let's reconsider about collecting logs. plus, visiting elastic@moutain view!

Let’s reconsider about collecting logs.Plus, visiting elastic@Mountain View!

Shin Tanimoto Acroquest Technology Co., LTD.

Copyright © Acroquest Technology Co., Ltd. All rights reserved.

Who am I?

2

• 谷本 心 (Shin Tanimoto)

- Acroquest Technology Co., LTD.(Sales partner of elastic)

- Java Troubleshooter- Board member of JJUG

(Japan Java User Group)- Twitter : @cero_t- Facebook : shin.tainmoto

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

Quiz🙋

3

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

What is the originof the word “log”?

4

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.5

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ancient Greece people record the “date” using

branches of the tree.

6

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

2. In medieval Europe, people measured “speed” of ship with log (round wood).

7

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

3. In the early 20th century United States, engineers used a

logarithm table for “usage history” of computers.

8

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ancient Greece people’s “date” record.

2. Medieval Europe sailors’ “speed” record.

3. American engineers’ “usage” record.

9

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1.

2. Medieval Europe sailors’ “speed” record.

3.

10

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

Common sense:Log is important

11

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

True common sense:Watching log is painful!

12

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

Then log should bewatched and processedby machine (ordinary)

13

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.14

#1 Ordinal Log Processing

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

ELK stack

15

send logs

search

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Access counts (upper) / response time (lower)

16

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Access counts (upper) / response time (lower)

17

10/sec

100/sec

30sec

20sec

10sec

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Huge performance issue

18

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Huge performance issue

19

3000sec

2000sec

1000sec

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Slow query log of MySQL

20

same shape!

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Slow query log of MySQL

21

2000sec

1000sec

same shape! same scale!

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

But where do these shapes come?

22

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

23

But where do these shapes come?1. Lock tables?2. Up to maximum size of connection pool?3. CPU bottle neck?4. Disk I/O bottle neck?

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

24

Confirm the stored procedure in detail1. Found 100,000 times of insert into “temporary table” query

– (even in the search function … )– causing high CPU and Disk I/O usage

2. Optimized the stored procedure removing wasting process– Only a drop in the bucket 😩

3. Modify the create temporary table state in the stored procedure to create that temporary table “on memory”– with memory tunings ( tmp_table_size etc. )– resulted in …

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Performance issue was resolved!

25

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Performance issue was resolved!

26

500sec

100sec

Never mind, some heavy batch

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

Disk I/O improved!!!

27

Disk I/O on MySQL server

before ← →after

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

1. Ordinal Log Processing

I/O wait had gone!

28

before ← →after

CPU usage on MySQL server

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.29

#2 Reconsider Log

Processing

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.30

Watching logs to detect errors is a responsibility of

developers, isn’t it?

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.31

Watching logs is important but painful

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.32

Let’s think about painless log

processing system

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

Logs can be used in various waysVisualizing - as chartWatching - and notifying by e-mailViewing - by human’s eyesKeeping - backup just in case

33

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

Logs can be used in various purposeVisualizing - To find “unknown” issuesWatching - To find “known” issuesViewing - To find the cause of issuesKeeping - To use as necessary

34

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

Logs retention period are also variousVisualizing - last 2 or 4 weeksWatching - last 24 hoursViewing - last 2 or 4 weeksKeeping - entire period

35

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

Tools for processing logs are differentVisualizing - ElasticsearchWatching - Zabbix or some custom batchViewing - Text editorKeeping - File server

36

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.37

Log is not necessarily files.

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.38

Log can be regarded as events.

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.39

Log streaming hub

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

Log Streaming Hub

40

Application

AgentStreaming

Hub

Viewer

Watcher

Visualizer

Storage

Application

Agent

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

Ordinal case

41

Application

fluentd

Text Editor

Zabbix

Elasticsearch+ Kibana

NAS

Application

fluentd

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

Using fluentd

42

Application

fluentd fluentdZabbix

Elasticsearch+ Kibana

Application

fluentd

Text Editor

NAS

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Processing Logs

Using Redis?

43

Application

Logstash RedisZabbix

Elasticsearch+ Kibana

Application

Logstash

Text Editor

NAS

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Reconsider Log Processing

An example on AWS

44

Application

Kinesis Agent

Kinesis Cloudwatch Logs

Elasticsearch+ Kibana

Application

Kinesis Agent

S3

Lambda

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Processing Logs

An example on AWS

45

Application

awslogsCloudwatch

Logs

Elasticsearch+ Kibana

Application

awslogsS3

Lambda

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Processing Logs

An example on AWS

46

Application

logstash S3

Elasticsearch+ Kibana

Application

logstash

Cloudwatch Logs

Lambda

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#2 Processing Logs

Anyway…

47

Application

AgentStreaming

Hub

Viewer

Watcher

Visualizer

Storage

Application

Agent

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.48

すんなり入る話ですよね？

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.49

By the way

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.50

I had visited elastic@Mountain View!!

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.51

写真はブログでhttp://acro-engineer.hatenablog.com/

entry/2015/11/08/150942

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.52

elastic stack .Next

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#3 elastic stack .Next

ElasticsearchTask management APIReindex API

https://www.elastic.co/elasticon/2015/sf/whats-next-for-elasticsearch-2x-and-beyond

LogstashClusteringPersistent

https://www.elastic.co/guide/en/logstash-roadmap/current/index.html

53

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#3 elastic stack .Next

KibanaCustom Apps / plugins

https://www.elastic.co/elasticon/2015/sf/whats-cookin-in-kibana-4

BeatsPacketbeatFilebeatTopbeat

https://www.elastic.co/products/beats

54

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#3 elastic stack .Next

Commercial pluginCross-stack monitoring / managementCross-stack securityPDF reportingOrchestration / Automation

55

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.56

Using elastic stack .Next

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.

#3 elastic stack .Next

Using next ELK stack + AWS

57

Application

Filebeat Topbeat

Logstash

Elasticsearch+ Kibana

Application

Filebeat Topbeat

S3

Cloudwatch Logs

Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.58

Beatsシリーズ調べなくちゃって気に

なりました

Copyright © Acroquest Technology Co., Ltd. All rights reserved.59

Enjoy processing logs using ELK!