Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Avatar for Chris Fidao Chris Fidao
January 24, 2016
Technology
1
320

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.
Avatar for Chris Fidao

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
Avatar for Chris Fidao fideloper
0
45
Refactoring Terraform - CloudCasts - Scaling EC2
Avatar for Chris Fidao fideloper
0
69
Scaling Laravel - Laracon.net 2018
Avatar for Chris Fidao fideloper
15
1.9k
Linux Environment
Avatar for Chris Fidao fideloper
1
10k
Server Survival
Avatar for Chris Fidao fideloper
29
23k
Powering Your Applications With Nginx
Avatar for Chris Fidao fideloper
9
7.7k
Hexagonal Architecture
Avatar for Chris Fidao fideloper
49
200k
Intro to etcd
Avatar for Chris Fidao fideloper
3
570
Service Oriented Architecture with a little help from NodeJS
Avatar for Chris Fidao fideloper
4
2.3k

Other Decks in Technology

See All in Technology
とあるEdTechベンチャーのシステム構成こだわりN選 / edtech-system
Avatar for k.goto gotok365
4
300
Cursorを全エンジニアに配布 その先に見据えるAI駆動開発の未来 / 2025-05-13-forkwell-ai-study-1-cursor-at-loglass
Avatar for Hiroshi Ito itohiro73
2
510
猫でもわかるS3 Tables【Apache Iceberg編】
Avatar for Hiroo Katoh kentapapa
2
200
Google Cloud Next 2025 Recap アプリケーション開発を加速する機能アップデート / Application development-related features of Google Cloud
Avatar for turbofish ryokotmng
0
190
Sleep-time Compute: LLM推論コスト削減のための事前推論
Avatar for sergicalsix sergicalsix
1
120
Google Cloud Next 2025 Recap 生成AIモデルとマーケティングでのコンテンツ生成 / Generative AI models and content creation in marketing
Avatar for Kyohei Saito kyou3
0
180
経済メディア編集部の実務に小さく刺さるAI / small-ai-with-editorial
Avatar for Yukiya Nakagawa nkzn
2
390
Ninno LT
Avatar for Yasunobu Kawaguchi kawaguti
PRO
1
120
2025年8月から始まるAWS Lambda INITフェーズ課金/AWS Lambda INIT phase billing changes
Avatar for quiver quiver
1
1k
続・やっぱり余白が大切だった話
Avatar for KAKEHASHI kakehashi
PRO
3
320
使えるデータ基盤を作る技術選定の秘訣 / selecting-the-right-data-technology
Avatar for pei0804 pei0804
6
1.2k
encoding/json v2を予習しよう!
Avatar for yuyu_hf yuyu_hf
PRO
0
120

Featured

See All Featured
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
223
9.6k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.2k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.7k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
54
5.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
47
2.7k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
187
11k
Fontdeck: Realign not Redesign
Avatar for Paul Robert Lloyd paulrobertlloyd
84
5.5k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.7k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
129
19k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
21k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao