Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logging with Docker and Kubernetes

Philipp Krenn
January 28, 2019
Programming
2
110

Logging with Docker and Kubernetes

Taking a look at the challenges of centralized logging with containers and the Elastic Stack:
* Containerize: How do you collect the logs with Docker? How should your application be logging and how do you work with legacy applications?
* Orchestrate: Stay on top of your logs even when services are short lived and dynamically allocated on Kubernetes.

Philipp Krenn

January 28, 2019
Tweet

More Decks by Philipp Krenn

See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
1.9k
360° Monitoring of Your Microservices
xeraa
7
3.2k
Scale Your Metrics with Elasticsearch
xeraa
4
120
YAML Considered Harmful
xeraa
0
1.9k
Scale Your Elasticsearch Cluster
xeraa
1
260
Hands-On ModSecurity and Logging
xeraa
2
120
Centralized Logging Patterns
xeraa
1
920
Dashboards for Your Management with Kibana Canvas
xeraa
1
440
Make Your Data FABulous
xeraa
3
750

Other Decks in Programming

See All in Programming
Front-end application development, Symfony-style(s)
dunglas
2
1.9k
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
110
What We Can Learn From OSS
inouehi
0
400
Semantic search with Django and pgvector
pauloxnet
0
240
Rails と人魚の話/rails-and-mermaid
sanfrecce_osaka
0
100
Javaエンジニアのための Nodejs/Nuxt3入門
hidekatsu_izuno
0
280
#phpcon_odawara オープン・クローズドなテストフィクスチャを求めて / open closed test fixtures
77web
3
210
CircleCIを活用して AWSへの継続的デリバリーを 実践する
coconala_engineer
1
230
[技育CAMPアカデミア]アイディアを形に!【超入門】スマホアプリ開発〜リリースまでの流れをご紹介
teamlab
PRO
0
340
App Router への移行は「改善」となり得るのか?/ Can migration to App Router be an improvement
takefumiyoshii
8
2.1k
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
220
GitHub Actionsで泣かないためにやっておきたい設定 / Recommended GHA settings to avoid crying
pinkumohikan
3
490

Featured

See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
115
18k
What's in a price? How to price your products and services
michaelherold
237
11k
Building Better People: How to give real-time feedback that sticks.
wjessup
354
18k
Adopting Sorbet at Scale
ufuk
67
8.6k
The Power of CSS Pseudo Elements
geoffreycrofte
59
5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
20
1.6k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
The MySQL Ecosystem @ GitHub 2015
samlambert
242
12k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
13
1.5k
From Idea to $5000 a Month in 5 Months
shpigford
377
45k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
356
22k

Transcript

  1. Logging with Docker and Kubernetes Philipp Krenn̴̴̴̴̴@xeraa ̴̴@xeraa

  2. None

  3. Developer ̴̴@xeraa

  4. ̴̴@xeraa

  5. ̴̴@xeraa

  6. ̴̴@xeraa

  7. ̴̴@xeraa

  8. ̴̴@xeraa

  9. None

  10. Disclaimer I build highly monitored Hello World apps ̴̴@xeraa

  11. Example: Java SLF4J, Logback, MDC ̴̴@xeraa

  12. And Everywhere Else .NET: NLog JavaScript: Winston Python: structlog PHP:

    Monolog ̴̴@xeraa

  13. ̴̴@xeraa

  14. Where to put Filebeat? Sidecar ̴̴@xeraa

  15. Legacy App: File ̴̴@xeraa

  16. ̴̴@xeraa

  17. Bind Mount Logs java_app: volumes: - './logs-docker/:/logs/' ... filebeat_for_logstash: volumes:

    - './logs-docker/:/mnt/logs/:ro' ... ̴̴@xeraa

  18. Collect Log Lines filebeat.inputs: - type: log paths: - /mnt/logs/*.log

    ̴̴@xeraa
  19. None

  20. Grok https://github.com/logstash-plugins/logstash-patterns-core/blob/ master/patterns/grok-patterns ̴̴@xeraa

  21. Dev Tools Grok Debugger ̴̴@xeraa

  22. [2018-09-28 10:30:38.516] ERROR net.xeraa.logging.LogMe [main] - user_experience= , session=46, loop=15

    - Wake me up at night java.lang.RuntimeException: Bad runtime... at net.xeraa.logging.LogMe.main(LogMe.java:30) ^\[%{TIMESTAMP_ISO8601:timestamp}\]%{SPACE}%{LOGLEVEL:level} %{SPACE}%{USERNAME:logger}%{SPACE}\[%{WORD:thread}\] %{SPACE}-%{SPACE}%{GREEDYDATA:mdc}%{SPACE}-%{SPACE} %{GREEDYDATA:themessage}(?:\n+(?<stacktrace>(?:.|\r|\n)+))? ̴̴@xeraa

  23. Elastic Common Schema https://github.com/ elastic/ecs ̴̴@xeraa

  24. Machine Learning Data Visualizer ̴̴@xeraa

  25. Log UI ̴̴@xeraa

  26. Infrastructure UI ̴̴@xeraa

  27. Monitoring: Logstash Pipeline Plus other components ̴̴@xeraa

  28. Log Appender: Logstash ̴̴@xeraa

  29. ̴̴@xeraa

  30. Log Appender: JSON ̴̴@xeraa

  31. ̴̴@xeraa

  32. Collect JSON filebeat.input: - type: log paths: - /mnt/logs/*.json fields_under_root:

    true json: message_key: message keys_under_root: true ̴̴@xeraa

  33. Docker: System Out ̴̴@xeraa

  34. ̴̴@xeraa

  35. https://github.com/elastic/beats/tree/ master/deploy/docker ̴̴@xeraa

  36. Docker Logs filebeat.autodiscover: providers: - type: docker hints.enabled: true ̴̴@xeraa

  37. Hints labels: - "app=fizzbuzz" - "co.elastic.logs/multiline.pattern=^\\[" - "co.elastic.logs/multiline.negate=true" - "co.elastic.logs/multiline.match=after"

    ̴̴@xeraa

  38. Metadata No metadata with other methods { "docker": { "container":

    { "image": "java-logging_java_app", "labels": { "com": { "docker": { "compose": { "container-number": "1", "project": "java-logging", "service": "java_app", "version": "1.23.2", "oneoff": "False", "config-hash": "2b38df3c73c6 1a68a37443c2006f3f3e4fc16c3c 2a1d7793f2a38841e274b607" } } }, "app": "fizzbuzz" }, "id": "9d6d5a7640a457a1e08c422cb0a08 f96ff3631fb5356f749b2ac7d8f3719687f" , "name": "java_app" } } } ̴̴@xeraa

  39. Registry File filebeat.registry_file: /usr/share/filebeat/data/registry ̴̴@xeraa

  40. Ingest Pipeline output.elasticsearch: hosts: ["http://elasticsearch:9200"] index: "docker" pipelines: - pipeline:

    "parse_java" when.contains: docker.container.name: "java_app" ̴̴@xeraa

  41. Ingest Pipeline { "description" : "Parse Java log lines", "processors":

    [ { "grok": { "field": "message", "patterns": [ "^\\[%{TIMESTAMP_ISO8601:timestamp}\\]%{SPACE}%{LOGLEVEL:log.level} %{SPACE}%{USERNAME:log.package}%{SPACE}\\[%{WORD:log.method}\\]%{SPACE}- %{SPACE}%{GREEDYDATA:labels}%{SPACE}-%{SPACE}%{GREEDYDATA:message_rest}(?:\\n+(?<stacktrace>(?:.|\\r|\\n)+))?" ], "ignore_failure": true } } ] } Note: \\, message vs message_rest, @timestamp vs timestamp, ignore_failure ̴̴@xeraa

  42. _._ _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 4.0.9 (00000000/0)

    64 bit .-`` .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in stand alone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 55757 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | http://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-' ̴̴@xeraa

  43. Configuration Templates filebeat.autodiscover: providers: - type: docker templates: - condition:

    equals: docker.container.image: redis config: - type: docker containers.ids: - "${data.docker.container.id}" exclude_lines: ["^\\s+[\\-`('.|_]"] # Drop asciiart lines ̴̴@xeraa

  44. ̴̴@xeraa

  45. Where to put Filebeat? DaemonSet ̴̴@xeraa

  46. https://github.com/elastic/beats/tree/ master/deploy/kubernetes ̴̴@xeraa

  47. Metadata Either in cluster or not processors: - add_kubernetes_metadata: in_cluster:

    true - add_kubernetes_metadata: in_cluster: false host: <hostname> kube_config: ${HOME}/.kube/config ̴̴@xeraa

  48. Metadata { "host": "172.17.0.21", "port": 9090, "kubernetes": { "container": {

    "id": "382184ecdb385cfd5d1f1a65f78911054c8511ae009635300ac28b4fc357ce51", "image": "my-java:1.0.0", "name": "my-java" }, "labels": { "app": "java", }, "namespace": "default", "node": { "name": "minikube" }, "pod": { "name": "java-2657348378-k1pnh" } }, } ̴̴@xeraa

  49. Configuration Templates filebeat.autodiscover: providers: - type: kubernetes templates: - condition:

    equals: kubernetes.namespace: redis config: - type: docker containers.ids: - "${data.kubernetes.container.id}" exclude_lines: ["^\\s+[\\-`('.|_]"] # Drop asciiart lines ̴̴@xeraa

  50. Customize Indices output.elasticsearch: index: "%{[kubernetes.namespace]:filebeat}-%{[beat.version]}-%{+yyyy.MM.dd}" ̴̴@xeraa

  51. Conclusion̴̴ ̴̴@xeraa

  52. Examples https://github.com/xeraa/java-logging ̴̴@xeraa

  53. Legacy log file Log appender to Logstash Log appender to

    JSON Docker System Out ̴̴@xeraa

  54. Questions?̴̴ Philipp Krenn̴̴̴̴̴@xeraa ̴̴@xeraa