SlideShare una empresa de Scribd logo

Logstash infrastructure log management

David Lutz
David Lutz

Logstash is a tool for managing logs that allows users to collect logs from various sources, parse them, and output the data to multiple destinations. It provides inputs to collect logs from different systems, filters to parse and transform the log data, and outputs to send the data to places like Elasticsearch, Graphite, or other applications. The document provides examples of using Logstash to collect Apache logs, parse them using Grok filters, and output the results to Elasticsearch for searching and Graphite via StatsD for metrics.

Tecnología
1 de 19
Descargar para leer sin conexión
logstash Infrastructure Coders Melbourne April 2013 David Lutz @dlutzy
What does logstash do? It does "stuff" with log files.
Typical day (or night) in the life of a sysadmin... Something's wrong. Check the log files. How?
grep
cat grep sed awk tail sort
and pipes lots of pipes
Fine if you have one server. But what if you have 10 or 100 or 1000 for i in `seq 1 10` ; do ssh server$i blah blah; done cluster ssh Splunk perhaps? Problems with Splunk...
1.eats log files 2. digests data 3. spits it out into other apps
inputs ● amqp ● drupal_dblog ● eventlog ● exec ● file ● ganglia ● gelf ● gemfire ● generator ● heroku ● irc ● log4j ● lumberjack ● pipe ● redis ● relp ● sqs ● stdin ● stomp ● syslog ● tcp ● twitter ● udp ● xmpp ● zenoss ● zeromq
filters ● alter ● anonymize ● checksum ● csv ● date ● dns ● environment ● gelfify ● geoip ● grep ● grok ● grokdiscovery ● grokdiscovery ● json ● kv ● metrics ● multiline ● mutate ● noop ● split ● syslog_pri ● urldecode ● xml ● zeromq
outputs ● amqp ● boundary ● circonus ● cloudwatch ● datadog ● elasticsearch ● elasticsearch_http ● elasticsearch_river ● email ● exec ● file ● ganglia ● gelf ● gemfire ● graphite ● graphtastic ● http ● internal ● irc ● juggernaut ● librato ● loggly ● lumberjack ● metriccatcher ● mongodb ● nagios ● nagios_nsca ● null ● opentsdb ● pagerduty ● pipe ● redis ● riak ● riemann ● sns ● sqs ● statsd ● stdout ● stomp ● syslog ● tcp ● websocket ● xmpp ● zabbix ● zeromq
How to: install logstash wget http://logstash.objects. dreamhost.com/release/logstash- 1.1.9-monolithic.jar easy!
How to: run logstash java -jar logstash-1.1.9-monolithic. jar agent -f logstash.conf -- web easy!
How to: get some apache logs in input { tcp { type => "apache" port => 3333 } }
How to: get some apache logs in tail -f /var/log/apache2/access.log | nc localhost 3333
How to: digest the logs filter { grok { type => "apache" pattern => "%{COMBINEDAPACHELOG}" } date { type => "apache" timestamp => "dd/MMM/yyyy:HH:mm:ss Z" } }
How to: output to elasticsearch output { elasticsearch { embedded => false } }
How to: output to elasticsearch and graphite via statsd output { elasticsearch { embedded => false } statsd { increment => "apache.response.%{response}" } }

Recomendados

Node collaboration - sharing information between your systems
Node collaboration - sharing information between your systemsNode collaboration - sharing information between your systems
Node collaboration - sharing information between your systemsm_richardson
 
Designing Tracing Tools
Designing Tracing ToolsDesigning Tracing Tools
Designing Tracing ToolsSysdig
 
Coding in the context era
Coding in the context eraCoding in the context era
Coding in the context eralestrrat
 
Writing Well-Behaved Unix Utilities
Writing Well-Behaved Unix UtilitiesWriting Well-Behaved Unix Utilities
Writing Well-Behaved Unix UtilitiesRob Miller
 
Sharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей РыбакSharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей РыбакOntico
 
