SlideShare una empresa de Scribd logo

Application Logging With The ELK Stack

B
benwaine

Slides from my talk "Application Logging With The ELK Stack"

Tecnología
1 de 42
Descargar para leer sin conexión
Application Logging With The ELK Stack @bwaine - #DPC15 Monday, 29 June 15
2 Ben Andersen-Waine Software Engineer Contractor Deployed ELK To Prod Numerous Times Monday, 29 June 15
Logging? Monday, 29 June 15
System Logs Monday, 29 June 15
5 Monday, 29 June 15
Application Log Monday, 29 June 15
Debug Information - Errors (connections, uncaught exceptions, resource exhaustion) Narrative Information - Methods Calls, Event Triggers Business Events - Purchases, Logins, Registrations, Unsubscribes 7 Application Log Monday, 29 June 15
ssh webserver@mydomain.net tail -f /var/log/nginx/my-site.access.log tail -f /var/log/my.application.log ssh data@mydomain.net tail -f /var/log/mysql/mysql.log ssh q@mydomain.net tail -f /var/log/rabbitmq/nodename.log 8 Keeping Track Of All This.... Monday, 29 June 15
9 The Elk Stack Monday, 29 June 15
Monday, 29 June 15
1) Monolog 2) Everything else.... 11 PHP Logging Tools Monday, 29 June 15
1) Monolog: Loggers And Handlers 2) Monolog:Tags & Formatters 3) Logging business events 12 Basic Logging Examples Monday, 29 June 15
use MonologLogger; use MonologHandlerFingersCrossedHandler; use MonologHandlerStreamHandler; $logEnv = getenv('LOG_LEVEL'); $level = empty($logLevel) ? $logEnv : Logger::WARNING; $appLog = new Logger('AppLog'); $strHandler = new StreamHandler('/var/log/app.log', Logger::DEBUG); $fcHandler = new FingersCrossedHandler($strHandler, $level); $appLog−>pushHandler($fcHandler); $appLog−>debug('LOGGING!'); EG1: Loggers And Handlers 13 Monday, 29 June 15
// Set A Log Level $logEnv = getenv('LOG_LEVEL'); $level = empty($logLevel) ? $logEnv : Logger::WARNING; // Create A Logger $appLog = new Logger('AppLog'); 14 Monday, 29 June 15
$strHandler = new StreamHandler('/var/log/app.log', Logger::DEBUG); $fcHandler = new FingersCrossedHandler($strHandler, $level); // Create Handlers $appLog−>pushHandler($fcHandler); $appLog−>debug('Start Logging!'); $appLog−>emergency('Something Terrible Happened'); // Push The Handler And Start Logging 15 Monday, 29 June 15
EG 2:Tagging Formatting $appLog = new Logger('AppLog'); $strHandler = new StreamHandler('/var/lg.lg', $level); $formatter = new LogstashFormatter("helloapp", "application"); $strHandler−>setFormatter($formatter); $appLog−>pushHandler($strHandler)); $id = $_SERVER('X_VARNISH'); $tag = new TagProcessor(['request−id' => $id]) $appLog−>pushProcessor($tag); $appLog−>debug("LOGGING!"); 16 Monday, 29 June 15
// Create A Logger $appLog = new Logger('AppLog'); $strHandler = new StreamHandler('/var/lg.lg', $level); $formatter = new LogstashFormatter("helloapp", "app"); // Create A Handler & Formatter // Set Formatter Onto Handler $strHandler−>setFormatter($formatter); $appLog−>pushHandler($strHandler)); //Push Handler Onto Logger 17 Monday, 29 June 15
$id = $_SERVER('X_VARNISH'); $tag = new TagProcessor(['request−id' => $id]) $appLog−>pushProcessor($tag); $appLog−>debug("LOGGING!"); // Capture A Unique Id, Create A Tag Processor, Push 18 Monday, 29 June 15
2009 - RFC 5424 - Syslog Protocol Code / Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages https://tools.ietf.org/html/rfc5424 19 Log Levels Monday, 29 June 15
2013 - PSR03 - PHP Logging Interface Standard http://www.php-fig.org/psr/psr-3/ 20 PSR3 Monday, 29 June 15
EG 3: Event Logging use MonologLogger; use SymfonyComponentEventDispatcherEventDispatcher; $dispatcher = new EventDispatcher(); $dispatcher−>addListener( "business.registration.post", function () use ($busLog) { $busLog−>info("Customer registered"); } ); $dispatcher−>dispatch("business.registration.post"); Monday, 29 June 15
Logstash Architecture 1. Logstash Shipper ships logs to logstash 2. Logstash processes them 3. Logstash Inserts Into Elastic Search 4. Kibana exposes a web interface to Elastic Search data Monday, 29 June 15
Logstash Architecture Monday, 29 June 15
Why not rate the talk now BEFORE the demo? 24 https://joind.in/talk/view/14235 Monday, 29 June 15
ELK Demo 25 1) Discover Data (search / diagnose) 2)Visualize Data 3) Produce A Dashboard 4) Demonstrate ‘the new hotness’ of Kibana 4 Monday, 29 June 15
26 https://github.com/LoveSoftware/ getting-started-with-the-elk-stack Monday, 29 June 15
Monday, 29 June 15
Monday, 29 June 15
Monday, 29 June 15
Monday, 29 June 15
Logstash Config 31 Monday, 29 June 15
Logstash Collecting { "network": { "servers": [ "logs.logstashdemo.com:5000" ], "timeout": 15, "ssl ca": "/etc/pki/tls/certs/logstash−forwarder.crt" }, "files": [ { "paths": [ "/var/log/nginx/helloapp.access.log" ], "fields": { "type": "nginx−access" } } ] } 32 Monday, 29 June 15
Logstash Processing input { lumberjack { port => 5000 ssl_certificate => "/etc/pki/tls/certs/logstash−forwarder.crt" ssl_key => "/etc/pki/tls/private/logstash−forwarder.key" } } Input 33 Monday, 29 June 15
Logstash Processing Filtering filter { if [type] == "nginx−access" { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } date { match => [ "logdate", "dd/MMM/yyyy:HH:mm:ss Z" ] } } } 34 Monday, 29 June 15
Logstash Processing Output output { elasticsearch { host => localhost } } 35 Monday, 29 June 15
Groking grok { match => { "message" => "%{COMBINEDAPACHELOG}" } } https://github.com/elasticsearch/logstash/blob/v1.4.2/patterns/grok-patterns http://grokdebug.herokuapp.com/ 55.3.244.1 GET /index.html 15824 0.043 %{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration} Monday, 29 June 15
37 Hey Ben.... Have you got time for that gratuitously flashy geo data demo? Monday, 29 June 15
Monday, 29 June 15
Logging Ideas Release Marker Error rates of various applications over time Latency in various percentiles of each application tier HTTP Responses: 400 series responses HTTP Responses: 500 series responses Auto git blame production errors Auth and Syslogs 39 Monday, 29 June 15
Go Forth And Log.... BUT Remember log rotation Beware running out of space Beware file logging on NFS 40 Monday, 29 June 15
Questions? 41 Monday, 29 June 15
https://joind.in/talk/view/14235 42 Monday, 29 June 15

Recomendados

Application Logging With Logstash
Application Logging With LogstashApplication Logging With Logstash
Application Logging With Logstashbenwaine
 
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeJames Turnbull
 
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and ElasticsearchFrom zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and ElasticsearchRafał Kuć
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaAlejandro E Brito Monedero
 
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Puppet
 
Elastic stack
Elastic stackElastic stack
Elastic stackMinsoo Jun
 
Deploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetDeploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetColin Brown
 
Webscraping with asyncio
Webscraping with asyncioWebscraping with asyncio
Webscraping with asyncioJose Manuel Ortega Candel
 

Recomendados

Application Logging With Logstash
Application Logging With LogstashApplication Logging With Logstash
Application Logging With Logstashbenwaine
 
LogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeLogStash - Yes, logging can be awesome
LogStash - Yes, logging can be awesomeJames Turnbull
 
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and ElasticsearchFrom zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and ElasticsearchRafał Kuć
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaAlejandro E Brito Monedero
 
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014
Got Logs? Get Answers with Elasticsearch ELK - PuppetConf 2014Puppet
 
Elastic stack
Elastic stackElastic stack
Elastic stackMinsoo Jun
 
Deploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetDeploying E.L.K stack w Puppet
Deploying E.L.K stack w PuppetColin Brown
 
Webscraping with asyncio
Webscraping with asyncioWebscraping with asyncio
Webscraping with asyncioJose Manuel Ortega Candel
 
Asynchronous PHP and Real-time Messaging
Asynchronous PHP and Real-time MessagingAsynchronous PHP and Real-time Messaging
Asynchronous PHP and Real-time MessagingSteve Rhoades
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQ
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQRealtime Analytics Using MongoDB, Python, Gevent, and ZeroMQ
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQRick Copeland
 
Web::Scraper
Web::ScraperWeb::Scraper
Web::ScraperTatsuhiko Miyagawa
 
Android and REST
Android and RESTAndroid and REST
Android and RESTRoman Woźniak
 
Real-time search in Drupal with Elasticsearch @Moldcamp
Real-time search in Drupal with Elasticsearch @MoldcampReal-time search in Drupal with Elasticsearch @Moldcamp
Real-time search in Drupal with Elasticsearch @MoldcampAlexei Gorobets
 
Designing net-aws-glacier
Designing net-aws-glacierDesigning net-aws-glacier
Designing net-aws-glacierWorkhorse Computing
 
Dancing with websocket
Dancing with websocketDancing with websocket
Dancing with websocketDamien Krotkine
 
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppet
 
Real-time search in Drupal. Meet Elasticsearch
Real-time search in Drupal. Meet ElasticsearchReal-time search in Drupal. Meet Elasticsearch
Real-time search in Drupal. Meet ElasticsearchAlexei Gorobets
 
PuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppet
 
When dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniquesWhen dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniquesWim Godden
 
Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse YourselfNorberto Leite
 
Don’t turn your logs into cuneiform
Don’t turn your logs into cuneiformDon’t turn your logs into cuneiform
Don’t turn your logs into cuneiformAndrey Rebrov
 
Caching Up and Down the Stack
Caching Up and Down the StackCaching Up and Down the Stack
Caching Up and Down the StackDan Kuebrich
 
TDC2016SP - Trilha DevOps Java
TDC2016SP - Trilha DevOps JavaTDC2016SP - Trilha DevOps Java
TDC2016SP - Trilha DevOps Javatdc-globalcode
 
N hidden gems in forge (as of may '17)
N hidden gems in forge (as of may '17)N hidden gems in forge (as of may '17)
N hidden gems in forge (as of may '17)Woonsan Ko
 
AnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webAnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webclkao
 
React for Beginners
React for BeginnersReact for Beginners
React for BeginnersDerek Willian Stavis
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Zabbix
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoringVinay Krishna
 
Integrando Redis en aplicaciones Symfony2
Integrando Redis en aplicaciones Symfony2Integrando Redis en aplicaciones Symfony2
Integrando Redis en aplicaciones Symfony2Ronny López
 

Más contenido relacionado

La actualidad más candente

Asynchronous PHP and Real-time Messaging
Asynchronous PHP and Real-time MessagingAsynchronous PHP and Real-time Messaging
Asynchronous PHP and Real-time MessagingSteve Rhoades
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQ
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQRealtime Analytics Using MongoDB, Python, Gevent, and ZeroMQ
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQRick Copeland
 
Real-time search in Drupal with Elasticsearch @Moldcamp
Real-time search in Drupal with Elasticsearch @MoldcampReal-time search in Drupal with Elasticsearch @Moldcamp
Real-time search in Drupal with Elasticsearch @MoldcampAlexei Gorobets
 
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppet
 
Real-time search in Drupal. Meet Elasticsearch
Real-time search in Drupal. Meet ElasticsearchReal-time search in Drupal. Meet Elasticsearch
Real-time search in Drupal. Meet ElasticsearchAlexei Gorobets
 
PuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppet
 
When dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniquesWhen dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniquesWim Godden
 
Don’t turn your logs into cuneiform
Don’t turn your logs into cuneiformDon’t turn your logs into cuneiform
Don’t turn your logs into cuneiformAndrey Rebrov
 
Caching Up and Down the Stack
Caching Up and Down the StackCaching Up and Down the Stack
Caching Up and Down the StackDan Kuebrich
 
TDC2016SP - Trilha DevOps Java
TDC2016SP - Trilha DevOps JavaTDC2016SP - Trilha DevOps Java
TDC2016SP - Trilha DevOps Javatdc-globalcode
 
