Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
280
Jane & Webby
odolbeau
0
460
Translating a monolingual application
odolbeau
2
670
DX: Developer eXperience
odolbeau
1
110
DX: Developer eXperience
odolbeau
1
570
EasyAdminBundle introduction
odolbeau
0
200
REX API Platform
odolbeau
0
1.4k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
640
Other Decks in Programming
See All in Programming
QAフローを最適化し、品質水準を満たしながらリリースまでの期間を最短化する #RSGT2026
shibayu36
2
4.4k
Data-Centric Kaggle
isax1015
2
770
そのAIレビュー、レビューしてますか? / Are you reviewing those AI reviews?
rkaga
6
4.6k
Automatic Grammar Agreementと Markdown Extended Attributes について
kishikawakatsumi
0
190
Implementation Patterns
denyspoltorak
0
290
20260127_試行錯誤の結晶を1冊に。著者が解説 先輩データサイエンティストからの指南書 / author's_commentary_ds_instructions_guide
nash_efp
1
960
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
570
AIによる開発の民主化を支える コンテキスト管理のこれまでとこれから
mulyu
3
270
Grafana:建立系統全知視角的捷徑
blueswen
0
330
Oxlintはいいぞ
yug1224
5
1.3k
AIフル活用時代だからこそ学んでおきたい働き方の心得
shinoyu
0
130
疑似コードによるプロンプト記述、どのくらい正確に実行される?
kokuyouwind
0
380
Featured
See All Featured
The SEO identity crisis: Don't let AI make you average
varn
0
240
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
50
Why Our Code Smells
bkeepers
PRO
340
58k
Test your architecture with Archunit
thirion
1
2.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
From π to Pie charts
rasagy
0
120
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
117
110k
Odyssey Design
rkendrick25
PRO
1
490
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
270
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
The SEO Collaboration Effect
kristinabergwall1
0
350
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
shibayu36
isax1015
rkaga
kishikawakatsumi
denyspoltorak
nash_efp
ivargrimstad
mulyu
blueswen
yug1224
shinoyu
kokuyouwind
varn
akademiya2063
bkeepers
thirion
chrisshort
rasagy
twada
rkendrick25
aleyda
akashhashmi
bcantrill
kristinabergwall1
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
