Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
3k
1

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
300
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
490
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
690
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
130
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
580
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
220
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
670

Other Decks in Programming

See All in Programming
エラー処理の温故知新 / history of error handling technic
Avatar for nakaryo ryotanakaya
6
1.6k
2026_04_15_量子計算をパズルとして解く
Avatar for HideakiTakechi hideakitakechi
0
120
10年分の技術的負債、完済へ ― Claude Code主導のAI駆動開発でスポーツブルを丸ごとリプレイスした話
Avatar for nero15 takuya_houshima
0
2.6k
HTML-Aware ERB: The Path to Reactive Rendering @ RubyKaigi 2026, Hakodate, Japan
Avatar for Marco Roth marcoroth
0
290
Going Multiplatform with Your Android App (Android Makers 2026)
Avatar for Márton Braun zsmb
2
450
運転動画を検索可能にする〜Cosmos-Embed1とDatabricks Vector Searchで〜/cosmos-embed1-databricks-vector-search
Avatar for 開発室Graph studio_graph
1
450
事業会社でのセキュリティ長期インターンについて
Avatar for inlet-back masachikaura
1
270
JAWS-UG横浜 #100 祝・第100回スペシャル AWS は VPC レスの時代へ
Avatar for maroon1st maroon1st
0
180
〜バイブコーディングを超えて〜 チームで実験し続けたAI駆動開発
Avatar for Toranosuke Minamikawa tigertora7571
0
170
The Monolith Strikes Back: Why AI Agents ❤️ Rails Monoliths
Avatar for Rodrigo Serradura serradura
0
350
AWSコミュニティ活動は顧客のクラウド推進に効くのか / Do AWS community activities help customers adopt the cloud?
Avatar for shiro seike seike460
PRO
0
150
Programming with a DJ Controller — not vibe coding
Avatar for seki at druby.org m_seki
3
260

Featured

See All Featured
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
230
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
110
Measuring Dark Social's Impact On Conversion and Attribution
Avatar for Stephen Akadiri stephenakadiri
2
190
Paper Plane (Part 1)
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
6.8k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.4k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
85
9.5k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k
Mind Mapping
Avatar for Hélio Medeiros helmedeiros
PRO
1
170
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
1
530
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
61
43k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.7k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting