Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
220
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
400
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
570
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
97
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
540
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
180
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.3k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
510

Other Decks in Programming

See All in Programming
20250808_AIAgent勉強会_ClaudeCodeデータ分析の実運用〜競馬を題材に回収率100%の先を目指すメソッドとは〜
Avatar for Kakeru Sato kkakeru
0
200
MLH State of the League: 2026 Season
Avatar for Swift theycallmeswift
0
160
tool ディレクティブを導入してみた感想
Avatar for Sugar Sato sgash708
1
150
Rancher と Terraform
Avatar for Ryoma Fujiwara fufuhu
0
100
レガシープロジェクトで最大限AIの恩恵を受けられるようClaude Codeを利用する
Avatar for tk1351 tk1351
2
1.1k
Infer入門
Avatar for r1ru riru
4
1.6k
Scale out your Claude Code ~⁨⁩自社専用Agentで10xする開発プロセス~
Avatar for Yuku Kotani yukukotani
9
2.6k
Understanding Ruby Grammar Through Conflicts
Avatar for yui-knk yui_knk
1
120
SOCI Index Manifest v2が出たので調べてみた / Introduction to SOCI Index Manifest v2
Avatar for Tetsuya Kikuchi tkikuc
1
110
Langfuseと歩む生成AI活用推進
Avatar for matsukada licux
3
300
Claude Codeで実装以外の開発フロー、どこまで自動化できるか?失敗と成功
Avatar for ndaDayo.Sugawawa ndadayo
2
1.3k
オープンセミナー2025@広島 「君はどこで動かすか?」 アンケート結果
Avatar for Satoshi Kaneyasu satoshi256kbyte
0
200

Featured

See All Featured
Faster Mobile Websites
Avatar for Dean Hume deanohume
309
31k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
48
9.6k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
279
23k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
268
13k
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.7k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
46
7.6k
It's Worth the Effort
Avatar for 3n 3n
187
28k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
351
21k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
25
1.8k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting