Tweet
Tweet

Slide 1

Slide 1 text

Logstash Lunch and Learn CMGD 03/22/2012

Slide 2

Slide 2 text

whoami ● @lusis ● #atl ● #devops ● #ruby ● #monitoringsucks ● @enstratus

Slide 3

Slide 3 text

Logstash ● Started by Jordan Sissel and Pete Fritchman ● ~2004 ● Inputs → Filters → Outputs ● Jruby (and now limited YARV support) ● UNIX pipe with super powers

Slide 4

Slide 4 text

Inputs ● AMQP ● Exec ● File ● Heroku ● Pipe ● Redis ● STDIN ● Stomp ● Syslog* ● TCP ● UDP* ● Twitter ● XMPP ● ZeroMQ

Slide 5

Slide 5 text

Filters ● Date* ● DNS ● Environment ● Gelfify ● Grep* ● Grok* ● Grok Discovery ● JSON ● Multiline* ● Mutate ● Split ● ZeroMQ(!)

Slide 6

Slide 6 text

Outputs ● AMQP ● ElasticSearch ● ElasticSearch River ● File ● Ganglia ● Graphite ● Juggernaut ● Loggly ● Metric Catcher ● MongoDB ● Nagios ● Nagios NCSA ● Pipe ● Redis ● Riemann ● Statsd ● STDOUT ● Stomp ● TCP ● WebSockets ● XMPP ● Zabbix ● ZeroMQ

Slide 7

Slide 7 text

Not just for logs ● Event (Timestamp + data) ● Logstash ALL the things ● It's like …

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

or

Slide 10

Slide 10 text

You can do cool stuff like

Slide 11

Slide 11 text

or

Slide 12

Slide 12 text

Configs

Slide 13

Slide 13 text

MOAR CONFIGS

Slide 14

Slide 14 text

EVEN MOAR CONFIGS

Slide 15

Slide 15 text

!!!!!1111!!1!1111!!!!!

Slide 16

Slide 16 text

If you send it to Logstash you can ... ● Slice it ● Dice it ● Scatter, Smother, Cover it ● Love it, Hate it ● Chew it up ● Spit it out (wherever you want)

Slide 17

Slide 17 text

Question Time! (yes this is Comic Sans)