Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
220
Jane & Webby
odolbeau
0
400
Translating a monolingual application
odolbeau
2
560
DX: Developer eXperience
odolbeau
1
95
DX: Developer eXperience
odolbeau
1
540
EasyAdminBundle introduction
odolbeau
0
180
REX API Platform
odolbeau
0
1.3k
Features flags at BlaBlaCar
odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
510
Other Decks in Programming
See All in Programming
Understanding Kotlin Multiplatform
l2hyunwoo
0
250
Claude Code で Astro blog を Pages から Workers へ移行してみた
codehex
0
170
Vibe Codingの幻想を超えて-生成AIを現場で使えるようにするまでの泥臭い話.ai
fumiyakume
21
10k
Jakarta EE Meets AI
ivargrimstad
0
570
バイブコーディングの正体——AIエージェントはソフトウェア開発を変えるか?
stakaya
5
710
プロダクトという一杯を作る - プロダクトチームが味の責任を持つまでの煮込み奮闘記
hiliteeternal
0
370
Flutterと Vibe Coding で個人開発!
hyshu
1
220
構文解析器入門
ydah
7
2k
202507_ADKで始めるエージェント開発の基本 〜デモを通じて紹介〜(奥田りさ)The Basics of Agent Development with ADK — A Demo-Focused Introduction
risatube
PRO
6
1.4k
NEWT Backend Evolution
xpromx
1
170
Claude Code と OpenAI o3 で メタデータ情報を作る
laket
0
110
Gemini CLIの"強み"を知る! Gemini CLIとClaude Codeを比較してみた!
kotahisafuru
3
910
Featured
See All Featured
Why Our Code Smells
bkeepers
PRO
337
57k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Raft: Consensus for Rubyists
vanstee
140
7k
The Invisible Side of Design
smashingmag
301
51k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
Become a Pro
speakerdeck
PRO
29
5.5k
How STYLIGHT went responsive
nonsquared
100
5.7k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
l2hyunwoo
codehex
fumiyakume
ivargrimstad
stakaya
hiliteeternal
hyshu
ydah
risatube
xpromx
laket
kotahisafuru
bkeepers
reverentgeek
rmw
bluesmoon
vanstee
smashingmag
jcasabona
thoeni
speakerdeck
nonsquared
maggiecrowley
stephaniewalter
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
