudNativePGがStatefulSetを使わない理由に迫る
nnaka2992
0
150
メンテが命: PHPフレームワークのコンテナ化とアップグレード戦略
shunta27
0
120
Pulsar2 を雰囲気で使ってみよう
anoken
0
240
コミュニティ駆動 AWS CDK ライブラリ「Open Constructs Library」 / community-cdk-library
gotok365
2
120
Lottieアニメーションをカスタマイズしてみた
tahia910
0
130
責務と認知負荷を整える! 抽象レベルを意識した関心の分離
yahiru
2
410

Featured

See All Featured
Speed Design
sergeychernyshev
27
790
A designer walks into a library…
pauljervisheath
205
24k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
410
It's Worth the Effort
3n
184
28k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
21
2.5k
Testing 201, or: Great Expectations
jmmastey
42
7.2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
550
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.2k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting