Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
280
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
460
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
670
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
110
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
570
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
200
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
650

Other Decks in Programming

See All in Programming
Go1.26 go fixをプロダクトに適用して困ったこと
Avatar for Hiroki Kurasawa kurakura0916
0
220
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
Avatar for tasshi tasshi
0
240
今更考える「単一責任原則」 / Thinking about the Single Responsibility Principle
Avatar for philomagi tooppoo
1
550
Claude Codeと2つの巻き戻し戦略 / Two Rewind Strategies with Claude Code
Avatar for 果物リン fruitriin
0
180
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
120
Package Management Learnings from Homebrew
Avatar for Mike McQuaid mikemcquaid
0
270
2026/02/04 AIキャラクター人格の実装論 口 調の模倣から、コンテキスト制御による 『思想』と『行動』の創発へ
Avatar for Sald ra sr2mg4
0
550
「ブロックテーマでは再現できない」は本当か?
Avatar for Takashi Kitajima inc2734
0
1.1k
Metaprogramming isn't real, it can't hurt you
Avatar for Masafumi Okura okuramasafumi
0
120
Sekiban + Microsoft Orleans のアクターをAWS対応しました / Sekiban + Microsoft Orleans actors are now supported on AWS.
Avatar for Tomohisa Takaoka tomohisa
0
120
AI主導でFastAPIのWebサービスを作るときに 人間が構造化すべき境界線
Avatar for Jun okazaki okajun35
0
180
CSC307 Lecture 10
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
690

Featured

See All Featured
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
Everyday Curiosity
Avatar for Cassini Nazir cassininazir
0
140
Abbi's Birthday
Avatar for Violet Bock coloredviolet
2
4.9k
How to build a perfect <img>
Avatar for Jono Alderson jonoalderson
1
5.2k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
160
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
Avatar for Tech SEO Connect techseoconnect
PRO
0
72
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.2k
The Curse of the Amulet
Avatar for Matthew Lei leimatthew05
1
9k
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.6k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
75
5.1k
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
200

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting