Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
240
Jane & Webby
odolbeau
0
410
Translating a monolingual application
odolbeau
2
590
DX: Developer eXperience
odolbeau
1
98
DX: Developer eXperience
odolbeau
1
550
EasyAdminBundle introduction
odolbeau
0
180
REX API Platform
odolbeau
0
1.3k
Features flags at BlaBlaCar
odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
510
Other Decks in Programming
See All in Programming
Serena MCPのすすめ
wadakatu
4
1k
Devoxx BE 2025 Loom lab
josepaumard
0
100
エンジニアインターン「Treasure」とHonoの2年、そして未来へ / Our Journey with Hono Two Years at Treasure and Beyond
carta_engineering
0
330
Devoxx BE - Local Development in the AI Era
kdubois
0
130
なぜあの開発者はDevRelに伴走し続けるのか / Why Does That Developer Keep Running Alongside DevRel?
nrslib
3
410
スマホから Youtube Shortsを見られないようにする
lemolatoon
27
33k
詳しくない分野でのVibe Codingで困ったことと学び/vibe-coding-in-unfamiliar-area
shibayu36
3
5.1k
One Enishi After Another
snoozer05
PRO
0
120
Catch Up: Go Style Guide Update
andpad
0
230
PHPに関数型の魂を宿す〜PHP 8.5 で実現する堅牢なコードとは〜 #phpcon_hiroshima / phpcon-hiroshima-2025
shogogg
1
270
CSC509 Lecture 04
javiergs
PRO
0
300
CSC509 Lecture 05
javiergs
PRO
0
300
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
253
22k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Rails Girls Zürich Keynote
gr2m
95
14k
A better future with KSS
kneath
239
18k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Embracing the Ebb and Flow
colly
88
4.9k
RailsConf 2023
tenderlove
30
1.3k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.6k
Code Review Best Practice
trishagee
72
19k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting