Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
250
Jane & Webby
odolbeau
0
440
Translating a monolingual application
odolbeau
2
630
DX: Developer eXperience
odolbeau
1
100
DX: Developer eXperience
odolbeau
1
550
EasyAdminBundle introduction
odolbeau
0
190
REX API Platform
odolbeau
0
1.3k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
580
Other Decks in Programming
See All in Programming
ZOZOにおけるAI活用の現在 ~モバイルアプリ開発でのAI活用状況と事例~
zozotech
PRO
9
5.8k
AIの誤りが許されない業務システムにおいて“信頼されるAI” を目指す / building-trusted-ai-systems
yuya4
6
3.8k
UIデザインに役立つ 2025年の最新CSS / The Latest CSS for UI Design 2025
clockmaker
18
7.6k
大体よく分かるscala.collection.immutable.HashMap ~ Compressed Hash-Array Mapped Prefix-tree (CHAMP) ~
matsu_chara
2
220
C-Shared Buildで突破するAI Agent バックテストの壁
po3rin
0
400
手が足りない!兼業データエンジニアに必要だったアーキテクチャと立ち回り
zinkosuke
0
770
開発に寄りそう自動テストの実現
goyoki
2
1.2k
AIコーディングエージェント(skywork)
kondai24
0
180
Pythonではじめるオープンデータ分析〜書籍の紹介と書籍で紹介しきれなかった事例の紹介〜
welliving
1
260
Navigating Dependency Injection with Metro
l2hyunwoo
1
140
Full-Cycle Reactivity in Angular: SignalStore mit Signal Forms und Resources
manfredsteyer
PRO
0
150
AI時代を生き抜く 新卒エンジニアの生きる道
coconala_engineer
1
350
Featured
See All Featured
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
87
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
0
200
The untapped power of vector embeddings
frankvandijk
1
1.5k
Ethics towards AI in product and experience design
skipperchong
1
140
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
1
110
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
286
14k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
110
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
0
200
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
0
1.7k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
zozotech
yuya4
clockmaker
matsu_chara
po3rin
zinkosuke
goyoki
kondai24
welliving
l2hyunwoo
manfredsteyer
coconala_engineer
gurzu
keithpitt
garrettdimon
joshbly
frankvandijk
skipperchong
tammyeverts
stephaniewalter
dugsong
panda_program
reverentgeek
aleyda
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
