• Like
Fluentd meetup #2
Upcoming SlideShare
Loading in...5
×
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post
No Downloads

Views

Total Views
8,829
On Slideshare
0
From Embeds
0
Number of Embeds
9

Actions

Shares
Downloads
90
Comments
1
Likes
51

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Log everyting in JSON. Treasuare Data, Inc. Sadayuki Furuhashi
  • 2. Self-introduction> Sadayuki Furuhashi twitter: @frsyuki> Original author of Fluentd> Treasure Data, Inc. Software Architect; Founder> open-source MessagePack - efficient serialization format
  • 3. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 4. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 5. 0. Why logging? > Error notifications > Performance monitoring > User segment analysis > Funnel analysis > Heatmap analysis > Market prediction etc...
  • 6. 0. Why logging? - Error notifications Error!
  • 7. 0. Why logging? - Performance monitor
  • 8. 0. Why logging? - User segment analysis
  • 9. 0. Why logging? - Funnel analysis -28%! -27%!
  • 10. 0. Why logging? - Heatmap analysis
  • 11. 0. Why logging? - Market prediction
  • 12. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 13. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 14. Alerting Nagios Analysis MongoDB MySQL Hadooplog utilization Archiving Amazon S3
  • 15. Access logs Alerting Apache NagiosApp logs Analysis Frontend log sources MongoDB Backend MySQLSystem logs Hadoop syslogd log utilization ArchivingDatabases Amazon S3
  • 16. Access logs Alerting Apache NagiosApp logs Analysis Frontend MongoDB Backend MySQLSystem logs Hadoop syslogd ArchivingDatabases Amazon S3
  • 17. Access logs rsync servers Alerting Apache NagiosApp logs Analysis Frontend MongoDB Backend MySQL bash scriptsSystem logs Hadoop syslogd ArchivingDatabases Amazon S3 perl scripts
  • 18. Problems...No unified method to collect logs> Too many bash/perl scripts Fragile for changes Less reliable> Mixed log formats Old-fashioned “Human-readable” text logs Not ready to analyze> High latency must wait a day for log rotation
  • 19. Access logs Alerting Apache NagiosApp logs Analysis Frontend MongoDB Backend MySQLSystem logs Hadoop syslogd ArchivingDatabases Amazon S3
  • 20. Access logs Alerting Apache NagiosApp logs Analysis Frontend MongoDB Backend MySQLSystem logs Hadoop syslogd Archiving filter / buffer / routingDatabases Amazon S3
  • 21. Input Plugins Output Plugins Buffer Plugins Filter Plugins
  • 22. Input Plugins Output Plugins 2012-02-04 01:33:51 JSON format myapp.buylog { “user”: ”me”, “path”: “/buyItem”, “price”: 150, “referer”: “/landing” }
  • 23. Input Plugins Output Plugins time tag 2012-02-04 01:33:51 JSON format myapp.buylog { “user”: ”me”, “path”: “/buyItem”, “price”: 150, “referer”: “/landing” } record
  • 24. Why Fluentd?> Extensibility - Plugin architecture collect logs from various systems forward logs to various systems> Unified log format - JSON format modern “Machine-readable” log format immediately ready to analyze> Reliable - HA configuration> Easy to install - RPM/deb packages deploy instantly to everywhere
  • 25. Comparision with other log collectors:> Scribe Less extensible No unified log format No longer developped?> Flume Less simple No unified log format Little information about Flume-NG
  • 26. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 27. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 28. NHN Japan COOKPAD NAVERCrocoshttp://www.quora.com/Who-uses-Fluentd-in-production
  • 29. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 30. 0. Why logging?1. Why Fluentd? - Design of Fluentd > Extensibility > Unified log format > Simplicity2. Who uses Fluentd?3. Future of Fluentd
  • 31. Future of Fluentd> <filter>> <match> in <source>> <label>> MessagePack for Ruby v5> td-agent-lite> Pub/Sub & Monitoring API> New process model & Live restart> Backward compatibility
  • 32. <source> <match **> type tail type forward path /var/log/httpd.log host log.server format apache </match> tag not_filtered.apache</source> Mysterious tag<match not_filetered.**> type rewrite remove_prefix not_filtered tag operations <rule> key status pattern ^500$ ignore true </rule></match> Before
  • 33. <source> <match **> type tail type forward path /var/log/httpd.log host log.server format apache </match> tag apache</source><filter **> Filter plugins! type rewrite <rule> key status pattern ^500$ ignore true </rule></match> After (v11)
  • 34. <source> <match **> type tail type forward path /var/log/httpd.log host log.server format apache </match> tag apache <filter **> type rewrite <rule> key status pattern ^500$ <filter>/<match> in ignore true <source> </rule> </match></source> After (v11)
  • 35. <source> <match **> type tail type forward path /var/log/httpd.log host log.server tag apache </match></source> I want to add flowcounter here... Before
  • 36. <source> <store> type tail type forward path /var/log/httpd.log host log.server tag apache </store></source> </match><match flow.traffic> type forward host traffic.server</match> Nested!<match **> type copy <store> type flowcounter tag flow.traffic </store> Before
  • 37. <source> <match **> type tail type forward path /var/log/httpd.log host log.server tag apache </match></source><filter **> type copy <match> type flowcounter tag flow.traffic <match> type forward host traffic.server </match> </match> Filtering pipeline</match> After (v11)
  • 38. <source> # copy & label & forward type forward <filter **></source> type copy <match><filter **> type forward type copy label alert <match> host alerting.server type file </match> path /mnt/local_archive </filter> </match></filter> # copy & label & forward <filter **><label alert> type copy <match **> <match> ... type forward </match> label analysis</label> host analysis.server </match><label analysis> </filter> ...</label> After (v11)
  • 39. MessagePack for Ruby v5(tweets/sec)40000300002000010000 0 Serialize Deserialize msgpack v5 msgpack v4 yajl json
  • 40. td-agent-lite> in_tail + out_forward in “single” binary statically linked ruby binary + scripts tied with the binary
  • 41. New process model & Live restartOld multiprocess model detached process fork() Supervisor Engine detached all data pass through process the central process
  • 42. New process model & Live restartNew multiprocess model detached process Process Supervisor Engine Manager detached process direct communication
  • 43. New process model & Live restartNew multiprocess model detached process Process Supervisor Engine Manager detached Live restart process Process Engine Manager
  • 44. Backward compatibilityFluentd v11 includes 2 namespaces: > Fluentd:: new code base > Fluent:: old code base + wrapper classesCheckout the repository for details: > http://github.com/frsyuki/fluentd-v11
  • 45. ConculutionFluentd makes logging better > Plugin architecture > JSON format > HA configuration > RPM/deb packageFluentd is under active developmentFluentd is suppored by many committers
  • 46. contact: sales@treasure-data.com
  • 47. ログ収集/解析に使っているツール
  • 48. ログの保存先
  • 49. Fluentdを導入するにあたっての障壁