Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
240
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
440
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
600
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
100
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
550
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
180
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.3k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
560

Other Decks in Programming

See All in Programming
flutter_kaigi_2025.pdf
Avatar for Kyohei Ito kyoheig3
1
350
Agentに至る道 〜なぜLLMは自動でコードを書けるようになったのか〜
Avatar for mackee mackee
5
1.8k
2026年向け会社紹介資料
Avatar for Yasutaka misu
0
250
モデル駆動設計をやってみよう Modeling Forum2025ワークショップ/Let’s Try Model-Driven Design
Avatar for haru860 haru860
0
170
Evolving NEWT’s TypeScript Backend for the AI-Driven Era
Avatar for Rodrigo Ramirez xpromx
0
120
Promise.tryで実現する新しいエラーハンドリング New error handling with Promise try
Avatar for おおいし bicstone
3
510
GeistFabrik and AI-augmented software development
Avatar for Ade Oshineye adewale
PRO
0
110
Phronetic Team with AI - Agile Japan 2025 closing
Avatar for Kenji Hiranabe hiranabe
2
650
PyCon mini 東海 2025「個人ではじめるマルチAIエージェント入門 〜LangChain × LangGraphでアイデアを形にするステップ〜」
Avatar for komo_fr komofr
3
1.1k
TypeScript 5.9で使えるようになった import defer でパフォーマンス最適化を実現する
Avatar for おおいし bicstone
1
220
無秩序からの脱却 / Emergence from chaos
Avatar for nrs nrslib
1
5.4k
AI時代もSEOを頑張っている話
Avatar for しらはま shirahama_x
0
100

Featured

See All Featured
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.3k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
Docker and Python
Avatar for Tania Allard trallard
46
3.7k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.6k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
760
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.2k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting