SlideShare ist ein Scribd-Unternehmen logo

Infrastructure coders logstash

David Lutz
David Lutz

Logstash is a tool for managing logs that allows users to collect logs from various sources, parse them, and output the data to multiple destinations. It provides inputs to collect logs from different systems, filters to parse and transform the log data, and outputs to send the data to places like Elasticsearch, Graphite, or other applications. The document provides examples of using Logstash to collect Apache logs, parse them using Grok filters, and output the results to Elasticsearch for searching and Graphite via StatsD for metrics.

Technologie
1 von 19
Downloaden Sie, um offline zu lesen
logstash Infrastructure Coders Melbourne April 2013 David Lutz @dlutzy
What does logstash do? It does "stuff" with log files.
Typical day (or night) in the life of a sysadmin... Something's wrong. Check the log files. How?
grep
cat grep sed awk tail sort
and pipes lots of pipes
Fine if you have one server. But what if you have 10 or 100 or 1000 for i in `seq 1 10` ; do ssh server$i blah blah; done cluster ssh Splunk perhaps? Problems with Splunk...
1.eats log files 2. digests data 3. spits it out into other apps
inputs ● amqp ● drupal_dblog ● eventlog ● exec ● file ● ganglia ● gelf ● gemfire ● generator ● heroku ● irc ● log4j ● lumberjack ● pipe ● redis ● relp ● sqs ● stdin ● stomp ● syslog ● tcp ● twitter ● udp ● xmpp ● zenoss ● zeromq
filters ● alter ● anonymize ● checksum ● csv ● date ● dns ● environment ● gelfify ● geoip ● grep ● grok ● grokdiscovery ● grokdiscovery ● json ● kv ● metrics ● multiline ● mutate ● noop ● split ● syslog_pri ● urldecode ● xml ● zeromq
outputs ● amqp ● boundary ● circonus ● cloudwatch ● datadog ● elasticsearch ● elasticsearch_http ● elasticsearch_river ● email ● exec ● file ● ganglia ● gelf ● gemfire ● graphite ● graphtastic ● http ● internal ● irc ● juggernaut ● librato ● loggly ● lumberjack ● metriccatcher ● mongodb ● nagios ● nagios_nsca ● null ● opentsdb ● pagerduty ● pipe ● redis ● riak ● riemann ● sns ● sqs ● statsd ● stdout ● stomp ● syslog ● tcp ● websocket ● xmpp ● zabbix ● zeromq
How to: install logstash wget http://logstash.objects. dreamhost.com/release/logstash- 1.1.9-monolithic.jar easy!
How to: run logstash java -jar logstash-1.1.9-monolithic. jar agent -f logstash.conf -- web easy!
How to: get some apache logs in input { tcp { type => "apache" port => 3333 } }
How to: get some apache logs in tail -f /var/log/apache2/access.log | nc localhost 3333
How to: digest the logs filter { grok { type => "apache" pattern => "%{COMBINEDAPACHELOG}" } date { type => "apache" timestamp => "dd/MMM/yyyy:HH:mm:ss Z" } }
How to: output to elasticsearch output { elasticsearch { embedded => false } }
How to: output to elasticsearch and graphite via statsd output { elasticsearch { embedded => false } statsd { increment => "apache.response.%{response}" } }

Empfohlen

Node collaboration - sharing information between your systems
Node collaboration - sharing information between your systemsNode collaboration - sharing information between your systems
Node collaboration - sharing information between your systems
m_richardson
 
Designing Tracing Tools
Designing Tracing ToolsDesigning Tracing Tools
Designing Tracing Tools
Sysdig
 
Coding in the context era
Coding in the context eraCoding in the context era
Coding in the context era
lestrrat
 
Writing Well-Behaved Unix Utilities
Writing Well-Behaved Unix UtilitiesWriting Well-Behaved Unix Utilities
Writing Well-Behaved Unix Utilities
Rob Miller
 
Sharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей РыбакSharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Ontico
 
Docker
DockerDocker
Docker
Kamil Grabowski
 
From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'
Matt Warren
 
The power of streams in node js
The power of streams in node jsThe power of streams in node js
The power of streams in node js
Jawahar
 

Empfohlen

Node collaboration - sharing information between your systems
Node collaboration - sharing information between your systemsNode collaboration - sharing information between your systems
Node collaboration - sharing information between your systems
m_richardson
 
Designing Tracing Tools
Designing Tracing ToolsDesigning Tracing Tools
Designing Tracing Tools
Sysdig
 
Coding in the context era
Coding in the context eraCoding in the context era
Coding in the context era
lestrrat
 
Writing Well-Behaved Unix Utilities
Writing Well-Behaved Unix UtilitiesWriting Well-Behaved Unix Utilities
Writing Well-Behaved Unix Utilities
Rob Miller
 
Sharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей РыбакSharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Sharding - patterns & antipatterns, Константин Осипов, Алексей Рыбак
Ontico
 