N hidden gems in forge (as of may '17)
N hidden gems in forge (as of may '17)N hidden gems in forge (as of may '17)
N hidden gems in forge (as of may '17)Woonsan Ko
 
AnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webAnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webclkao
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Zabbix
 

La actualidad más candente (20)

Asynchronous PHP and Real-time Messaging
Asynchronous PHP and Real-time MessagingAsynchronous PHP and Real-time Messaging
Asynchronous PHP and Real-time Messaging
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQ
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQRealtime Analytics Using MongoDB, Python, Gevent, and ZeroMQ
Realtime Analytics Using MongoDB, Python, Gevent, and ZeroMQ
 
Web::Scraper
Web::ScraperWeb::Scraper
Web::Scraper
 
Android and REST
Android and RESTAndroid and REST
Android and REST
 
Real-time search in Drupal with Elasticsearch @Moldcamp
Real-time search in Drupal with Elasticsearch @MoldcampReal-time search in Drupal with Elasticsearch @Moldcamp
Real-time search in Drupal with Elasticsearch @Moldcamp
 
Designing net-aws-glacier
Designing net-aws-glacierDesigning net-aws-glacier
Designing net-aws-glacier
 
Dancing with websocket
Dancing with websocketDancing with websocket
Dancing with websocket
 
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
 
Real-time search in Drupal. Meet Elasticsearch
Real-time search in Drupal. Meet ElasticsearchReal-time search in Drupal. Meet Elasticsearch
Real-time search in Drupal. Meet Elasticsearch
 
PuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbqueryPuppetDB, Puppet Explorer and puppetdbquery
PuppetDB, Puppet Explorer and puppetdbquery
 
When dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniquesWhen dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniques
 
Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse Yourself
 
Don’t turn your logs into cuneiform
Don’t turn your logs into cuneiformDon’t turn your logs into cuneiform
Don’t turn your logs into cuneiform
 
Caching Up and Down the Stack
Caching Up and Down the StackCaching Up and Down the Stack
Caching Up and Down the Stack
 
TDC2016SP - Trilha DevOps Java
TDC2016SP - Trilha DevOps JavaTDC2016SP - Trilha DevOps Java
TDC2016SP - Trilha DevOps Java
 
N hidden gems in forge (as of may '17)
N hidden gems in forge (as of may '17)N hidden gems in forge (as of may '17)
N hidden gems in forge (as of may '17)
 
AnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time webAnyMQ, Hippie, and the real-time web
AnyMQ, Hippie, and the real-time web
 
React for Beginners
React for BeginnersReact for Beginners
React for Beginners
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
 

Destacado

Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoringVinay Krishna
 
Integrando Redis en aplicaciones Symfony2
Integrando Redis en aplicaciones Symfony2Integrando Redis en aplicaciones Symfony2
Integrando Redis en aplicaciones Symfony2Ronny López
 
Fluentd and PHP
Fluentd and PHPFluentd and PHP
Fluentd and PHPchobi e
 
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & ElasticsearchFrom Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & ElasticsearchSematext Group, Inc.
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 

Destacado (6)

Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
 
Integrando Redis en aplicaciones Symfony2
Integrando Redis en aplicaciones Symfony2Integrando Redis en aplicaciones Symfony2
Integrando Redis en aplicaciones Symfony2
 
Fluentd and PHP
Fluentd and PHPFluentd and PHP
Fluentd and PHP
 
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & ElasticsearchFrom Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
 
Fluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log ManagementFluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log Management
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & Kibana
 

Similar a Application Logging With The ELK Stack

Lone StarPHP 2013 - Building Web Apps from a New Angle
Lone StarPHP 2013 - Building Web Apps from a New AngleLone StarPHP 2013 - Building Web Apps from a New Angle
Lone StarPHP 2013 - Building Web Apps from a New AnglePablo Godel
 
Best Practices in Handling Performance Issues
Best Practices in Handling Performance IssuesBest Practices in Handling Performance Issues
Best Practices in Handling Performance IssuesOdoo
 
Keeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro frameworkKeeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro frameworkJeremy Kendall
 
Tek 2013 - Building Web Apps from a New Angle with AngularJS
Tek 2013 - Building Web Apps from a New Angle with AngularJSTek 2013 - Building Web Apps from a New Angle with AngularJS
Tek 2013 - Building Web Apps from a New Angle with AngularJSPablo Godel
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logsStefan Krawczyk
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsGraham Dumpleton
 
