Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
290
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
470
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
670
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
120
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
570
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
210
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
650

Other Decks in Programming

See All in Programming
go directiveを最新にしすぎないで欲しい話──あるいは、Go 1.26からgo mod initで作られるgo directiveの値が変わる話 / Go 1.26 リリースパーティ
Avatar for Arthur arthur1
2
570
ロボットのための工場に灯りは要らない
Avatar for watany watany
11
3k
PHPのバージョンアップ時にも役立ったAST(2026年版)
Avatar for Atsushi Matsuo matsuo_atsushi
0
160
守る「だけ」の優しいEMを抜けて、 事業とチームを両方見る視点を身につけた話
Avatar for Mitsui maroon8021
3
1.1k
AI駆動開発の本音 〜Claude Code並列開発で見えたエンジニアの新しい役割〜
Avatar for hisuzuya hisuzuya
4
520
条件判定に名前、つけてますか? #phperkaigi #c
Avatar for Hiromi Hishida 77web
2
430
20260228_JAWS_Beginner_Kansai
Avatar for Takuya Yonezawa takuyay0ne
5
600
AWS Infrastructure as Code の新機能 2025 総まとめ 〜SA 4人による怒涛のデモ祭り〜
Avatar for Kenji Kono konokenj
10
3.4k
それはエンジニアリングの糧である:AI開発のためにAIのOSSを開発する現場より / It serves as fuel for engineering: insights from the field of developing open-source AI for AI development.
Avatar for nrs nrslib
0
340
S3ストレージクラスの「見える」「ある」「使える」は全部違う ─ 体験から見た、仕様の深淵を覗く
Avatar for ya_ma23 ya_ma23
0
780
ふつうの Rubyist、ちいさなデバイス、大きな一年
Avatar for bash0C7 bash0c7
0
1.1k
車輪の再発明をしよう!PHP で実装して学ぶ、Web サーバーの仕組みと HTTP の正体
Avatar for H1R0 h1r0
1
160

Featured

See All Featured
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
515
110k
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
160
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
470k
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
89
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
356
21k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
62
52k
Agile Actions for Facilitating Distributed Teams - ADO2019
Avatar for Mark Kilby mkilby
0
150
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
3k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.3k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
0
270

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting