Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Olivier Dolbeau
April 09, 2015
Programming
1
2.8k

Logs hunting

Talk given at sfLive 2015 Paris

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
0
110
Jane & Webby
odolbeau
0
330
Translating a monolingual application
odolbeau
2
470
DX: Developer eXperience
odolbeau
0
62
DX: Developer eXperience
odolbeau
0
490
EasyAdminBundle introduction
odolbeau
0
160
REX API Platform
odolbeau
0
1.2k
Features flags at BlaBlaCar
odolbeau
4
960
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
1
440

Other Decks in Programming

See All in Programming
PHPUnitしか使ってこなかった 一般PHPerがPestに乗り換えた実録
mashirou1234
0
230
return文におけるstd::moveについて
onihusube
1
1.2k
これでLambdaが不要に?!Step FunctionsのJSONata対応について
iwatatomoya
2
3.7k
Webエンジニア主体のモバイルチームの 生産性を高く保つためにやったこと
igreenwood
0
340
毎日13時間もかかるバッチ処理をたった3日で60%短縮するためにやったこと
sho_ssk_
1
180
선언형 UI에서의 상태관리
l2hyunwoo
0
180
Security_for_introducing_eBPF
kentatada
0
110
CQRS+ES の力を使って効果を感じる / Feel the effects of using the power of CQRS+ES
seike460
PRO
0
140
rails stats で紐解く ANDPAD のイマを支える技術たち
andpad
1
290
range over funcの使い道と非同期N+1リゾルバーの夢 / about a range over func
mackee
0
110
Beyond ORM
77web
7
960
どうして手を動かすよりもチーム内のコードレビューを優先するべきなのか
okashoi
3
190

Featured

See All Featured
Faster Mobile Websites
deanohume
305
30k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
Building Adaptive Systems
keathley
38
2.3k
Adopting Sorbet at Scale
ufuk
73
9.1k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
66k
Six Lessons from altMBA
skipperchong
27
3.5k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
What's in a price? How to price your products and services
michaelherold
243
12k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
GitHub's CSS Performance
jonrohan
1030
460k
Designing for humans not robots
tammielis
250
25k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting