Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Chris Fidao
January 24, 2016
Technology
1
300

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
fideloper
0
31
Refactoring Terraform - CloudCasts - Scaling EC2
fideloper
0
57
Scaling Laravel - Laracon.net 2018
fideloper
15
1.8k
Linux Environment
fideloper
1
10k
Server Survival
fideloper
29
23k
Powering Your Applications With Nginx
fideloper
9
7.7k
Hexagonal Architecture
fideloper
49
200k
Intro to etcd
fideloper
3
550
Service Oriented Architecture with a little help from NodeJS
fideloper
4
2.3k

Other Decks in Technology

See All in Technology
Amazon Q Developerで.NET Frameworkプロジェクトをモダナイズしてみた
kenichirokimura
1
200
機械学習を「社会実装」するということ 2025年版 / Social Implementation of Machine Learning 2025 Version
moepy_stats
5
1.1k
re:Invent 2024のふりかえり
beli68
0
110
信頼されるためにやったこと、 やらなかったこと。/What we did to be trusted, What we did not do.
bitkey
PRO
0
2.2k
デジタルアイデンティティ人材育成推進ワーキンググループ 翻訳サブワーキンググループ 活動報告 / 20250114-OIDF-J-EduWG-TranslationSWG
oidfj
0
540
Godot Engineについて調べてみた
unsoluble_sugar
0
400
Azureの開発で辛いところ
re3turn
0
240
Reactフレームワークプロダクトを
モバイルアプリにして、もっと便利に。 ユーザに価値を届けよう。/React Framework with Capacitor
rdlabo
0
130
2025年に挑戦したいこと
molmolken
0
160
.NET AspireでAzure Functionsやクラウドリソースを統合する
tsubakimoto_s
0
190
Evolving Architecture
rainerhahnekamp
3
250
20250116_自部署内でAmazon Nova体験会をやってみた話
riz3f7
1
100

Featured

See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
30
2.1k
For a Future-Friendly Web
brad_frost
176
9.5k
Code Reviewing Like a Champion
maltzj
521
39k
A better future with KSS
kneath
238
17k
Bash Introduction
62gerente
610
210k
Automating Front-end Workflow
addyosmani
1366
200k
It's Worth the Effort
3n
183
28k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
The Power of CSS Pseudo Elements
geoffreycrofte
74
5.4k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao