Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FileBeat (Won't save you from the JVM)

Avatar for Chris Fidao Chris Fidao
January 24, 2016
Technology
1
340

FileBeat (Won't save you from the JVM)

A quick presentation about using Elastic's FileBeat for log aggregation.

Avatar for Chris Fidao

Chris Fidao

January 24, 2016
Tweet

More Decks by Chris Fidao

See All by Chris Fidao
Development Environments that Feel Local
Avatar for Chris Fidao fideloper
0
69
Refactoring Terraform - CloudCasts - Scaling EC2
Avatar for Chris Fidao fideloper
0
88
Scaling Laravel - Laracon.net 2018
Avatar for Chris Fidao fideloper
15
1.9k
Linux Environment
Avatar for Chris Fidao fideloper
1
11k
Server Survival
Avatar for Chris Fidao fideloper
29
23k
Powering Your Applications With Nginx
Avatar for Chris Fidao fideloper
9
7.7k
Hexagonal Architecture
Avatar for Chris Fidao fideloper
49
200k
Intro to etcd
Avatar for Chris Fidao fideloper
3
600
Service Oriented Architecture with a little help from NodeJS
Avatar for Chris Fidao fideloper
4
2.3k

Other Decks in Technology

See All in Technology
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.9k
隙間ツール開発のすすめ / PHP Conference Fukuoka 2025
Avatar for meihei meihei3
0
310
AI時代におけるドメイン駆動設計 入門 / Introduction to Domain-Driven Design in the AI ​​Era
Avatar for Futoshi Endo fendo181
0
660
エンジニア採用と 技術広報の取り組みと注力点/techpr1112
Avatar for Ichiro Nishiuma nishiuma
0
130
品質保証の取り組みを広げる仕組みづくり〜スキルの移譲と自律を支える実践知〜
Avatar for tarappo tarappo
2
830
マウントとるやつ、リリースするやつ
Avatar for おーつき otsuki
1
110
CodexでもAgent Skillsを使いたい
Avatar for Gota gotalab555
9
4.4k
【Android】テキスト選択色の問題修正で心がけたこと
Avatar for tonionagauzzi tonionagauzzi
0
130
Claude Code 10連ガチャ
Avatar for uhyo uhyo
3
650
Data & AIの未来とLakeHouse
Avatar for Satoru Ishikawa ishikawa_satoru
0
710
Data Engineering Guide 2025 #data_summit_findy by @Kazaneya_PR / 20251106
Avatar for 風音屋 (Kazaneya) kazaneya
PRO
11
2.2k
Redux → Recoil → Zustand → useSyncExternalStore: 状態管理の10年とReact本来の姿
Avatar for ZOZO Developers zozotech
PRO
1
220

Featured

See All Featured
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.2k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.5k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
740
Docker and Python
Avatar for Tania Allard trallard
46
3.6k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
9.7k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7.2k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
239
140k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
470k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k

Transcript

  1. FileBeat (Won’t save you from the JVM)

  2. Beats Data Shippers for Elasticsearch (written in Golang)

  3. PacketBeat TopBeat

  4. FileBeat

  5. Versus:

  6. !

  7. None
  8. None
  9. None

  10. Goal: "

  11. # Download Filebeat Package (Debian/Ubuntu) curl -L -O https://download.elastic.co/beats/filebeat/ filebeat_1.0.1_amd64.deb

    # Install from .deb file, # without worrying about dependencies, # because Golang ! sudo dpkg -i filebeat_1.0.1_amd64.deb #!/usr/bin/env bash

  12. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: elasticsearch: hosts: [“https://search-sadevops.us-east-1.es.aws.com:443"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml

  13. useless (un-parsed message)

  14. Plaintext Log Message useless

  15. You Can’t Escape the JVM

  16. None

  17. Plaintext Log Message Parsed Log (JSON)

  18. # Install Java sudo apt-get install -y openjdk-7-jdk # Add

    ES Key wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add - # Add Repo echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee /etc/apt/sources.list.d/logstash.list # Update and install package sudo apt-get update sudo apt-get install -y logstash # Install Filebeat Plugin sudo /opt/logstash/bin/plugin install logstash-input-beats On a new server…

  19. input { beats { type => beats port => 5044

    } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } remove_tag => ["_grokparsefailure"] add_tag => ["nginx_access"] } } output { elasticsearch { hosts => ["search-sadevops.us-east-1.es.aws.com:80"] } } /etc/logstash/conf.d/filebeat.conf

  20. filebeat: prospectors: - paths: - /var/log/nginx/*.log input_type: log - paths:

    - /var/log/php7.0-fpm.log input_type: log output: logstash: hosts: ["172.31.28.187:5044"] shipper: tags: ["web-service", "or-like-whatever"] /etc/filebeat/filebeat.yml
  21. None
  22. None

  23. $ ab -n 50000 -c 2 localhost/ mehhhhhh

  24. 40% 250mb

  25. Conclusion: (for my use case) Fluentd is good enough. •One

    less server (yay!) •Trade-off of more ram used: acceptable •JVM is “scary”, because I’m ignorant •(But PacketBeat and TopBeat look really useful)

  26. @fideloper Thanks! Chris Fidao