How to automate all your SEO projects
How to automate all your SEO projectsHow to automate all your SEO projects
How to automate all your SEO projectsVincent Terrasi
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub ActionsBo-Yi Wu
 
Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2PgTraining
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Puppet
 
Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)
Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)
Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)Cyrille Le Clerc
 
Monitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineMonitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineWooga
 
Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)Wooga
 
Divolte Collector - meetup presentation
Divolte Collector - meetup presentationDivolte Collector - meetup presentation
Divolte Collector - meetup presentationfvanvollenhoven
 
Splunk's api how we built it
Splunk's api how we built itSplunk's api how we built it
Splunk's api how we built itGlenn Block
 
Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)Yuriy Senko
 
Como encontrar uma agulha num palheiro de logs
Como encontrar uma agulha num palheiro de logsComo encontrar uma agulha num palheiro de logs
Como encontrar uma agulha num palheiro de logsDickson S. Guedes
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 

Similar a Application Logging With The ELK Stack (20)

Lone StarPHP 2013 - Building Web Apps from a New Angle
Lone StarPHP 2013 - Building Web Apps from a New AngleLone StarPHP 2013 - Building Web Apps from a New Angle
Lone StarPHP 2013 - Building Web Apps from a New Angle
 
Best Practices in Handling Performance Issues
Best Practices in Handling Performance IssuesBest Practices in Handling Performance Issues
Best Practices in Handling Performance Issues
 
Keeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro frameworkKeeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro framework
 
Tek 2013 - Building Web Apps from a New Angle with AngularJS
Tek 2013 - Building Web Apps from a New Angle with AngularJSTek 2013 - Building Web Apps from a New Angle with AngularJS
Tek 2013 - Building Web Apps from a New Angle with AngularJS
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logs
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web Applications
 
How to automate all your SEO projects
How to automate all your SEO projectsHow to automate all your SEO projects
How to automate all your SEO projects
 
Puppi. Puppet strings to the shell
Puppi. Puppet strings to the shellPuppi. Puppet strings to the shell
Puppi. Puppet strings to the shell
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub Actions
 
Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
 
Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)
Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)
Open Source Monitoring for Java with JMX and Graphite (GeeCON 2013)
 
Monitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineMonitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachine
 
Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)
 
Divolte Collector - meetup presentation
Divolte Collector - meetup presentationDivolte Collector - meetup presentation
Divolte Collector - meetup presentation
 
Splunk's api how we built it
Splunk's api how we built itSplunk's api how we built it
Splunk's api how we built it
 
Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)
 
Como encontrar uma agulha num palheiro de logs
Como encontrar uma agulha num palheiro de logsComo encontrar uma agulha num palheiro de logs
Como encontrar uma agulha num palheiro de logs
 
A false digital alibi on mac os x
A false digital alibi on mac os xA false digital alibi on mac os x
A false digital alibi on mac os x
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 

Más de benwaine

DPC 2016 - 53 Minutes or Less - Architecting For Failure
DPC 2016 - 53 Minutes or Less - Architecting For FailureDPC 2016 - 53 Minutes or Less - Architecting For Failure
DPC 2016 - 53 Minutes or Less - Architecting For Failurebenwaine
 
The Road To Technical Team Lead
The Road To Technical Team LeadThe Road To Technical Team Lead
The Road To Technical Team Leadbenwaine
 
PHPNW14 - Getting Started With AWS
PHPNW14 - Getting Started With AWSPHPNW14 - Getting Started With AWS
PHPNW14 - Getting Started With AWSbenwaine
 
Business selectors
Business selectorsBusiness selectors
Business selectorsbenwaine
 
The Art Of Application Logging PHPNW12
The Art Of Application Logging PHPNW12The Art Of Application Logging PHPNW12
The Art Of Application Logging PHPNW12benwaine
 
Behat dpc12
Behat dpc12Behat dpc12
Behat dpc12benwaine
 
Acceptance & Integration Testing With Behat (PBC11)
Acceptance & Integration Testing With Behat (PBC11)Acceptance & Integration Testing With Behat (PBC11)
Acceptance & Integration Testing With Behat (PBC11)benwaine
 
Acceptance & Integration Testing With Behat (PHPNw2011)
Acceptance & Integration Testing With Behat (PHPNw2011)Acceptance & Integration Testing With Behat (PHPNw2011)
Acceptance & Integration Testing With Behat (PHPNw2011)benwaine
 
Say no to var_dump
Say no to var_dumpSay no to var_dump
Say no to var_dumpbenwaine
 

Más de benwaine (9)

DPC 2016 - 53 Minutes or Less - Architecting For Failure
DPC 2016 - 53 Minutes or Less - Architecting For FailureDPC 2016 - 53 Minutes or Less - Architecting For Failure
DPC 2016 - 53 Minutes or Less - Architecting For Failure
 
The Road To Technical Team Lead
The Road To Technical Team LeadThe Road To Technical Team Lead
The Road To Technical Team Lead
 
PHPNW14 - Getting Started With AWS
PHPNW14 - Getting Started With AWSPHPNW14 - Getting Started With AWS
PHPNW14 - Getting Started With AWS
 
Business selectors
Business selectorsBusiness selectors
Business selectors
 
The Art Of Application Logging PHPNW12
The Art Of Application Logging PHPNW12The Art Of Application Logging PHPNW12
The Art Of Application Logging PHPNW12
 
Behat dpc12
Behat dpc12Behat dpc12
Behat dpc12
 
Acceptance & Integration Testing With Behat (PBC11)
Acceptance & Integration Testing With Behat (PBC11)Acceptance & Integration Testing With Behat (PBC11)
Acceptance & Integration Testing With Behat (PBC11)
 
Acceptance & Integration Testing With Behat (PHPNw2011)
Acceptance & Integration Testing With Behat (PHPNw2011)Acceptance & Integration Testing With Behat (PHPNw2011)
Acceptance & Integration Testing With Behat (PHPNw2011)
 
Say no to var_dump
Say no to var_dumpSay no to var_dump
Say no to var_dump
 

Último

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Último (20)

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Application Logging With The ELK Stack

  • 1. Application Logging With The ELK Stack @bwaine - #DPC15 Monday, 29 June 15
  • 2. 2 Ben Andersen-Waine Software Engineer Contractor Deployed ELK To Prod Numerous Times Monday, 29 June 15
  • 7. Debug Information - Errors (connections, uncaught exceptions, resource exhaustion) Narrative Information - Methods Calls, Event Triggers Business Events - Purchases, Logins, Registrations, Unsubscribes 7 Application Log Monday, 29 June 15
  • 8. ssh webserver@mydomain.net tail -f /var/log/nginx/my-site.access.log tail -f /var/log/my.application.log ssh data@mydomain.net tail -f /var/log/mysql/mysql.log ssh q@mydomain.net tail -f /var/log/rabbitmq/nodename.log 8 Keeping Track Of All This.... Monday, 29 June 15
  • 11. 1) Monolog 2) Everything else.... 11 PHP Logging Tools Monday, 29 June 15
  • 12. 1) Monolog: Loggers And Handlers 2) Monolog:Tags & Formatters 3) Logging business events 12 Basic Logging Examples Monday, 29 June 15
  • 13. use MonologLogger; use MonologHandlerFingersCrossedHandler; use MonologHandlerStreamHandler; $logEnv = getenv('LOG_LEVEL'); $level = empty($logLevel) ? $logEnv : Logger::WARNING; $appLog = new Logger('AppLog'); $strHandler = new StreamHandler('/var/log/app.log', Logger::DEBUG); $fcHandler = new FingersCrossedHandler($strHandler, $level); $appLog−>pushHandler($fcHandler); $appLog−>debug('LOGGING!'); EG1: Loggers And Handlers 13 Monday, 29 June 15
  • 14. // Set A Log Level $logEnv = getenv('LOG_LEVEL'); $level = empty($logLevel) ? $logEnv : Logger::WARNING; // Create A Logger $appLog = new Logger('AppLog'); 14 Monday, 29 June 15
  • 15. $strHandler = new StreamHandler('/var/log/app.log', Logger::DEBUG); $fcHandler = new FingersCrossedHandler($strHandler, $level); // Create Handlers $appLog−>pushHandler($fcHandler); $appLog−>debug('Start Logging!'); $appLog−>emergency('Something Terrible Happened'); // Push The Handler And Start Logging 15 Monday, 29 June 15
  • 16. EG 2:Tagging Formatting $appLog = new Logger('AppLog'); $strHandler = new StreamHandler('/var/lg.lg', $level); $formatter = new LogstashFormatter("helloapp", "application"); $strHandler−>setFormatter($formatter); $appLog−>pushHandler($strHandler)); $id = $_SERVER('X_VARNISH'); $tag = new TagProcessor(['request−id' => $id]) $appLog−>pushProcessor($tag); $appLog−>debug("LOGGING!"); 16 Monday, 29 June 15
  • 17. // Create A Logger $appLog = new Logger('AppLog'); $strHandler = new StreamHandler('/var/lg.lg', $level); $formatter = new LogstashFormatter("helloapp", "app"); // Create A Handler & Formatter // Set Formatter Onto Handler $strHandler−>setFormatter($formatter); $appLog−>pushHandler($strHandler)); //Push Handler Onto Logger 17 Monday, 29 June 15
  • 18. $id = $_SERVER('X_VARNISH'); $tag = new TagProcessor(['request−id' => $id]) $appLog−>pushProcessor($tag); $appLog−>debug("LOGGING!"); // Capture A Unique Id, Create A Tag Processor, Push 18 Monday, 29 June 15
  • 19. 2009 - RFC 5424 - Syslog Protocol Code / Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages https://tools.ietf.org/html/rfc5424 19 Log Levels Monday, 29 June 15
  • 20. 2013 - PSR03 - PHP Logging Interface Standard http://www.php-fig.org/psr/psr-3/ 20 PSR3 Monday, 29 June 15
  • 21. EG 3: Event Logging use MonologLogger; use SymfonyComponentEventDispatcherEventDispatcher; $dispatcher = new EventDispatcher(); $dispatcher−>addListener( "business.registration.post", function () use ($busLog) { $busLog−>info("Customer registered"); } ); $dispatcher−>dispatch("business.registration.post"); Monday, 29 June 15
  • 22. Logstash Architecture 1. Logstash Shipper ships logs to logstash 2. Logstash processes them 3. Logstash Inserts Into Elastic Search 4. Kibana exposes a web interface to Elastic Search data Monday, 29 June 15
  • 24. Why not rate the talk now BEFORE the demo? 24 https://joind.in/talk/view/14235 Monday, 29 June 15
  • 25. ELK Demo 25 1) Discover Data (search / diagnose) 2)Visualize Data 3) Produce A Dashboard 4) Demonstrate ‘the new hotness’ of Kibana 4 Monday, 29 June 15
  • 32. Logstash Collecting { "network": { "servers": [ "logs.logstashdemo.com:5000" ], "timeout": 15, "ssl ca": "/etc/pki/tls/certs/logstash−forwarder.crt" }, "files": [ { "paths": [ "/var/log/nginx/helloapp.access.log" ], "fields": { "type": "nginx−access" } } ] } 32 Monday, 29 June 15
  • 33. Logstash Processing input { lumberjack { port => 5000 ssl_certificate => "/etc/pki/tls/certs/logstash−forwarder.crt" ssl_key => "/etc/pki/tls/private/logstash−forwarder.key" } } Input 33 Monday, 29 June 15
  • 34. Logstash Processing Filtering filter { if [type] == "nginx−access" { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } date { match => [ "logdate", "dd/MMM/yyyy:HH:mm:ss Z" ] } } } 34 Monday, 29 June 15
  • 35. Logstash Processing Output output { elasticsearch { host => localhost } } 35 Monday, 29 June 15
  • 36. Groking grok { match => { "message" => "%{COMBINEDAPACHELOG}" } } https://github.com/elasticsearch/logstash/blob/v1.4.2/patterns/grok-patterns http://grokdebug.herokuapp.com/ 55.3.244.1 GET /index.html 15824 0.043 %{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration} Monday, 29 June 15
  • 37. 37 Hey Ben.... Have you got time for that gratuitously flashy geo data demo? Monday, 29 June 15
  • 39. Logging Ideas Release Marker Error rates of various applications over time Latency in various percentiles of each application tier HTTP Responses: 400 series responses HTTP Responses: 500 series responses Auto git blame production errors Auth and Syslogs 39 Monday, 29 June 15
  • 40. Go Forth And Log.... BUT Remember log rotation Beware running out of space Beware file logging on NFS 40 Monday, 29 June 15