Docker
DockerDocker
Docker
Kamil Grabowski
 
From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'From 'dotnet run' to 'hello world'
From 'dotnet run' to 'hello world'
Matt Warren
 
The power of streams in node js
The power of streams in node jsThe power of streams in node js
The power of streams in node js
Jawahar
 
Project update - heat (up to pike-1)
Project update - heat (up to pike-1)Project update - heat (up to pike-1)
Project update - heat (up to pike-1)
Rico Lin
 
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
Lucidworks
 
Trace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdminsTrace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdmins
Sysdig
 
My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016
Alex Chistyakov
 
Heat project onboarding
Heat project onboardingHeat project onboarding
Heat project onboarding
Rico Lin
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is Built
Anton Weiss
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
Rowell Dionicio
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog Plugins
Rainer Gerhards
 
The Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI toolThe Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI tool
Ivo Jimenez
 
Redis深入浅出
Redis深入浅出Redis深入浅出
Redis深入浅出
ruoyi ruan
 
OpenStack - heat on boarding
OpenStack - heat on boardingOpenStack - heat on boarding
OpenStack - heat on boarding
Rico Lin
 
Week1
Week1Week1
Week1
reneedv
 
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
Ontico
 
Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2
Matt Warren
 
Harry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of BerkeleyHarry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of Berkeley
Alex Chistyakov
 
Infrastructure as code might be literally impossible
Infrastructure as code might be literally impossibleInfrastructure as code might be literally impossible
Infrastructure as code might be literally impossible
ice799
 
Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015
lpgauth
 
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicumBsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Scott Tsai
 
Node collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDBNode collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDB
m_richardson
 
Building GUI App with Electron and Lisp
Building GUI App with Electron and LispBuilding GUI App with Electron and Lisp
Building GUI App with Electron and Lisp
fukamachi
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
Tim Bunce
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
SmartLogic
 

Weitere ähnliche Inhalte

Was ist angesagt?

100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
Lucidworks
 
Redis深入浅出
Redis深入浅出Redis深入浅出
Redis深入浅出
ruoyi ruan
 

Was ist angesagt? (20)

Project update - heat (up to pike-1)
Project update - heat (up to pike-1)Project update - heat (up to pike-1)
Project update - heat (up to pike-1)
 
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
100 Billion Documents And Counting: Rebuilding Message Search at Slack - Josh...
 
Trace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdminsTrace everything, when APM meets SysAdmins
Trace everything, when APM meets SysAdmins
 
My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016My talk from PgConf.Russia 2016
My talk from PgConf.Russia 2016
 
Heat project onboarding
Heat project onboardingHeat project onboarding
Heat project onboarding
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is Built
 
Configuring Syslog by Octavio
Configuring Syslog by OctavioConfiguring Syslog by Octavio
Configuring Syslog by Octavio
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog Plugins
 
The Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI toolThe Popper Experimentation Protocol and CLI tool
The Popper Experimentation Protocol and CLI tool
 
Redis深入浅出
Redis深入浅出Redis深入浅出
Redis深入浅出
 
OpenStack - heat on boarding
OpenStack - heat on boardingOpenStack - heat on boarding
OpenStack - heat on boarding
 
Week1
Week1Week1
Week1
 
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
PostgreSQL @Alibaba Cloud / Xianming Dou (Alibaba Cloud)
 
Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2Performance is a feature! - Developer South Coast - part 2
Performance is a feature! - Developer South Coast - part 2
 
Harry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of BerkeleyHarry Potter and the Daemons of Berkeley
Harry Potter and the Daemons of Berkeley
 
Infrastructure as code might be literally impossible
Infrastructure as code might be literally impossibleInfrastructure as code might be literally impossible
Infrastructure as code might be literally impossible
 
Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015Debugging Complex Systems - Erlang Factory SF 2015
Debugging Complex Systems - Erlang Factory SF 2015
 
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicumBsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
Bsdtw17: mariusz zaborski: case studies of sandboxing base system with capsicum
 
Node collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDBNode collaboration - Exported Resources and PuppetDB
Node collaboration - Exported Resources and PuppetDB
 
Building GUI App with Electron and Lisp
Building GUI App with Electron and LispBuilding GUI App with Electron and Lisp
Building GUI App with Electron and Lisp
 

Ähnlich wie Infrastructure coders logstash

Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in style
DefconRussia
 
Security Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budgetSecurity Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budget
Juan Berner
 
Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'
BDPA Education and Technology Foundation
 

Ähnlich wie Infrastructure coders logstash (20)

Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Elastic search
Elastic searchElastic search
Elastic search
 
Luigi presentation NYC Data Science
Luigi presentation NYC Data ScienceLuigi presentation NYC Data Science
Luigi presentation NYC Data Science
 
Syslog.ppt
Syslog.pptSyslog.ppt
Syslog.ppt
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.com
 
