Logstash! You know, for logs? Poorly Presented By: Zach Dunn. Some Sort of
Engineer at. OPower. @SillySophist. Page 2. Alternate Titles. ○ How I learned to
...
Logstash! You know, for logs? Poorly Presented By: Zach Dunn Some Sort of Engineer at OPower @SillySophist
Alternate Titles ● How I learned to stop worrying and love logs ● Logs: Not Just for panicked debugging anymore! ● The surprising things that happens if you read what you write. ● OMG LOGS!
Logs, who needs them?
YOU!
OK Smartass, WHY should I care? AWESOME QUESTION! Logs tell us things. Maybe things we didn't know, maybe things about the past, maybe even things that we have (or should have) built assumptions around. But up until now we haven't done this very well
Case in Point: Timestamps TIME IS HARD No one agrees on how to timestamp anything*. Everyone does it there own way. Which means just grepping between two different log providers can be a serious PITA. Think firewall vs load balancer vs webserver vs app vs db *Yes, even though we have ISO8601.
Enter Logstash
Ship logs from any source, parse them, get the right timestamp, index them, and search them*.
* Blantantly stolen from logstash.net
Basic Layout
The Three Fold Path 1. Input 2. Filter 3. Output
Inputs Where you get your logs from. Examples include: File, amqp,heroku, log4j, redis, syslog, twitter
Filters Combine, mutate, insert, delete, just generally muck with your logs. Examples: alter, multiline, mutate, urldecode, cvs, json, kv, xml
Outputs Where do you want your stuff to go? Examples: amqp, circonus, elasticsearch, email, file, ganglia, graphite, librato, mongodb, null*, redis, statsd, pagerduty, websocket, zeromq
* different than mongodb, oh!
DEMO
LETS GET PHYSICAL
