Time Series Database and Tick Stack
Die SlideShare-Präsentation wird heruntergeladen.
×
![@nicolas_frankel
2018-12-17 13:56:54.906 INFO 1
--- [ restartedMain]
c.e.configmgmt.demo.DemoApplica
tion : Started
DemoAp...](https://image.slidesharecdn.com/fastlogsingestionbynicolasfraenkel-191113130615/75/osmc-2019-fast-logs-ingestion-by-nicolas-fraenkel-18-2048.jpg?cb=1673413515)
![@nicolas_frankel
{
"date": [[ "18-12-17" ]],
"MONTHDAY": [[ "18" ]],
"MONTHNUM": [[ "12" ]],
"YEAR": [[ "17" ]],
"time": [...](https://image.slidesharecdn.com/fastlogsingestionbynicolasfraenkel-191113130615/75/osmc-2019-fast-logs-ingestion-by-nicolas-fraenkel-19-2048.jpg?cb=1673413515)
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Ähnlich wie OSMC 2019 | Fast logs Ingestion by Nicolas Fraenkel (20)
Aktuellste (20)
OSMC 2019 | Fast logs Ingestion by Nicolas Fraenkel
- 1. @nicolas_frankel Fast Logs Management
- 2. @nicolas_frankel • Developer, team lead, architect, whatever it takes • Recently Developer Advocate • Interested in DevOps Me, myself and I
- 3. @nicolas_frankel Hazelcast HAZELCAST IMDG is an operational, in-memory, distributed computing platform that manages data using in-memory storage, and performs parallel execution for breakthrough application speed and scale. HAZELCAST JET is the ultra fast, application embeddable, 3rd generation stream processing engine for low latency batch and stream processing.
- 4. @nicolas_frankel The root of all evil LOGGER.debug( "Cart price is now {}", cart.getPrice())
- 5. @nicolas_frankel • SSD vs. HDD vs. NFS • It takes time to actually write to a file We are bound to the physical world...
- 6. @nicolas_frankel 1. Open the stream 2. Write bytes 3. Close the stream Writing the stream
- 7. @nicolas_frankel • By default, logging is blocking • Most frameworks allow asynchronous logging Synchronous vs. asynchronous logging
- 8. @nicolas_frankel <configuration> <appender name="FILE" class="c.q.l.core.FileAppender"> <file>myapp.log</file> <encoder> <pattern>%logger{35} - %msg%n</pattern> </encoder> </appender> <appender name="ASYNC" class="c.q.l.classic.AsyncAppender"> <appender-ref ref="FILE" /> </appender> <root level="DEBUG"> <appender-ref ref="ASYNC" /> </root> </configuration> A sample configuration
- 9. @nicolas_frankel • Queue size • Discarding threshold • Never blocks: • Drop messages vs block Example: Logback configuration
- 10. @nicolas_frankel • Timestamp • Log level • Thread name • Class name • Method name • Line number in the file • etc. Associated meta-data
- 11. @nicolas_frankel • e.g. line number • Better not compute it • Then, writing it explicitly might be wrong Some metadata is expensive to get
- 12. @nicolas_frankel • Logs by themselves are useless • Centralized Logging Pattern • Elasticsearch • Splunk • Graylog Logs aggregation
- 13. @nicolas_frankel • File • Host/IP • Environment • e.g. “DEV” vs “PROD” • Cloud zone • etc. Additional metadata
- 14. @nicolas_frankel • Logs are not the end! • Searches are: • “Find me all the logs that happened yesterday on JVMs in PROD” Searching in logs
- 15. @nicolas_frankel On read vs. on write Schema
- 16. @nicolas_frankel • Filebeat • Read log files • Logstash • Parsing of log messages Example architecture: the Elastic Stack
- 17. @nicolas_frankel
- 18. @nicolas_frankel 2018-12-17 13:56:54.906 INFO 1 --- [ restartedMain] c.e.configmgmt.demo.DemoApplica tion : Started DemoApplication in 3.833 seconds (JVM running for 4.303) Sample output
- 19. @nicolas_frankel { "date": [[ "18-12-17" ]], "MONTHDAY": [[ "18" ]], "MONTHNUM": [[ "12" ]], "YEAR": [[ "17" ]], "time": [[ "13:56:54.906" ]], "HOUR": [[ "13" ]], "MINUTE": [[ "56" ]], "SECOND": [[ "54.906" ]], "level": [[ "INFO" ]], "threadName": [[ "restartedMain" ]], "class": [[ "c.e.configmgmt.demo.DemoApplication" ]], "message": [[ "Started DemoApplication in 3.833 seconds (JVM running for 4.303)" ]] }
- 20. @nicolas_frankel We don’t actually need Logstash if we produce JSON directly! Why?!
- 21. @nicolas_frankel { "date": "18-12-17", "time": "13:56:54.906", "level": "INFO", "thread": "restartedMain", "class": "c.e.configmgmt.demo.DemoApplication", "message": "Started DemoApplication in 3.833 seconds (JVM running for 4.303)" }
- 22. @nicolas_frankel
- 23. @nicolas_frankel • Events vs. log files • Configuration hot reload Food for thoughts
- 24. @nicolas_frankel Logs are not only technical
- 25. @nicolas_frankel • syslog-ng • Kafka • etc. Logging options
- 26. @nicolas_frankel
- 27. @nicolas_frankel 1. Pass computations instead of results to log statements 2. Consider the physical file system to log to 3. Go asynchronous if speed counts more than reliability 4. Don’t use expensive meta-data • Consider hot reloading configuration just in case 5. Schema on write is slower, but the alternative is worse 6. Send JSON directly Summary
- 28. @nicolas_frankel It’s everyone’s responsibility to have fast logs: • Developers • Ops • Architects Takeaway
- 29. @nicolas_frankel It’s a matter of trade-offs: • Speed • Reliability • Custom context Takeaway #2
- 30. @nicolas_frankel • https://blog.frankel.ch/ • @nicolas_frankel Thanks!