High performance json- postgre sql vs. mongodb
High performance json- postgre sql vs. mongodbHigh performance json- postgre sql vs. mongodb
High performance json- postgre sql vs. mongodb
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Kettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in styleKettunen, miaubiz fuzzing at scale and in style
Kettunen, miaubiz fuzzing at scale and in style
 
Zero mq logs
Zero mq logsZero mq logs
Zero mq logs
 
Security Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budgetSecurity Monitoring for big Infrastructures without a Million Dollar budget
Security Monitoring for big Infrastructures without a Million Dollar budget
 
Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'
 
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleIntroduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
 
17 Linux Basics #burningkeyboards
17 Linux Basics #burningkeyboards17 Linux Basics #burningkeyboards
17 Linux Basics #burningkeyboards
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101
 
The Accidental DBA
The Accidental DBAThe Accidental DBA
The Accidental DBA
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)
 
Stripe CTF3 wrap-up
Stripe CTF3 wrap-upStripe CTF3 wrap-up
Stripe CTF3 wrap-up
 
Elk stack @inbot
Elk stack @inbotElk stack @inbot
Elk stack @inbot
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
 

Mehr von David Lutz

Monitoring and metrics in the cloud
Monitoring and metrics in the cloudMonitoring and metrics in the cloud
Monitoring and metrics in the cloud
David Lutz
 

Mehr von David Lutz (7)

2014 devops conferences
2014 devops conferences2014 devops conferences
2014 devops conferences
 
Which watcher watches CloudWatch
Which watcher watches CloudWatch Which watcher watches CloudWatch
Which watcher watches CloudWatch
 
antifragility - DevOps Melbourne November 2013
antifragility - DevOps Melbourne November 2013 antifragility - DevOps Melbourne November 2013
antifragility - DevOps Melbourne November 2013
 
Devops, Dungeons & Dragons
Devops, Dungeons & Dragons Devops, Dungeons & Dragons
Devops, Dungeons & Dragons
 
Monitoring and metrics in the cloud
Monitoring and metrics in the cloudMonitoring and metrics in the cloud
Monitoring and metrics in the cloud
 
Graphite
GraphiteGraphite
Graphite
 
Kanban thank you maam
Kanban thank you maamKanban thank you maam
Kanban thank you maam
 

Kürzlich hochgeladen

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Kürzlich hochgeladen (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Infrastructure coders logstash

  • 2. What does logstash do? It does "stuff" with log files.
  • 3. Typical day (or night) in the life of a sysadmin... Something's wrong. Check the log files. How?
  • 7.
  • 8. Fine if you have one server. But what if you have 10 or 100 or 1000 for i in `seq 1 10` ; do ssh server$i blah blah; done cluster ssh Splunk perhaps? Problems with Splunk...
  • 9. 1.eats log files 2. digests data 3. spits it out into other apps
  • 10. inputs ● amqp ● drupal_dblog ● eventlog ● exec ● file ● ganglia ● gelf ● gemfire ● generator ● heroku ● irc ● log4j ● lumberjack ● pipe ● redis ● relp ● sqs ● stdin ● stomp ● syslog ● tcp ● twitter ● udp ● xmpp ● zenoss ● zeromq
  • 11. filters ● alter ● anonymize ● checksum ● csv ● date ● dns ● environment ● gelfify ● geoip ● grep ● grok ● grokdiscovery ● grokdiscovery ● json ● kv ● metrics ● multiline ● mutate ● noop ● split ● syslog_pri ● urldecode ● xml ● zeromq
  • 12. outputs ● amqp ● boundary ● circonus ● cloudwatch ● datadog ● elasticsearch ● elasticsearch_http ● elasticsearch_river ● email ● exec ● file ● ganglia ● gelf ● gemfire ● graphite ● graphtastic ● http ● internal ● irc ● juggernaut ● librato ● loggly ● lumberjack ● metriccatcher ● mongodb ● nagios ● nagios_nsca ● null ● opentsdb ● pagerduty ● pipe ● redis ● riak ● riemann ● sns ● sqs ● statsd ● stdout ● stomp ● syslog ● tcp ● websocket ● xmpp ● zabbix ● zeromq
  • 13. How to: install logstash wget http://logstash.objects. dreamhost.com/release/logstash- 1.1.9-monolithic.jar easy!
  • 14. How to: run logstash java -jar logstash-1.1.9-monolithic. jar agent -f logstash.conf -- web easy!
  • 15. How to: get some apache logs in input { tcp { type => "apache" port => 3333 } }
  • 16. How to: get some apache logs in tail -f /var/log/apache2/access.log | nc localhost 3333
  • 17. How to: digest the logs filter { grok { type => "apache" pattern => "%{COMBINEDAPACHELOG}" } date { type => "apache" timestamp => "dd/MMM/yyyy:HH:mm:ss Z" } }
  • 18. How to: output to elasticsearch output { elasticsearch { embedded => false } }
  • 19. How to: output to elasticsearch and graphite via statsd output { elasticsearch { embedded => false } statsd { increment => "apache.response.%{response}" } }