$whoami Pere Urbon-Bayes (Software Engineer since ever) Have always worked with databases, data and analytics. GraphDevRoom@FOSDEM When not coding I enjoy my time with my wife and kid. I also enjoy movies and tv series, and used to like running, too. Basically, I’m doing everything to enjoy live. 2
What is the current Logstash throughput? 6 Logstash is blocked?, ask for a hot threads dump. Worried about OOM? ask for memory consumption. Broken by plugin instance. Per instance and node. to be continued……
Web API resources • Current web api resources: • http://localhost:9600/_node/hot_threads • http://localhost:9600/_node/stats/ • http://localhost:9600/_node/stats/events • http://localhost:9600/_stats/jvm • http://localhost:9600/_plugins/ • ….. 7
Step 1: Config Reloading Previously: Any config change made to file required a process restart Feedback loop for development/ testing slow Processing pipeline must be long living 11 File watched for changes or SIGHUP triggers reload Current Pipeline stopped Config Validated New Pipeline started - no process restart Why? How?
The java reincarnation • Logstash is based on JRuby, Ruby on top of the JVM • Some core components are being rewritten in plain java. • First step: the event representation. • Introduced in 2.3.0, reverted in 2.3.1, on track for 5.0. • Provide the foundations for upcoming persistence queues, this change will be backwards due to the nice introp between JRuby and Java. • Will enable not just ruby plugins, but using any JVM languages • And not only about this, but performance ….. 14
Native offline plugins management support • Build your plugins bundle to be used in offline environments • bin/logstash-plugin pack • bin/logstash-plugin unpack • bin/logstash-plugin install --local • Use your own private plugins server • Geminabox, Gemirro, Artifactory, Gemfury, … • Edit the Gemfile to use the new server. Manage plugins in offline environments made easier 18
Long life to Logstash Forwarder, welcome Filebeat • LSF is deprecated, next generation harvester is Filebeat. • Written in Go and configured in YAML. • Available as deb, rpm, linux (32 and 64bit), mac and windows binaries. • Similar feature sets as LSF, including: • Send data direct to Elasticsearch • Send data to Logstash (logstah-forwarder protocol 2.0) • Security as first class citizen • HTTPS for Elasticsearch • TLS for Logstash 22
Migration to Filebeat • Configuration file changed from JSON to YAML • The registry file has been changed, this file track the data transfer status • Recommendation: Use both in parallel until data sync is complete • Command line options where moved as settings • Mostly all removed, filebeat provides default values in settings. • The new beats input is required in the Logstash side. • Latest version enable LSF to talk to the beats input plugins, reducing migration friction. 25
This that might break up for 5.0 • New Event API proposal [#5141] • bin/plugin is now bin/logstash-plugin [#4871] • Require Java 8 as default [#3877] • Fieldref StringInterpolation and Fixnum/Float values [#5114] • Add support for x-pack’s [#4872] • Runner cleanup [#3148, #3860] • Use settings file to complement command line arguments [#4401] 30
purbon
miyashino
yukin01
kawagoi
coconala_engineer
lmt_swallow
hiashisan
kawajiritakayuki
smt7174
tmokmss
lmi
ryokaneoka0406
colopl
dougneiner
chriscoyier
bkeepers
lara
erikaheidi
destraynor
stephaniewalter
deanohume
eileencodes
rocio
geeforr
matthewcrist