Docker
DockerDocker
DockerKamil Grabowski
 
From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'Matt Warren
 
The power of streams in node js
The power of streams in node jsThe power of streams in node js
The power of streams in node jsJawahar
 

Recomendados

Node collaboration - sharing information between your systems
Node collaboration - sharing information between your systemsNode collaboration - sharing information between your systems
Node collaboration - sharing information between your systemsm_richardson
 
Designing Tracing Tools
Designing Tracing ToolsDesigning Tracing Tools
Designing Tracing ToolsSysdig
 
Coding in the context era
Coding in the context eraCoding in the context era
Coding in the context eralestrrat
 
Writing Well-Behaved Unix Utilities
Writing Well-Behaved Unix UtilitiesWriting Well-Behaved Unix Utilities
Writing Well-Behaved Unix UtilitiesRob Miller
 
Sharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей РыбакSharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей РыбакOntico
 
Docker
DockerDocker
DockerKamil Grabowski
 
From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'Matt Warren
 
The power of streams in node js
The power of streams in node jsThe power of streams in node js
The power of streams in node jsJawahar
 
Project update - heat (up to pike-1)
Project update - heat (up to pike-1)Project update - heat (up to pike-1)
Project update - heat (up to pike-1)Rico Lin
 
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...Lucidworks
 
Trace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdminsTrace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdminsSysdig
 
My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016Alex Chistyakov
 
Heat project onboarding
Heat project onboardingHeat project onboarding
Heat project onboardingRico Lin
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is BuiltAnton Weiss
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by OctavioRowell Dionicio
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog PluginsRainer Gerhards
 
The Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI toolThe Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI toolIvo Jimenez
 
Redis深入浅出
Redis深入浅出Redis深入浅出
Redis深入浅出ruoyi ruan
 
OpenStack - heat on boarding
OpenStack - heat on boardingOpenStack - heat on boarding
OpenStack - heat on boardingRico Lin
 
Week1
Week1Week1
Week1reneedv
 
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)Ontico
 
Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2Matt Warren
 
Harry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of BerkeleyHarry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of BerkeleyAlex Chistyakov
 
Infrastructure as code might be literally impossible
Infrastructure as code might be literally impossibleInfrastructure as code might be literally impossible
Infrastructure as code might be literally impossibleice799
 
Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015lpgauth
 
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicumBsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicumScott Tsai
 
Node collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDBNode collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDBm_richardson
 
Building GUI App with Electron and Lisp
Building GUI App with Electron and LispBuilding GUI App with Electron and Lisp
Building GUI App with Electron and Lispfukamachi
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 

Más contenido relacionado

La actualidad más candente

Project update - heat (up to pike-1)
Project update - heat (up to pike-1)Project update - heat (up to pike-1)
Project update - heat (up to pike-1)Rico Lin
 
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...Lucidworks
 
Trace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdminsTrace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdminsSysdig
 
My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016Alex Chistyakov
 
Heat project onboarding
Heat project onboardingHeat project onboarding
Heat project onboardingRico Lin
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is BuiltAnton Weiss
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by OctavioRowell Dionicio
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog PluginsRainer Gerhards
 
The Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI toolThe Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI toolIvo Jimenez
 
Redis深入浅出
Redis深入浅出Redis深入浅出
Redis深入浅出ruoyi ruan
 
OpenStack - heat on boarding
OpenStack - heat on boardingOpenStack - heat on boarding
OpenStack - heat on boardingRico Lin
 
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)Ontico
 
Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2Matt Warren
 
Harry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of BerkeleyHarry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of BerkeleyAlex Chistyakov
 
Infrastructure as code might be literally impossible
Infrastructure as code might be literally impossibleInfrastructure as code might be literally impossible
Infrastructure as code might be literally impossibleice799
 
Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015lpgauth
 
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicumBsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicumScott Tsai
 
Node collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDBNode collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDBm_richardson
 
Building GUI App with Electron and Lisp
Building GUI App with Electron and LispBuilding GUI App with Electron and Lisp
Building GUI App with Electron and Lispfukamachi
 

La actualidad más candente (20)

Project update - heat (up to pike-1)
Project update - heat (up to pike-1)Project update - heat (up to pike-1)
Project update - heat (up to pike-1)
 
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
 
Trace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdminsTrace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdmins
 
My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016
 
Heat project onboarding
Heat project onboardingHeat project onboarding
Heat project onboarding
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is Built
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog Plugins
 
The Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI toolThe Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI tool
 
Redis深入浅出
Redis深入浅出Redis深入浅出
Redis深入浅出
 
OpenStack - heat on boarding
OpenStack - heat on boardingOpenStack - heat on boarding
OpenStack - heat on boarding
 
Week1
Week1Week1
Week1
 
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
 
Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2
 
Harry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of BerkeleyHarry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of Berkeley
 
Infrastructure as code might be literally impossible
Infrastructure as code might be literally impossibleInfrastructure as code might be literally impossible
Infrastructure as code might be literally impossible
 
Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015
 
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicumBsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
 
Node collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDBNode collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDB
 
Building GUI App with Electron and Lisp
Building GUI App with Electron and LispBuilding GUI App with Electron and Lisp
Building GUI App with Electron and Lisp
 

Similar a Logstash infrastructure log management

Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Luigi presentation NYC Data Science
Luigi presentation NYC Data ScienceLuigi presentation NYC Data Science
Luigi presentation NYC Data ScienceErik Bernhardsson
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.comRenzo Tomà
 
High performance json- postgre sql vs. mongodb
High performance json- postgre sql vs. mongodbHigh performance json- postgre sql vs. mongodb
High performance json- postgre sql vs. mongodbWei Shan Ang
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleDefconRussia
 
Security Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budgetSecurity Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budgetJuan Berner
 
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleIntroduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleJérôme Petazzoni
 
17 Linux Basics #burningkeyboards
17 Linux Basics #burningkeyboards17 Linux Basics #burningkeyboards
17 Linux Basics #burningkeyboardsDenis Ristic
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101APNIC
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Jérôme Petazzoni
 
Stripe CTF3 wrap-up
Stripe CTF3 wrap-upStripe CTF3 wrap-up
Stripe CTF3 wrap-upStripe
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
 

Similar a Logstash infrastructure log management (20)

Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Elastic search
Elastic searchElastic search
Elastic search
 
Luigi presentation NYC Data Science
Luigi presentation NYC Data ScienceLuigi presentation NYC Data Science
Luigi presentation NYC Data Science
 
Syslog.ppt
Syslog.pptSyslog.ppt
Syslog.ppt
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.com
 
High performance json- postgre sql vs. mongodb
High performance json- postgre sql vs. mongodbHigh performance json- postgre sql vs. mongodb
High performance json- postgre sql vs. mongodb
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in style
 
Zero mq logs
Zero mq logsZero mq logs
Zero mq logs
 
Security Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budgetSecurity Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budget
 
Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'
 
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleIntroduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
 
17 Linux Basics #burningkeyboards
17 Linux Basics #burningkeyboards17 Linux Basics #burningkeyboards
17 Linux Basics #burningkeyboards
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101
 
The Accidental DBA
The Accidental DBAThe Accidental DBA
The Accidental DBA
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)
 
Stripe CTF3 wrap-up
Stripe CTF3 wrap-upStripe CTF3 wrap-up
Stripe CTF3 wrap-up
 
Elk stack @inbot
Elk stack @inbotElk stack @inbot
Elk stack @inbot
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
 

Más de David Lutz

2014 devops conferences
2014 devops conferences2014 devops conferences
2014 devops conferencesDavid Lutz
 
Which watcher watches CloudWatch
Which watcher watches CloudWatch Which watcher watches CloudWatch
Which watcher watches CloudWatch David Lutz
 
antifragility - DevOps Melbourne November 2013
antifragility - DevOps Melbourne November 2013 antifragility - DevOps Melbourne November 2013
antifragility - DevOps Melbourne November 2013 David Lutz
 
Devops, Dungeons & Dragons
Devops, Dungeons & Dragons Devops, Dungeons & Dragons
Devops, Dungeons & Dragons David Lutz
 
Monitoring and metrics in the cloud
Monitoring and metrics in the cloudMonitoring and metrics in the cloud
Monitoring and metrics in the cloudDavid Lutz
 
Kanban thank you maam
Kanban thank you maamKanban thank you maam
Kanban thank you maamDavid Lutz
 

Más de David Lutz (7)

2014 devops conferences
2014 devops conferences2014 devops conferences
2014 devops conferences
 
Which watcher watches CloudWatch
Which watcher watches CloudWatch Which watcher watches CloudWatch
Which watcher watches CloudWatch
 
antifragility - DevOps Melbourne November 2013
antifragility - DevOps Melbourne November 2013 antifragility - DevOps Melbourne November 2013
antifragility - DevOps Melbourne November 2013
 
Devops, Dungeons & Dragons
Devops, Dungeons & Dragons Devops, Dungeons & Dragons
Devops, Dungeons & Dragons
 
Monitoring and metrics in the cloud
Monitoring and metrics in the cloudMonitoring and metrics in the cloud
Monitoring and metrics in the cloud
 
Graphite
GraphiteGraphite
Graphite
 
Kanban thank you maam
Kanban thank you maamKanban thank you maam
Kanban thank you maam
 

Último

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Logstash infrastructure log management

  • 2. What does logstash do? It does "stuff" with log files.
  • 3. Typical day (or night) in the life of a sysadmin... Something's wrong. Check the log files. How?
  • 7.
  • 8. Fine if you have one server. But what if you have 10 or 100 or 1000 for i in `seq 1 10` ; do ssh server$i blah blah; done cluster ssh Splunk perhaps? Problems with Splunk...
  • 9. 1.eats log files 2. digests data 3. spits it out into other apps
  • 10. inputs ● amqp ● drupal_dblog ● eventlog ● exec ● file ● ganglia ● gelf ● gemfire ● generator ● heroku ● irc ● log4j ● lumberjack ● pipe ● redis ● relp ● sqs ● stdin ● stomp ● syslog ● tcp ● twitter ● udp ● xmpp ● zenoss ● zeromq
  • 11. filters ● alter ● anonymize ● checksum ● csv ● date ● dns ● environment ● gelfify ● geoip ● grep ● grok ● grokdiscovery ● grokdiscovery ● json ● kv ● metrics ● multiline ● mutate ● noop ● split ● syslog_pri ● urldecode ● xml ● zeromq
  • 12. outputs ● amqp ● boundary ● circonus ● cloudwatch ● datadog ● elasticsearch ● elasticsearch_http ● elasticsearch_river ● email ● exec ● file ● ganglia ● gelf ● gemfire ● graphite ● graphtastic ● http ● internal ● irc ● juggernaut ● librato ● loggly ● lumberjack ● metriccatcher ● mongodb ● nagios ● nagios_nsca ● null ● opentsdb ● pagerduty ● pipe ● redis ● riak ● riemann ● sns ● sqs ● statsd ● stdout ● stomp ● syslog ● tcp ● websocket ● xmpp ● zabbix ● zeromq
  • 13. How to: install logstash wget http://logstash.objects. dreamhost.com/release/logstash- 1.1.9-monolithic.jar easy!
  • 14. How to: run logstash java -jar logstash-1.1.9-monolithic. jar agent -f logstash.conf -- web easy!
  • 15. How to: get some apache logs in input { tcp { type => "apache" port => 3333 } }
  • 16. How to: get some apache logs in tail -f /var/log/apache2/access.log | nc localhost 3333
  • 17. How to: digest the logs filter { grok { type => "apache" pattern => "%{COMBINEDAPACHELOG}" } date { type => "apache" timestamp => "dd/MMM/yyyy:HH:mm:ss Z" } }
  • 18. How to: output to elasticsearch output { elasticsearch { embedded => false } }
  • 19. How to: output to elasticsearch and graphite via statsd output { elasticsearch { embedded => false } statsd { increment => "apache.response.%{response}" } }